| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Taskmanager schließt bei Drücken von "mehr Details"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2013, 12:05
| #1 |
 |  Taskmanager schließt bei Drücken von "mehr Details" Hallo Leutles, habe mich auf eurem Board wirklich totgelesen, super Tipps  , aber irgendwie hat es mir nicht weitergeholfen, wahrscheinlich liegts an meinen 0815-PC-Kentnissen.Hier mein Problem (gab es ja schon mehrfach): Taskmanager beendet sich automatisch wenn ich auf "mehr Details" klicke, nach ca. 3-4 Sekunden. Habe Malwarebytes Anti-Malware drüber laufen lassen, hatte aber nichts gefunden. Kaspersky hat auch nichts gefunden. Habe scannow ausgeführt, der hat was repariert, werde ich beim nächsten Start merken. Habe HiJakThis starten lassen und hier mein Logfile, hoffe ich habe es nach der Anleitung richtig bearbeitet.... Ich benutze Windows 8 Pro, bin kein P2P-User, habe eigentlich nur Originalsoftware auf dem Rechner und einiges an Freeware. Habe die gleichen Teile auch auf meinen Tablet, aber da geht alles. Ich hoffe, ich habt ein Tipp für mich  Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:21:40, on 01.02.2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16453) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\SpeedProject\SpeedCommander 13\SpeedCommander.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://lenovo13.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [MEDION NAS TOOL] C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe O4 - HKCU\..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe O4 - HKCU\..\Run: [] \ O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12454 bytes |
|
01.02.2013, 14:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Taskmanager schließt bei Drücken von "mehr Details"  Lesestoff:Bitte keine Hijackthis-Logfiles posten!!! Zitat:
__________________ |
|
01.02.2013, 16:41
| #3 |
| | Taskmanager schließt bei Drücken von "mehr Details" So, nun mal hoffentlich doch nach Anleitung
__________________ OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.02.2013 16:17:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\****\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,94 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 70,36% Memory free 11,94 Gb Paging File | 10,04 Gb Available in Paging File | 84,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1801,30 Gb Total Space | 1089,88 Gb Free Space | 60,50% Space Free | Partition Type: NTFS Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.01 16:14:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\****\Downloads\OTL.exe PRC - [2013.01.29 01:33:04 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.01.16 21:36:36 | 000,167,104 | ---- | M] (Fieldston Software) -- C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe PRC - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2012.12.01 12:59:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.08.16 13:37:56 | 000,277,504 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2012.08.16 13:37:50 | 000,007,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.07.19 18:00:54 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.19 18:00:52 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.19 18:00:29 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.07.10 08:54:12 | 001,822,208 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe ========== Modules (No Company Name) ========== MOD - [2013.02.01 16:11:39 | 001,169,408 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._core_.pyd MOD - [2013.02.01 16:11:39 | 001,024,616 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\windows._cacheinvalidation.pyd MOD - [2013.02.01 16:11:39 | 000,807,424 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._windows_.pyd MOD - [2013.02.01 16:11:39 | 000,792,576 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._gdi_.pyd MOD - [2013.02.01 16:11:39 | 000,731,136 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._misc_.pyd MOD - [2013.02.01 16:11:39 | 000,645,120 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_ssl.pyd MOD - [2013.02.01 16:11:39 | 000,571,392 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pysqlite2._sqlite.pyd MOD - [2013.02.01 16:11:39 | 000,354,304 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pythoncom26.dll MOD - [2013.02.01 16:11:39 | 000,311,808 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_hashlib.pyd MOD - [2013.02.01 16:11:39 | 000,263,168 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32com.shell.shell.pyd MOD - [2013.02.01 16:11:39 | 000,153,088 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pyexpat.pyd MOD - [2013.02.01 16:11:39 | 000,121,856 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._wizard.pyd MOD - [2013.02.01 16:11:39 | 000,111,104 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32file.pyd MOD - [2013.02.01 16:11:39 | 000,110,592 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32security.pyd MOD - [2013.02.01 16:11:39 | 000,110,592 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\pywintypes26.dll MOD - [2013.02.01 16:11:39 | 000,096,256 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32api.pyd MOD - [2013.02.01 16:11:39 | 000,086,016 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_elementtree.pyd MOD - [2013.02.01 16:11:39 | 000,073,728 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_ctypes.pyd MOD - [2013.02.01 16:11:39 | 000,070,656 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._html2.pyd MOD - [2013.02.01 16:11:39 | 000,040,448 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\_socket.pyd MOD - [2013.02.01 16:11:39 | 000,039,424 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32inet.pyd MOD - [2013.02.01 16:11:39 | 000,036,352 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32process.pyd MOD - [2013.02.01 16:11:39 | 000,023,040 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32ts.pyd MOD - [2013.02.01 16:11:39 | 000,022,528 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32pdh.pyd MOD - [2013.02.01 16:11:39 | 000,017,920 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32profile.pyd MOD - [2013.02.01 16:11:39 | 000,011,776 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32crypt.pyd MOD - [2013.02.01 16:11:38 | 001,056,256 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\wx._controls_.pyd MOD - [2013.02.01 16:11:38 | 000,585,728 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\unicodedata.pyd MOD - [2013.02.01 16:11:38 | 000,017,920 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\win32event.pyd MOD - [2013.02.01 16:11:38 | 000,011,776 | ---- | M] () -- C:\Users\****\AppData\Local\Temp\_MEI65122\select.pyd MOD - [2013.01.29 17:08:50 | 000,121,920 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll MOD - [2013.01.29 17:04:55 | 000,354,368 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\c2r32.dll MOD - [2013.01.29 17:04:54 | 000,312,912 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll MOD - [2013.01.16 21:36:34 | 001,940,992 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll MOD - [2012.11.22 00:33:58 | 000,837,632 | ---- | M] () -- C:\Program Files (x86)\Fieldston Software\gSyncit\System.Data.SQLite.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2012.07.10 08:54:12 | 001,822,208 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe MOD - [2012.01.09 03:25:56 | 000,806,912 | ---- | M] () -- C:\Program Files (x86)\MEDION\MEDION NAS TOOL\LIBEAY32.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.29 09:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService) SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.23 18:07:10 | 001,855,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.09.10 07:54:54 | 000,239,616 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\SysNative\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server) SRV:64bit: - [2012.07.26 04:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2013.01.19 17:14:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.12 20:13:18 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.03 16:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.02 08:09:41 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.12.01 12:59:27 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.09.10 07:54:54 | 000,239,616 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe -- (Samsung Network Fax Server) SRV - [2012.08.16 13:37:50 | 000,007,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.19 18:00:54 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.19 18:00:52 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.19 18:00:29 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.07.13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.05 16:06:57 | 000,048,472 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klwfp.sys -- (klwfp) DRV:64bit: - [2012.12.05 16:06:57 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.12.01 13:08:37 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.12.01 13:08:36 | 000,612,696 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64) DRV:64bit: - [2012.11.01 21:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.16 13:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.07 16:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RtlWlanu) DRV:64bit: - [2012.08.07 16:17:10 | 001,576,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTWlanU.sys -- (RTL8192cu) DRV:64bit: - [2012.08.02 15:09:32 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.07.30 17:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.27 18:38:24 | 000,029,616 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\klelam.sys -- (klelam) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.07.02 23:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.24 00:24:52 | 015,283,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.02.15 14:16:48 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\SSPORT.sys -- (SSPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**t://lenovo13.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**t://www.mystart.com/?pr=vmn&id=yolobartb&v=1_0&ent=hp IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} IE - HKCU\..\SearchScopes\{04FECF4B-1673-4021-80A5-5AAFF6BD005E}: "URL" = h**t://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = h**t://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = h**t://www2.mystart.com/results.php?pr=vmn&id=yolobartb&v=1_0&ent=ch&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "h**t://www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 18:47:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:14:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.13 07:37:44 | 000,000,000 | ---D | M] [2012.12.03 06:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.02.01 09:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions [2013.01.12 22:14:30 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\s8t324qt.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.29 07:33:10 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.01.18 00:26:03 | 000,256,017 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{9cfdd5db-2841-4970-acbc-b812ac1092e8}.xpi [2013.02.01 09:06:32 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\s8t324qt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.03 06:41:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 17:14:13 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.31 21:30:44 | 000,002,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mystarttb.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: h**t://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: h**t://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Drive = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_1\ CHR - Extension: Google-Suche = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Google Maps = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Amazon Deutsch = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mckgjahkffbhkbbginonfihaohmbdcie\1.0_0\ CHR - Extension: CleanWebApp (Adblock + Privacy) = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjkcflkplhgpebknipkekjggglimnone\0.1.3_0\ CHR - Extension: Google Mail = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Anti-Banner = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [] \ File not found O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [MEDION NAS TOOL] C:\Program Files (x86)\MEDION\MEDION NAS TOOL\MEDION NAS TOOL.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**t://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - h**t://rover.ebay.com/rover/1/707-154514-44482-15/4 File not found O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{032A9019-D334-4199-9B12-3BC8F6E32088}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281685EA-5281-425D-A206-752B81C1E90D}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - File not found O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell - "" = AutoRun O33 - MountPoints2\{3e53439b-3bbf-11e2-be92-d43d7e2e44d0}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2013.02.01 11:19:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013.01.31 07:20:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2013.01.31 07:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.30 06:38:53 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Benutzerdefinierte Office-Vorlagen [2013.01.29 17:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.01.29 17:00:15 | 000,000,000 | R--D | C] -- C:\Users\****\SkyDrive [2013.01.29 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive [2013.01.29 17:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive [2013.01.29 16:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.01.28 23:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.01.28 22:56:41 | 000,000,000 | ---D | C] -- C:\Users\****\Application Data [2013.01.28 22:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON [2013.01.28 22:56:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NAVIGON [2013.01.28 15:35:28 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Wondershare PDF Password Remover [2013.01.26 10:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.26 10:58:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.01.22 08:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013.01.22 08:29:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Paint.NET [2013.01.18 10:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.01.17 19:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems [2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems [2013.01.17 19:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems [2013.01.13 07:55:20 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\AdobeStockPhotos [2013.01.13 06:38:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photoshop CS2 [2013.01.12 23:46:14 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Updater [2013.01.12 23:43:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2013.01.12 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2013.01.12 23:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoshopCS2 [2013.01.12 22:12:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yolobartb [2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Newshosting [2013.01.12 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CrashRpt [2013.01.12 20:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2013.01.12 20:19:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Newshosting ========== Files - Modified Within 30 Days ========== [2013.02.01 16:17:19 | 000,001,253 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,001,074 | ---- | M] () -- C:\Users\****\Desktop\gmer_2.0.18454 - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,969 | ---- | M] () -- C:\Users\****\Desktop\OTL - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,677 | ---- | M] () -- C:\Users\****\Desktop\defogger_disable - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,637 | ---- | M] () -- C:\Users\****\Desktop\Defogger - Verknüpfung.lnk [2013.02.01 16:13:16 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2013.02.01 16:10:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.01 11:19:32 | 000,002,985 | ---- | M] () -- C:\Users\****\Desktop\HiJackThis.lnk [2013.02.01 11:07:49 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.01 11:07:48 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.01 11:07:22 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.01 11:04:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.02.01 11:04:00 | 810,344,447 | -HS- | M] () -- C:\hiberfil.sys [2013.02.01 09:17:46 | 000,018,066 | ---- | M] () -- C:\Users\****\Documents\cc_20130201_091741.reg [2013.01.29 15:37:36 | 001,748,838 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.29 15:37:36 | 000,752,930 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.29 15:37:36 | 000,711,084 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.29 15:37:36 | 000,156,156 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.29 15:37:36 | 000,132,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.18 09:57:08 | 000,103,008 | ---- | M] () -- C:\Users\****\Documents\cc_20130118_095701.reg [2013.01.15 21:13:01 | 005,041,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.02.01 16:17:19 | 000,001,253 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,001,074 | ---- | C] () -- C:\Users\****\Desktop\gmer_2.0.18454 - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,969 | ---- | C] () -- C:\Users\****\Desktop\OTL - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,677 | ---- | C] () -- C:\Users\****\Desktop\defogger_disable - Verknüpfung.lnk [2013.02.01 16:17:19 | 000,000,637 | ---- | C] () -- C:\Users\****\Desktop\Defogger - Verknüpfung.lnk [2013.02.01 16:13:16 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2013.02.01 11:19:32 | 000,002,985 | ---- | C] () -- C:\Users\****\Desktop\HiJackThis.lnk [2013.02.01 09:17:44 | 000,018,066 | ---- | C] () -- C:\Users\****\Documents\cc_20130201_091741.reg [2013.01.29 17:00:15 | 000,002,188 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk [2013.01.22 08:30:09 | 000,001,304 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.01.18 09:57:06 | 000,103,008 | ---- | C] () -- C:\Users\****\Documents\cc_20130118_095701.reg [2013.01.15 21:12:46 | 005,041,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 18:11:27 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013.01.13 18:11:27 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.12 23:43:52 | 000,002,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2012.12.20 11:49:14 | 000,001,982 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.15 16:42:54 | 001,554,336 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.12.07 12:57:41 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.06 12:55:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2012.12.03 06:56:22 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.09.10 11:57:43 | 012,317,888 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 21:22:56 | 000,733,840 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.25 21:22:56 | 000,492,340 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== ========== Purity Check ========== < End of report > EXTRASOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.02.2013 16:17:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\****\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,94 Gb Total Physical Memory | 4,18 Gb Available Physical Memory | 70,36% Memory free
11,94 Gb Paging File | 10,04 Gb Available in Paging File | 84,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1801,30 Gb Total Space | 1089,88 Gb Free Space | 60,50% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 44,46 Gb Free Space | 74,10% Space Free | Partition Type: NTFS
Drive E: | 261,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
h**t [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
h**ts [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office XP\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
h**t [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
h**ts [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee Pro 6.Manage] -- "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeeQVPro6.exe" "%1" (ACD Systems International Inc.)
Directory [Bilder-Planet Fotoservice] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Bilder-Planet\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02087CE3-4E42-4FD1-82A4-3EE436DD47DE}" = rport=2869 | protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{08A4D5F4-6C64-497E-BA1C-4C46646E38BF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BBC201B-5D5F-46DC-8027-53647FF4939A}" = rport=445 | protocol=6 | dir=out | app=system |
"{0D687A0F-BE87-4AE1-BE8D-55B649DEEB65}" = lport=139 | protocol=6 | dir=in | app=system |
"{1A8F3265-266F-4E48-A6FF-49FBD562EE48}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1AB2073E-B1A2-42BF-A39B-C9B2EAE017C9}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\dashost.exe |
"{1EE1DCC9-6032-4872-B315-CC4BD2A3D2C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21BE37CE-EAF4-4E16-8440-804AC7EA9AA5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2262521A-39A5-475A-AC42-C14756F14F95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{22B630F8-BC50-4E1F-9684-D7D8A8FEBF77}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{25B82CB3-1954-4CBC-AD04-6C85B5A3FFB8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{27011B1B-9D18-4FFC-A4B4-6EDE64797779}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2AB978A1-63F9-4EA6-B1BE-72A41B9253A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E8004F3-D9D4-4D7E-9F74-3FBA06E82336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E9D6F5C-B10A-4793-94EE-F4129E94D4FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{37DF2BB3-1ACA-4D96-B2A2-0F4081D12F8E}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C078360-D22A-4CF5-8FFB-35CA2E63F97C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C691BD1-3187-4E8E-BC72-3E6E034E5418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49A33F85-9D43-4611-AA16-05CD35B3A17A}" = rport=139 | protocol=6 | dir=out | app=system |
"{4A103A03-94BF-4073-8BCA-577B6E0F9B08}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5F7DF415-F44A-48B0-AB27-631F78F8AE68}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61839DCC-73DC-46BA-927C-79B89F9518ED}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65CC6FA4-3E53-4B33-AF6F-282F0F7371D7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{661DC6C6-EC01-4341-AD36-D8262CD0C3D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{747FC4B8-A75F-489C-8996-034ED2AA3963}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{943E9B02-5A65-4103-904E-2F3AF24DD8B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9FDD1B61-2DD3-4F34-84D3-D4EAE65A954D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA126DC7-DD58-49A2-81CC-073938F88B55}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7400448-871A-4CAA-A55F-77F9574510C9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA128828-9878-4B4E-9A86-2971449EB11D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF58A29C-9086-4AEE-A669-F33144527E7B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C23C793F-22ED-47D3-A1BC-A8DDEA43101B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1EE98A0-BEE3-45DF-B03C-4660FA782C1A}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3C5EB45-9E8E-4490-AEB2-2298FA346D78}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5BBAB3D-BFBB-4EA2-BA1E-21F5C606224A}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09039F4A-0CA1-434F-95EF-BC280F237B38}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{0AD460BC-E035-4957-8978-62C83863E025}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{0AF96C80-3540-443C-B6DD-CA2AD459F3B1}" = dir=out | name=amazon |
"{1449FE7C-8453-4AB3-AFE2-0EFE6AECBC7C}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{1506C6B9-47F4-4495-8851-1C57CF474D31}" = dir=in | name=ebay |
"{15BBE609-B0FD-46CC-9E90-805FD6167B97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2230F223-150B-4AB8-93A1-864F146C63F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{256AB823-EFFD-48A4-8AB9-8B91395D3688}" = dir=out | name=accuweather for windows 8 |
"{2A1CE9AB-D0AF-4EAF-AAE1-BF58EE9DC13C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{359ACD1D-5902-4267-8752-21096DCCC41C}" = dir=out | name=windows_ie_ac_001 |
"{35C4E44E-D9E6-4B1E-ACE4-2F936F6AA7F6}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe |
"{37255170-1469-4107-8308-0F5ACDE6D2EC}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{38D07375-E772-49AB-A1EF-E6BFB08EA910}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D6CEE1E-2272-462A-B7C2-BC1A2ECC7303}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{41991FCB-A232-4B06-8BA4-65FCCA8F2A75}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{41BA55FC-3842-4BAB-97C2-7374522F5D1A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{5448048C-D6D8-4C8F-B262-6E7107DEEA38}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{5498E73A-E8AB-4B79-9CF9-37A60BF840C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54BCEEDF-D674-4DF0-B742-ACBEB1F7F1E0}" = dir=out | name=cinetrailer |
"{576A212E-3A5A-45F6-8AF1-51E24E866F78}" = dir=in | name=meinestadt.de |
"{58AA3F12-24DD-47EE-8A96-18FE4B11FD2B}" = dir=out | name=ebay |
"{5A2846AF-D722-4808-A108-2B237BC2D153}" = dir=in | name=meinestadt.de |
"{6018F42B-D692-4EDF-B628-8B4E60ABE6C2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60BECB40-B432-4A4C-A43E-F67F9C129967}" = dir=out | name=windows_ie_ac_001 |
"{671EF1DA-B769-41C9-BB5E-AD3E7690DCCB}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{687F70E8-00A6-497F-8257-57715200A0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{68B3AB5D-44DE-443E-9814-D1ABA8521567}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69DB0B21-23BF-46DB-B6CA-9EBC93387DE5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6A80FB52-FAF9-49F4-9ED5-BD1F1EDC3CDF}" = dir=in | name=ebay |
"{6B53840B-DB2F-45B6-9731-8CEF2F0FE9EE}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy document creator\usdagent.exe |
"{6CE0BC13-69D1-416D-AC12-D3477736A2D8}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{783B9D25-DE36-4F35-BD97-9BE80DDE39C8}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{78FA9CB5-77D3-41AF-9F70-7BEAFD0A8320}" = dir=out | name=billiger.de |
"{7CC0032A-134C-4577-B41D-4FEF7E446227}" = dir=out | name=meinestadt.de |
"{7E69E84E-CDDF-4928-AEA6-1B18EA51FFDE}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80C7EDCC-4118-42BD-AEB8-E40DEFC54FA2}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{82D4E3BE-6A1A-4D2B-80F9-652281FD68C5}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{919BD155-D11B-4DC5-9B90-26A9DA3DEC97}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{92C3C5D2-EBFC-4D95-9E8B-FD9546DB04E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9C03F437-BE28-4AC9-B57F-CD0BAC59C8B3}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9F506187-1BC9-46D0-BB18-7397CB193724}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A22A74A2-DC11-4B4B-AF57-B3A20AEB4DD3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A2BDA04E-165F-4F6A-9AAE-673FDF4562D3}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{A569BA88-7C68-4F3A-BC58-2114B59B458E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A5CCD083-CD65-4851-812D-D7D371C9EA7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6FDCAA2-EDCB-42E5-AFC6-839A756708ED}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A708470A-EFD8-4E34-9A61-9031BE0898A3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A9A25E19-2611-486F-A265-73B9C261E030}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{ABF6CF8F-4F4F-402E-9090-96EE17D0D0A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC539E1C-B39B-4233-81E9-FF3EFCDD9770}" = dir=out | name=meinestadt.de |
"{B195DDB8-CF20-4FC9-8776-E48364BDE82F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{B85E93D3-083B-454A-B280-49525369B6C3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{B97176EE-7C23-44E3-85B0-B36C6E40D770}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BF0EE90B-F9E3-4444-853D-C6AAF410863E}" = dir=out | name=tunein radio |
"{BF584E1C-87F6-4CAB-AB30-93D8C4253B66}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe |
"{C4829335-AA2F-498D-9171-744420781D67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C6B1BFCD-F999-4B54-8EFC-A38722F22DB4}" = protocol=6 | dir=out | app=system |
"{C970AB73-F9A6-48CE-9A37-F8896E84004D}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{CCA69ED0-9C08-4D4D-82D7-41F0BBA70215}" = dir=out | name=bild tablet |
"{CCF15CC4-F80C-4F2E-9117-5C6DA5BBF4C8}" = dir=out | name=google search |
"{CF746311-38EA-447D-A8FD-30D0EC742DC6}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D5208706-0914-4D3B-A740-C3406E521C61}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{DA190246-9A4E-4AB1-85AE-908F040BCE5B}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{DBBE0C5B-BBFD-4649-88B2-2495ABB8F20B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E2CD4F90-5655-4B5F-9C6F-E28395AF1190}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E57152FB-74F4-49E3-BAE2-1FAB57BB3F75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6CD37E1-75DB-4DE0-A242-0F84C96DD9AA}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7DAB137-AB79-4174-B68B-BA154BDD0B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{E8849646-ACB6-4278-81D6-83F24A70212F}" = dir=out | name=ebay |
"{E9C97649-988F-46CB-96A0-16599C6F7C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFB3CD2-F842-4BED-8615-25DA89D6E39E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F573C6B5-F1EF-4857-9E30-47090A081C02}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F705D212-263F-498C-A409-12822FB891EA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F81CDE02-59AB-4CFA-9847-02D18189B922}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{FB374F96-E473-428D-9E6F-DD57DCE27AB4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5F4D2146-4926-4150-A193-D0A6C21EC96E}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=6 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe |
"UDP Query User{8E639A68-DCB6-4E8F-85D7-22107951C06A}C:\program files (x86)\medion\medion nas tool\medion nas tool.exe" = protocol=17 | dir=in | app=c:\program files (x86)\medion\medion nas tool\medion nas tool.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CAF674E0-808C-4CF4-8868-A755EBABA228}" = ACDSee Pro 6
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"HomeBusinessRetail - de-de" = Microsoft Office Home and Business 2013 - de-de
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0DBC021C-95D9-435A-A4B0-E6515AFD1A71}" = Nero Prerequisite Installer 2.0
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1719FAD6-2F6A-4F5E-BF2B-1F6F6F1E3806_PasswordRemover}_is1" = Wondershare PDF Password Remover (Build 1.3.0)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9167B2-87EB-4713-90B4-E46F2CAFE28D}" = Nero BurningROM 12
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41FEC76C-9F4C-4A9A-B872-C605A4E04BBF}" = Photo Common
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{52FE9150-B4B1-42BE-8F05-7D559757E450}" = Movie Maker
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75FCD3A9-D7F8-46AD-BC90-91A6364B9334}" = Galeria de Fotografias
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7CA39252-B140-4F7D-951E-AA7F18523CFF}" = WEKA Musterbetriebsanweisungen 6.4
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{81019508-84DC-476E-8C49-BD77A61217D9}" = Fotogalleri
"{8698AFE8-285C-44EA-A282-13DBD7039F1C}" = Photo Common
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}" = SNS Upload for Easy Document Creator
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA895310-E517-4401-86B6-7E4C7825C3E1}" = gSyncit
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF6478C8-7643-4E80-8077-3D51614A3DBA}" = Movie Maker
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Bilder-Planet Fotoservice" = Bilder-Planet Fotoservice
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.5.0 (Full)
"MAGIX_{258D56DE-24F2-479E-BED2-8103CB0B9D58}" = MAGIX Video deluxe 2013 Plus
"MEDION NAS TOOL" = MEDION NAS TOOL
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"QuickPar" = QuickPar 0.9
"Samsung CLX-3300 Series XPS (Windows 8)" = Samsung CLX-3300 Series XPS (Windows 8)
"Samsung Easy Deployment Manager" = Samsung Easy Deployment Manager
"Samsung Easy Document Creator" = Samsung Easy Document Creator
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung Network PC Fax" = Samsung Network PC Fax
"Samsung OCR Software" = Samsung OCR Software
"Samsung Scan Process Machine" = Samsung Scan Process Machine
"SetIP" = SetIP
"SpeedCommander 13" = SpeedCommander 13
"UltraISO_is1" = UltraISO V7.55 ME
"WEKA Musterbetriebsanweisungen 6.4" = WEKA Musterbetriebsanweisungen 6.4
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.01.2013 21:36:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:37:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:38:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
Error - 27.01.2013 21:39:00 | Computer Name = ****-PC | Source = ESENT | ID = 454
Description = svchost (1676) SRUJet: Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -509 auf.
[ System Events ]
Error - 27.12.2012 15:45:05 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\Rtlihvs.dll Fehlercode: 126
Error - 28.12.2012 22:27:03 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description =
Error - 28.12.2012 22:27:29 | Computer Name = ****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 03:14:18 unerwartet heruntergefahren.
Error - 28.12.2012 22:27:22 | Computer Name = ****-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 28.12.2012 22:27:32 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\Rtlihvs.dll Fehlercode: 126
Error - 28.12.2012 22:27:44 | Computer Name = ****-PC | Source = BugCheck | ID = 1001
Description =
Error - 29.12.2012 16:48:45 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-Boot | ID = 16
Description =
Error - 29.12.2012 16:49:02 | Computer Name = ****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?12.?2012 um 20:03:02 unerwartet heruntergefahren.
Error - 29.12.2012 16:49:03 | Computer Name = ****-PC | Source = BugCheck | ID = 1001
Description =
Error - 29.12.2012 16:49:05 | Computer Name = ****-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\Rtlihvs.dll Fehlercode: 126
< End of report >
|
|
01.02.2013, 16:44
| #4 |
| | Taskmanager schließt bei Drücken von "mehr Details" GMER GMER Logfile: Code:
ATTFilter GMER 2.0.18454 - h**t://www.gmer.net
Rootkit scan 2013-02-01 16:26:55
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000034 ST2000DM001-9YN164 rev.CC4G 1863,02GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\****\AppData\Local\Temp\pftorpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\System32\spoolsv.exe[1716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Windows\System32\spoolsv.exe[1716] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1896] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe[2064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe[2064] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text C:\Windows\System32\dwm.exe[584] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Windows\System32\dwm.exe[584] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6912] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[6652] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[4432] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4876] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\explorer.exe[4256] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Windows\explorer.exe[4256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Windows\explorer.exe[4256] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[6980] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[5000] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f832cb1532 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f832cb153a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f832cb165a 4 bytes [CB, 32, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f82da21b32 4 bytes [A2, 2D, F8, 07]
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[4880] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f82da21b3a 4 bytes [A2, 2D, F8, 07]
.text C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe[4584] C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesCommonX86\SYSTEM\MSMAPI\1031\MSMAPI32.DLL!MAPIUninitialize + 77 00000000734d1320 4 bytes [67, 41, 48, 8C]
.text C:\Windows\splwow64.exe[3968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f837f5177a 4 bytes [F5, 37, F8, 07]
.text C:\Windows\splwow64.exe[3968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f837f51782 4 bytes [F5, 37, F8, 07]
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\csrss.exe [4296:4408] fffff9600091d5e8
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:6660] 000007f834795990
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:3696] 000007f83506b364
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:4552] 000007f82c31ad20
Thread C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe [3492:6136] 000007f82c31ad20
---- Processes - GMER 2.0 ----
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [1564] 0000000016080000
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3876] 0000000016080000
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [3716] 0000000016080000
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [4584] 0000000068f30000
Library C:\Program (*** suspicious ***) @ C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [4584] 000000006d450000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
|
|
01.02.2013, 16:47
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.02.2013, 18:41
| #6 |
| | Taskmanager schließt bei Drücken von "mehr Details" ne, aber ich mache grad mal einen scan, aber des dauert ewig  hier quickscan: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.01.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16466 **** :: ****-PC [Administrator] Schutz: Deaktiviert 01.02.2013 18:42:27 mbam-log-2013-02-01 (18-42-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 255307 Laufzeit: 2 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Quadpac (01.02.2013 um 18:46 Uhr) |
|
01.02.2013, 18:53
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2013, 06:13
| #8 |
| | Taskmanager schließt bei Drücken von "mehr Details"Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 Malwarebytes : Free Anti-Malware download Database version: v2013.02.01.10 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16466 **** :: ****-PC [administrator] 01.02.2013 22:48:10 mbar-log-2013-02-01 (22-48-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 11084 Time elapsed: 17 minute(s), 49 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Geändert von cosinus (04.02.2013 um 13:50 Uhr) Grund: CODE-Tags |
|
02.02.2013, 15:54
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Bitte die folgenden Logs endlich in CODE-Tags posten!!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.02.2013, 15:33
| #10 |
| | Taskmanager schließt bei Drücken von "mehr Details" hallp, das geht aber fix hier Vielen Dank erst einmal für die viele Unterstützung... Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-03 11:59:23
-----------------------------
11:59:23.855 OS Version: Windows x64 6.2.9200
11:59:23.855 Number of processors: 4 586 0x3A09
11:59:23.855 ComputerName: ****-PC UserName:
11:59:23.855 Initialze error 1
12:00:15.309 AVAST engine defs: 13020201
12:00:17.325 Service scanning
12:00:17.841 Modules scanning
12:00:17.841 Disk 0 trace - called modules:
12:00:17.872
12:00:17.872 AVAST engine scan C:\Windows
12:00:17.872 AVAST engine scan C:\Windows\system32
12:00:17.887 AVAST engine scan C:\Windows\system32\drivers
12:00:17.887 AVAST engine scan C:\Users\Torsten
12:00:17.887 AVAST engine scan C:\ProgramData
12:00:17.887 Scan finished successfully
12:00:49.749 The log file has been saved successfully to "C:\Temp\aswMBR.txt"
Code:
ATTFilter 12:56:47.0627 6236 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:56:47.0627 6236 UEFI system
12:56:47.0893 6236 ============================================================
12:56:47.0893 6236 Current date / time: 2013/02/03 12:56:47.0893
12:56:47.0893 6236 SystemInfo:
12:56:47.0893 6236
12:56:47.0893 6236 OS Version: 6.2.9200 ServicePack: 0.0
12:56:47.0893 6236 Product type: Workstation
12:56:47.0893 6236 ComputerName: ****-PC
12:56:47.0893 6236 UserName: ****
12:56:47.0893 6236 Windows directory: C:\Windows
12:56:47.0893 6236 System windows directory: C:\Windows
12:56:47.0893 6236 Running under WOW64
12:56:47.0893 6236 Processor architecture: Intel x64
12:56:47.0893 6236 Number of processors: 4
12:56:47.0893 6236 Page size: 0x1000
12:56:47.0893 6236 Boot type: Normal boot
12:56:47.0893 6236 ============================================================
12:56:48.0471 6236 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:56:48.0502 6236 ============================================================
12:56:48.0502 6236 \Device\Harddisk0\DR0:
12:56:48.0502 6236 GPT partitions:
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6F0883CE-9C08-4DEE-A62D-4A2691890D5D}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {14E78501-700D-4592-B3E8-6F87F2060787}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x32000
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C6D49EEE-FD0F-43A8-8D8C-8DD587C07A71}, Name: Microsoft reserved partition, StartLBA 0x12C800, BlocksNum 0x40000
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {8D7F0CC6-879E-47F6-A767-0ED8FD3B0659}, UniqueGUID: {90A2DAA2-EA96-4B3A-B4CD-662844D88E56}, Name: Basic data partition, StartLBA 0x16C800, BlocksNum 0x200000
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A82706A9-BA23-4689-BC39-0F1139A329BC}, Name: Basic data partition, StartLBA 0x36C800, BlocksNum 0xE129B000
12:56:48.0502 6236 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FA7F2EB9-BBA7-4497-A693-4949EA2902CE}, Name: Basic data partition, StartLBA 0xE1607800, BlocksNum 0x7801000
12:56:48.0502 6236 MBR partitions:
12:56:48.0502 6236 ============================================================
12:56:48.0549 6236 C: <-> \Device\Harddisk0\DR0\Partition5
12:56:48.0580 6236 D: <-> \Device\Harddisk0\DR0\Partition6
12:56:48.0580 6236 ============================================================
12:56:48.0580 6236 Initialize success
12:56:48.0580 6236 ============================================================
12:57:03.0081 0076 ============================================================
12:57:03.0081 0076 Scan started
12:57:03.0081 0076 Mode: Manual; SigCheck; TDLFS;
12:57:03.0081 0076 ============================================================
12:57:03.0722 0076 ================ Scan system memory ========================
12:57:03.0722 0076 System memory - ok
12:57:03.0722 0076 ================ Scan services =============================
12:57:05.0363 0076 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
12:57:05.0441 0076 1394ohci - ok
12:57:05.0472 0076 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
12:57:05.0488 0076 3ware - ok
12:57:05.0503 0076 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:57:05.0519 0076 ACPI - ok
12:57:05.0535 0076 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
12:57:05.0550 0076 acpiex - ok
12:57:05.0550 0076 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
12:57:05.0581 0076 acpipagr - ok
12:57:05.0597 0076 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
12:57:05.0613 0076 AcpiPmi - ok
12:57:05.0628 0076 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
12:57:05.0644 0076 acpitime - ok
12:57:05.0675 0076 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:57:05.0691 0076 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
12:57:05.0691 0076 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
12:57:05.0738 0076 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:57:05.0738 0076 AdobeARMservice - ok
12:57:05.0800 0076 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:57:05.0816 0076 AdobeFlashPlayerUpdateSvc - ok
12:57:05.0847 0076 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:57:05.0863 0076 adp94xx - ok
12:57:05.0878 0076 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:57:05.0910 0076 adpahci - ok
12:57:05.0925 0076 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:57:05.0941 0076 adpu320 - ok
12:57:05.0957 0076 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:57:06.0003 0076 AeLookupSvc - ok
12:57:06.0019 0076 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
12:57:06.0050 0076 AFD - ok
12:57:06.0066 0076 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:57:06.0082 0076 agp440 - ok
12:57:06.0097 0076 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
12:57:06.0144 0076 ALG - ok
12:57:06.0175 0076 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
12:57:06.0191 0076 AllUserInstallAgent - ok
12:57:06.0207 0076 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
12:57:06.0238 0076 AmdK8 - ok
12:57:06.0253 0076 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
12:57:06.0269 0076 AmdPPM - ok
12:57:06.0269 0076 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:57:06.0285 0076 amdsata - ok
12:57:06.0300 0076 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:57:06.0300 0076 amdsbs - ok
12:57:06.0316 0076 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:57:06.0332 0076 amdxata - ok
12:57:06.0332 0076 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
12:57:06.0378 0076 AppID - ok
12:57:06.0394 0076 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:57:06.0410 0076 AppIDSvc - ok
12:57:06.0410 0076 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
12:57:06.0425 0076 Appinfo - ok
12:57:06.0441 0076 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
12:57:06.0457 0076 arc - ok
12:57:06.0457 0076 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:57:06.0472 0076 arcsas - ok
12:57:06.0488 0076 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:06.0503 0076 AsyncMac - ok
12:57:06.0519 0076 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
12:57:06.0519 0076 atapi - ok
12:57:06.0582 0076 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
12:57:06.0628 0076 AudioEndpointBuilder - ok
12:57:06.0644 0076 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:57:06.0675 0076 Audiosrv - ok
12:57:06.0707 0076 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
12:57:06.0738 0076 AVP - ok
12:57:06.0769 0076 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:57:06.0800 0076 AxInstSV - ok
12:57:06.0832 0076 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:57:06.0847 0076 b06bdrv - ok
12:57:06.0863 0076 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
12:57:06.0878 0076 BasicDisplay - ok
12:57:06.0894 0076 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
12:57:06.0910 0076 BasicRender - ok
12:57:06.0941 0076 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
12:57:06.0957 0076 BDESVC - ok
12:57:06.0972 0076 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
12:57:07.0004 0076 Beep - ok
12:57:07.0019 0076 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
12:57:07.0051 0076 BFE - ok
12:57:07.0082 0076 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
12:57:07.0129 0076 BITS - ok
12:57:07.0129 0076 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:57:07.0176 0076 bowser - ok
12:57:07.0207 0076 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
12:57:07.0222 0076 BrokerInfrastructure - ok
12:57:07.0238 0076 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
12:57:07.0269 0076 Browser - ok
12:57:07.0285 0076 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
12:57:07.0301 0076 BthAvrcpTg - ok
12:57:07.0316 0076 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
12:57:07.0379 0076 BthHFEnum - ok
12:57:07.0394 0076 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
12:57:07.0410 0076 bthhfhid - ok
12:57:07.0426 0076 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
12:57:07.0472 0076 BTHMODEM - ok
12:57:07.0504 0076 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
12:57:07.0519 0076 bthserv - ok
12:57:07.0535 0076 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:57:07.0551 0076 cdfs - ok
12:57:07.0566 0076 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
12:57:07.0597 0076 cdrom - ok
12:57:07.0629 0076 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
12:57:07.0660 0076 CertPropSvc - ok
12:57:07.0676 0076 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
12:57:07.0707 0076 circlass - ok
12:57:07.0754 0076 [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
12:57:07.0769 0076 ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
12:57:07.0769 0076 ClassicShellService - detected UnsignedFile.Multi.Generic (1)
12:57:07.0785 0076 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
12:57:07.0816 0076 CLFS - ok
12:57:07.0816 0076 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
12:57:07.0847 0076 CmBatt - ok
12:57:07.0879 0076 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
12:57:07.0894 0076 CNG - ok
12:57:07.0910 0076 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
12:57:07.0941 0076 CompositeBus - ok
12:57:07.0941 0076 COMSysApp - ok
12:57:07.0941 0076 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
12:57:07.0972 0076 condrv - ok
12:57:07.0988 0076 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:57:08.0004 0076 CryptSvc - ok
12:57:08.0019 0076 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
12:57:08.0035 0076 dam - ok
12:57:08.0051 0076 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\System32\drivers\dc3d.sys
12:57:08.0066 0076 dc3d - ok
12:57:08.0097 0076 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
12:57:08.0144 0076 DcomLaunch - ok
12:57:08.0191 0076 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:57:08.0347 0076 defragsvc - ok
12:57:08.0363 0076 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
12:57:08.0379 0076 DeviceAssociationService - ok
12:57:08.0394 0076 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
12:57:08.0410 0076 DeviceInstall - ok
12:57:08.0457 0076 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
12:57:08.0472 0076 Dfsc - ok
12:57:08.0488 0076 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:57:08.0535 0076 Dhcp - ok
12:57:08.0551 0076 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
12:57:08.0566 0076 discache - ok
12:57:08.0582 0076 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
12:57:08.0597 0076 disk - ok
12:57:08.0613 0076 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
12:57:08.0644 0076 dmvsc - ok
12:57:08.0660 0076 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:57:08.0691 0076 Dnscache - ok
12:57:08.0707 0076 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
12:57:08.0738 0076 dot3svc - ok
12:57:08.0738 0076 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
12:57:08.0769 0076 DPS - ok
12:57:08.0785 0076 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:57:08.0816 0076 drmkaud - ok
12:57:08.0832 0076 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
12:57:08.0863 0076 DsmSvc - ok
12:57:08.0910 0076 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:57:08.0941 0076 DXGKrnl - ok
12:57:08.0957 0076 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
12:57:08.0988 0076 Eaphost - ok
12:57:09.0019 0076 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:57:09.0098 0076 ebdrv - ok
12:57:09.0144 0076 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
12:57:09.0176 0076 EFS - ok
12:57:09.0191 0076 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
12:57:09.0191 0076 EhStorClass - ok
12:57:09.0223 0076 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
12:57:09.0238 0076 EhStorTcgDrv - ok
12:57:09.0238 0076 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
12:57:09.0254 0076 ErrDev - ok
12:57:09.0269 0076 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
12:57:09.0316 0076 EventSystem - ok
12:57:09.0316 0076 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
12:57:09.0332 0076 exfat - ok
12:57:09.0348 0076 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:57:09.0363 0076 fastfat - ok
12:57:09.0379 0076 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
12:57:09.0426 0076 Fax - ok
12:57:09.0426 0076 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
12:57:09.0441 0076 fdc - ok
12:57:09.0473 0076 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
12:57:09.0519 0076 fdPHost - ok
12:57:09.0566 0076 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
12:57:09.0582 0076 FDResPub - ok
12:57:09.0613 0076 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
12:57:09.0629 0076 fhsvc - ok
12:57:09.0644 0076 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:57:09.0660 0076 FileInfo - ok
12:57:09.0676 0076 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:57:09.0707 0076 Filetrace - ok
12:57:09.0738 0076 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:57:09.0769 0076 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
12:57:09.0769 0076 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
12:57:09.0769 0076 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
12:57:09.0785 0076 flpydisk - ok
12:57:09.0801 0076 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:57:09.0816 0076 FltMgr - ok
12:57:09.0848 0076 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
12:57:09.0879 0076 FontCache - ok
12:57:09.0941 0076 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:57:09.0941 0076 FontCache3.0.0.0 - ok
12:57:09.0957 0076 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:57:09.0973 0076 FsDepends - ok
12:57:09.0973 0076 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:57:09.0988 0076 Fs_Rec - ok
12:57:10.0004 0076 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:57:10.0019 0076 fvevol - ok
12:57:10.0035 0076 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
12:57:10.0051 0076 FxPPM - ok
12:57:10.0082 0076 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:57:10.0082 0076 gagp30kx - ok
12:57:10.0098 0076 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
12:57:10.0129 0076 gencounter - ok
12:57:10.0144 0076 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
12:57:10.0176 0076 GPIOClx0101 - ok
12:57:10.0191 0076 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
12:57:10.0238 0076 gpsvc - ok
12:57:10.0254 0076 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:57:10.0269 0076 gupdate - ok
12:57:10.0269 0076 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:57:10.0285 0076 gupdatem - ok
12:57:10.0301 0076 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:57:10.0348 0076 HdAudAddService - ok
12:57:10.0363 0076 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
12:57:10.0379 0076 HDAudBus - ok
12:57:10.0394 0076 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
12:57:10.0426 0076 HidBatt - ok
12:57:10.0426 0076 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
12:57:10.0457 0076 HidBth - ok
12:57:10.0457 0076 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
12:57:10.0473 0076 hidi2c - ok
12:57:10.0488 0076 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
12:57:10.0535 0076 HidIr - ok
12:57:10.0535 0076 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
12:57:10.0551 0076 hidserv - ok
12:57:10.0566 0076 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
12:57:10.0582 0076 HidUsb - ok
12:57:10.0613 0076 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:57:10.0629 0076 hkmsvc - ok
12:57:10.0660 0076 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:57:10.0691 0076 HomeGroupListener - ok
12:57:10.0707 0076 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:57:10.0754 0076 HomeGroupProvider - ok
12:57:10.0754 0076 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:57:10.0769 0076 HpSAMD - ok
12:57:10.0801 0076 [ 29CB98187BB5711F7759540976D295FC ] H**P C:\Windows\system32\drivers\H**P.sys
12:57:10.0832 0076 H**P - ok
12:57:10.0848 0076 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:57:10.0863 0076 hwpolicy - ok
12:57:10.0863 0076 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
12:57:10.0879 0076 hyperkbd - ok
12:57:10.0894 0076 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
12:57:10.0910 0076 HyperVideo - ok
12:57:10.0957 0076 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
12:57:10.0988 0076 i8042prt - ok
12:57:11.0019 0076 [ 6C024B3AE192D72B216166802AF345DD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
12:57:11.0035 0076 iaStorA - ok
12:57:11.0066 0076 [ 7F7A03D03FA18A0DB2DAC37A8D620E7F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:57:11.0082 0076 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - warning
12:57:11.0082 0076 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic (1)
12:57:11.0113 0076 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:57:11.0129 0076 iaStorV - ok
12:57:11.0285 0076 [ E5272DDF2C9043411809171715B4633D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:57:11.0520 0076 igfx - ok
12:57:11.0535 0076 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:57:11.0535 0076 iirsp - ok
12:57:11.0566 0076 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
12:57:11.0613 0076 IKEEXT - ok
12:57:11.0676 0076 [ DC052337C24A87AA1ACC8FCE4F2D5C7F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:57:11.0754 0076 IntcAzAudAddService - ok
12:57:11.0801 0076 [ B353F1834FCD36D77BE3F74992C147D4 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
12:57:11.0816 0076 Intel(R) Capability Licensing Service Interface - ok
12:57:11.0848 0076 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
12:57:11.0848 0076 intelide - ok
12:57:11.0879 0076 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
12:57:11.0910 0076 intelppm - ok
12:57:11.0926 0076 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:11.0957 0076 IpFilterDriver - ok
12:57:11.0988 0076 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:57:12.0035 0076 iphlpsvc - ok
12:57:12.0051 0076 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
12:57:12.0082 0076 IPMIDRV - ok
12:57:12.0082 0076 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:57:12.0113 0076 IPNAT - ok
12:57:12.0129 0076 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:57:12.0160 0076 IRENUM - ok
12:57:12.0176 0076 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:57:12.0192 0076 isapnp - ok
12:57:12.0207 0076 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
12:57:12.0223 0076 iScsiPrt - ok
12:57:12.0223 0076 [ 5B7DE9D87B9D2713BDD6A53678DC2A49 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
12:57:12.0238 0076 jhi_service - ok
12:57:12.0238 0076 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
12:57:12.0254 0076 kbdclass - ok
12:57:12.0254 0076 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
12:57:12.0270 0076 kbdhid - ok
12:57:12.0270 0076 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
12:57:12.0301 0076 kdnic - ok
12:57:12.0317 0076 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
12:57:12.0332 0076 KeyIso - ok
12:57:12.0348 0076 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
12:57:12.0348 0076 kl1 - ok
12:57:12.0363 0076 [ F2EB9202FCCC81E0902D3C5A70037A44 ] klelam C:\Windows\system32\DRIVERS\klelam.sys
12:57:12.0363 0076 klelam - ok
12:57:12.0395 0076 [ 5D0104D068AA740A4CD75158652EA986 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:57:12.0395 0076 KLIF - ok
12:57:12.0442 0076 [ 1B5B924D27399F41DECD1CC6D706429F ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:57:12.0442 0076 KLIM6 - ok
12:57:12.0442 0076 [ A0B1AE842D7C7F2FDF530A7049CB988D ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
12:57:12.0457 0076 klkbdflt - ok
12:57:12.0457 0076 [ A8FFD74947077D8BD9A80936EC24514D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:57:12.0457 0076 klmouflt - ok
12:57:12.0473 0076 [ 07124B89A614CB25D993B81DE041E595 ] klwfp C:\Windows\system32\DRIVERS\klwfp.sys
12:57:12.0473 0076 klwfp - ok
12:57:12.0488 0076 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
12:57:12.0488 0076 kneps - ok
12:57:12.0520 0076 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:57:12.0520 0076 KSecDD - ok
12:57:12.0551 0076 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:57:12.0551 0076 KSecPkg - ok
12:57:12.0567 0076 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:57:12.0582 0076 ksthunk - ok
12:57:12.0613 0076 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:57:12.0629 0076 KtmRm - ok
12:57:12.0645 0076 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
12:57:12.0660 0076 LanmanServer - ok
12:57:12.0676 0076 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:57:12.0692 0076 LanmanWorkstation - ok
12:57:12.0707 0076 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:57:12.0723 0076 lltdio - ok
12:57:12.0738 0076 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:57:12.0754 0076 lltdsvc - ok
12:57:12.0770 0076 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:57:12.0785 0076 lmhosts - ok
12:57:12.0801 0076 [ E70FD0D2C95F559A17321D831875593D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:57:12.0817 0076 LMS - ok
12:57:12.0863 0076 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:57:12.0863 0076 LSI_SAS - ok
12:57:12.0863 0076 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:57:12.0879 0076 LSI_SAS2 - ok
12:57:12.0895 0076 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:57:12.0910 0076 LSI_SCSI - ok
12:57:12.0910 0076 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
12:57:12.0926 0076 LSI_SSS - ok
12:57:12.0942 0076 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\Windows\System32\lsm.dll
12:57:12.0957 0076 LSM - ok
12:57:12.0973 0076 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
12:57:12.0988 0076 luafv - ok
12:57:13.0051 0076 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:57:13.0067 0076 MBAMProtector - ok
12:57:13.0098 0076 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:57:13.0113 0076 MBAMScheduler - ok
12:57:13.0129 0076 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:57:13.0145 0076 MBAMService - ok
12:57:13.0160 0076 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
12:57:13.0176 0076 megasas - ok
12:57:13.0176 0076 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:57:13.0192 0076 MegaSR - ok
12:57:13.0207 0076 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
12:57:13.0207 0076 MEIx64 - ok
12:57:13.0223 0076 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
12:57:13.0254 0076 MMCSS - ok
12:57:13.0254 0076 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
12:57:13.0270 0076 Modem - ok
12:57:13.0285 0076 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:57:13.0317 0076 monitor - ok
12:57:13.0332 0076 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
12:57:13.0348 0076 mouclass - ok
12:57:13.0363 0076 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
12:57:13.0379 0076 mouhid - ok
12:57:13.0395 0076 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:57:13.0410 0076 mountmgr - ok
12:57:13.0442 0076 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:57:13.0457 0076 MozillaMaintenance - ok
12:57:13.0473 0076 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:57:13.0489 0076 mpsdrv - ok
12:57:13.0520 0076 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:57:13.0551 0076 MpsSvc - ok
12:57:13.0551 0076 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:57:13.0567 0076 MRxDAV - ok
12:57:13.0598 0076 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:57:13.0629 0076 mrxsmb - ok
12:57:13.0660 0076 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:57:13.0676 0076 mrxsmb10 - ok
12:57:13.0692 0076 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:57:13.0723 0076 mrxsmb20 - ok
12:57:13.0754 0076 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
12:57:13.0801 0076 MsBridge - ok
12:57:13.0817 0076 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
12:57:13.0817 0076 MSDTC - ok
12:57:13.0832 0076 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:57:13.0864 0076 Msfs - ok
12:57:13.0864 0076 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
12:57:13.0879 0076 msgpiowin32 - ok
12:57:13.0879 0076 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:57:13.0895 0076 mshidkmdf - ok
12:57:13.0910 0076 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
12:57:13.0942 0076 mshidumdf - ok
12:57:13.0942 0076 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:57:13.0957 0076 msisadrv - ok
12:57:13.0989 0076 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:57:14.0020 0076 MSiSCSI - ok
12:57:14.0035 0076 msiserver - ok
12:57:14.0035 0076 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:57:14.0067 0076 MSKSSRV - ok
12:57:14.0067 0076 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
12:57:14.0098 0076 MsLldp - ok
12:57:14.0114 0076 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:57:14.0129 0076 MSPCLOCK - ok
12:57:14.0129 0076 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:57:14.0145 0076 MSPQM - ok
12:57:14.0160 0076 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:57:14.0176 0076 MsRPC - ok
12:57:14.0192 0076 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
12:57:14.0207 0076 mssmbios - ok
12:57:14.0207 0076 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:57:14.0223 0076 MSTEE - ok
12:57:14.0223 0076 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
12:57:14.0254 0076 MTConfig - ok
12:57:14.0270 0076 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
12:57:14.0270 0076 Mup - ok
12:57:14.0286 0076 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
12:57:14.0301 0076 mvumis - ok
12:57:14.0332 0076 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
12:57:14.0364 0076 napagent - ok
12:57:14.0379 0076 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:57:14.0410 0076 NativeWifiP - ok
12:57:14.0457 0076 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
12:57:14.0457 0076 NAUpdate - ok
12:57:14.0489 0076 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
12:57:14.0504 0076 NcaSvc - ok
12:57:14.0535 0076 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
12:57:14.0567 0076 NcdAutoSetup - ok
12:57:14.0614 0076 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:57:14.0629 0076 NDIS - ok
12:57:14.0645 0076 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:57:14.0661 0076 NdisCap - ok
12:57:14.0676 0076 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
12:57:14.0692 0076 NdisImPlatform - ok
12:57:14.0707 0076 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:57:14.0739 0076 NdisTapi - ok
12:57:14.0754 0076 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:57:14.0786 0076 Ndisuio - ok
12:57:14.0786 0076 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:14.0801 0076 NdisWan - ok
12:57:14.0801 0076 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
12:57:14.0817 0076 NDISWANLEGACY - ok
12:57:14.0832 0076 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:57:14.0848 0076 NDProxy - ok
12:57:14.0864 0076 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
12:57:14.0879 0076 Ndu - ok
12:57:14.0895 0076 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:57:14.0911 0076 NetBIOS - ok
12:57:14.0926 0076 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:57:14.0957 0076 NetBT - ok
12:57:14.0973 0076 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
12:57:14.0973 0076 Netlogon - ok
12:57:14.0989 0076 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
12:57:15.0020 0076 Netman - ok
12:57:15.0020 0076 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\Windows\System32\netprofmsvc.dll
12:57:15.0052 0076 netprofm - ok
12:57:15.0099 0076 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:57:15.0114 0076 NetTcpPortSharing - ok
12:57:15.0130 0076 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:57:15.0130 0076 nfrd960 - ok
12:57:15.0192 0076 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:57:15.0224 0076 NlaSvc - ok
12:57:15.0224 0076 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:57:15.0239 0076 Npfs - ok
12:57:15.0255 0076 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
12:57:15.0271 0076 npsvctrig - ok
12:57:15.0302 0076 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
12:57:15.0317 0076 nsi - ok
12:57:15.0333 0076 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:57:15.0349 0076 nsiproxy - ok
12:57:15.0380 0076 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:57:15.0427 0076 Ntfs - ok
12:57:15.0427 0076 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
12:57:15.0442 0076 Null - ok
12:57:15.0458 0076 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
12:57:15.0474 0076 NVHDA - ok
12:57:15.0599 0076 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:57:15.0786 0076 nvlddmkm - ok
12:57:15.0802 0076 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:57:15.0818 0076 nvraid - ok
12:57:15.0818 0076 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:57:15.0818 0076 nvstor - ok
12:57:15.0849 0076 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
12:57:15.0864 0076 nvsvc - ok
12:57:15.0896 0076 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:57:15.0927 0076 nvUpdatusService - ok
12:57:15.0927 0076 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:57:15.0943 0076 nv_agp - ok
12:57:16.0036 0076 [ 4E5989A0033E9805BC626A3B660362F6 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
12:57:16.0083 0076 OfficeSvc - ok
12:57:16.0115 0076 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:57:16.0130 0076 ose - ok
12:57:16.0224 0076 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:57:16.0302 0076 osppsvc - ok
12:57:16.0318 0076 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:57:16.0349 0076 p2pimsvc - ok
12:57:16.0365 0076 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
12:57:16.0380 0076 p2psvc - ok
12:57:16.0380 0076 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
12:57:16.0412 0076 Parport - ok
12:57:16.0412 0076 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:57:16.0427 0076 partmgr - ok
12:57:16.0459 0076 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:57:16.0490 0076 PcaSvc - ok
12:57:16.0490 0076 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
12:57:16.0505 0076 pci - ok
12:57:16.0537 0076 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
12:57:16.0553 0076 pciide - ok
12:57:16.0568 0076 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:57:16.0584 0076 pcmcia - ok
12:57:16.0600 0076 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
12:57:16.0615 0076 pcw - ok
12:57:16.0631 0076 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
12:57:16.0631 0076 pdc - ok
12:57:16.0646 0076 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:57:16.0678 0076 PEAUTH - ok
12:57:16.0725 0076 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:57:16.0756 0076 PerfHost - ok
12:57:16.0803 0076 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
12:57:16.0850 0076 pla - ok
12:57:16.0865 0076 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:57:16.0881 0076 PlugPlay - ok
12:57:16.0881 0076 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:57:16.0896 0076 PNRPAutoReg - ok
12:57:16.0912 0076 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:57:16.0912 0076 PNRPsvc - ok
12:57:16.0928 0076 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\System32\drivers\point64.sys
12:57:16.0943 0076 Point64 - ok
12:57:16.0959 0076 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:57:16.0975 0076 PolicyAgent - ok
12:57:17.0006 0076 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
12:57:17.0006 0076 Power - ok
12:57:17.0022 0076 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:57:17.0053 0076 PptpMiniport - ok
12:57:17.0115 0076 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:57:17.0194 0076 PrintNotify - ok
12:57:17.0209 0076 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
12:57:17.0225 0076 Processor - ok
12:57:17.0240 0076 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
12:57:17.0256 0076 ProfSvc - ok
12:57:17.0272 0076 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:57:17.0287 0076 Psched - ok
12:57:17.0287 0076 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
12:57:17.0319 0076 QWAVE - ok
12:57:17.0334 0076 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:57:17.0365 0076 QWAVEdrv - ok
12:57:17.0381 0076 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:57:17.0397 0076 RasAcd - ok
12:57:17.0412 0076 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:57:17.0444 0076 RasAgileVpn - ok
12:57:17.0444 0076 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
12:57:17.0459 0076 RasAuto - ok
12:57:17.0475 0076 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:57:17.0490 0076 Rasl2tp - ok
12:57:17.0506 0076 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
12:57:17.0522 0076 RasMan - ok
12:57:17.0537 0076 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:57:17.0553 0076 RasPppoe - ok
12:57:17.0584 0076 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:57:17.0600 0076 RasSstp - ok
12:57:17.0615 0076 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:57:17.0631 0076 rdbss - ok
12:57:17.0647 0076 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
12:57:17.0678 0076 rdpbus - ok
12:57:17.0678 0076 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:57:17.0709 0076 RDPDR - ok
12:57:17.0740 0076 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:57:17.0756 0076 RdpVideoMiniport - ok
12:57:17.0772 0076 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:57:17.0803 0076 RDPWD - ok
12:57:17.0834 0076 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:57:17.0850 0076 rdyboost - ok
12:57:17.0865 0076 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:57:17.0881 0076 RemoteAccess - ok
12:57:17.0912 0076 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:57:17.0928 0076 RemoteRegistry - ok
12:57:17.0959 0076 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:57:17.0975 0076 RpcEptMapper - ok
12:57:17.0990 0076 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
12:57:18.0006 0076 RpcLocator - ok
12:57:18.0037 0076 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
12:57:18.0053 0076 RpcSs - ok
12:57:18.0084 0076 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:57:18.0084 0076 rspndr - ok
12:57:18.0115 0076 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
12:57:18.0115 0076 RTL8168 - ok
12:57:18.0147 0076 [ 3326E37583FBA1B00ECE8DAEBEFC291D ] RTL8192cu C:\Windows\system32\DRIVERS\rtwlanu.sys
12:57:18.0178 0076 RTL8192cu - ok
12:57:18.0209 0076 [ 3326E37583FBA1B00ECE8DAEBEFC291D ] RtlWlanu C:\Windows\system32\DRIVERS\rtwlanu.sys
12:57:18.0225 0076 RtlWlanu - ok
12:57:18.0287 0076 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
12:57:18.0287 0076 s3cap - ok
12:57:18.0303 0076 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
12:57:18.0319 0076 SamSs - ok
12:57:18.0334 0076 [ B30E88BDF6A336FAB852C977B8A1EA78 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
12:57:18.0350 0076 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - warning
12:57:18.0350 0076 Samsung Network Fax Server - detected UnsignedFile.Multi.Generic (1)
12:57:18.0365 0076 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:57:18.0381 0076 sbp2port - ok
12:57:18.0397 0076 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:57:18.0428 0076 SCardSvr - ok
12:57:18.0444 0076 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:57:18.0459 0076 scfilter - ok
12:57:18.0475 0076 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
12:57:18.0506 0076 Schedule - ok
12:57:18.0537 0076 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:57:18.0537 0076 SCPolicySvc - ok
12:57:18.0569 0076 [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus C:\Windows\System32\drivers\sdbus.sys
12:57:18.0569 0076 sdbus - ok
12:57:18.0600 0076 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:57:18.0631 0076 SDRSVC - ok
12:57:18.0678 0076 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
12:57:18.0678 0076 sdstor - ok
12:57:18.0694 0076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:57:18.0725 0076 secdrv - ok
12:57:18.0740 0076 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
12:57:18.0756 0076 seclogon - ok
12:57:18.0772 0076 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
12:57:18.0787 0076 SENS - ok
12:57:18.0803 0076 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:57:18.0819 0076 SensrSvc - ok
12:57:18.0834 0076 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
12:57:18.0850 0076 SerCx - ok
12:57:18.0865 0076 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
12:57:18.0881 0076 Serenum - ok
12:57:18.0912 0076 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
12:57:18.0928 0076 Serial - ok
12:57:18.0944 0076 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
12:57:18.0959 0076 sermouse - ok
12:57:18.0975 0076 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
12:57:19.0006 0076 SessionEnv - ok
12:57:19.0006 0076 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
12:57:19.0022 0076 sfloppy - ok
12:57:19.0053 0076 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:57:19.0069 0076 SharedAccess - ok
12:57:19.0100 0076 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:57:19.0178 0076 ShellHWDetection - ok
12:57:19.0194 0076 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:57:19.0209 0076 SiSRaid2 - ok
12:57:19.0225 0076 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:57:19.0240 0076 SiSRaid4 - ok
12:57:19.0256 0076 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:57:19.0287 0076 SNMPTRAP - ok
12:57:19.0303 0076 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
12:57:19.0319 0076 spaceport - ok
12:57:19.0334 0076 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
12:57:19.0350 0076 SpbCx - ok
12:57:19.0365 0076 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
12:57:19.0397 0076 Spooler - ok
12:57:19.0444 0076 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
12:57:19.0537 0076 sppsvc - ok
12:57:19.0553 0076 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:57:19.0569 0076 srv - ok
12:57:19.0584 0076 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:57:19.0631 0076 srv2 - ok
12:57:19.0662 0076 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:57:19.0678 0076 srvnet - ok
12:57:19.0694 0076 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:57:19.0725 0076 SSDPSRV - ok
12:57:19.0741 0076 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
12:57:19.0741 0076 SSPORT - ok
12:57:19.0756 0076 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:57:19.0787 0076 SstpSvc - ok
12:57:19.0850 0076 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:57:19.0866 0076 Stereo Service - ok
12:57:19.0881 0076 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:57:19.0897 0076 stexstor - ok
12:57:19.0912 0076 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
12:57:19.0944 0076 stisvc - ok
12:57:19.0944 0076 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
12:57:19.0959 0076 storahci - ok
12:57:19.0975 0076 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
12:57:19.0975 0076 storflt - ok
12:57:19.0991 0076 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
12:57:20.0022 0076 StorSvc - ok
12:57:20.0038 0076 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:57:20.0038 0076 storvsc - ok
12:57:20.0053 0076 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
12:57:20.0069 0076 svsvc - ok
12:57:20.0069 0076 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
12:57:20.0069 0076 swenum - ok
12:57:20.0085 0076 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
12:57:20.0116 0076 swprv - ok
12:57:20.0147 0076 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
12:57:20.0178 0076 SysMain - ok
12:57:20.0194 0076 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
12:57:20.0225 0076 SystemEventsBroker - ok
12:57:20.0225 0076 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
12:57:20.0256 0076 TabletInputService - ok
12:57:20.0272 0076 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
12:57:20.0288 0076 TapiSrv - ok
12:57:20.0335 0076 [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:57:20.0381 0076 Tcpip - ok
12:57:20.0428 0076 [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:57:20.0475 0076 TCPIP6 - ok
12:57:20.0491 0076 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:57:20.0506 0076 tcpipreg - ok
12:57:20.0522 0076 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:57:20.0538 0076 tdx - ok
12:57:20.0538 0076 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
12:57:20.0553 0076 terminpt - ok
12:57:20.0569 0076 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
12:57:20.0600 0076 TermService - ok
12:57:20.0600 0076 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
12:57:20.0616 0076 Themes - ok
12:57:20.0631 0076 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
12:57:20.0631 0076 THREADORDER - ok
12:57:20.0647 0076 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
12:57:20.0663 0076 TimeBroker - ok
12:57:20.0678 0076 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
12:57:20.0678 0076 TPM - ok
12:57:20.0694 0076 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
12:57:20.0710 0076 TrkWks - ok
12:57:20.0741 0076 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:57:20.0772 0076 TrustedInstaller - ok
12:57:20.0788 0076 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:57:20.0803 0076 TsUsbFlt - ok
12:57:20.0819 0076 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
12:57:20.0850 0076 TsUsbGD - ok
12:57:20.0850 0076 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:57:20.0882 0076 tunnel - ok
12:57:20.0913 0076 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:57:20.0913 0076 uagp35 - ok
12:57:20.0928 0076 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
12:57:20.0928 0076 UASPStor - ok
12:57:20.0960 0076 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
12:57:20.0975 0076 UCX01000 - ok
12:57:20.0991 0076 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:57:21.0038 0076 udfs - ok
12:57:21.0053 0076 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:57:21.0085 0076 UI0Detect - ok
12:57:21.0085 0076 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:57:21.0100 0076 uliagpkx - ok
12:57:21.0116 0076 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
12:57:21.0132 0076 umbus - ok
12:57:21.0132 0076 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
12:57:21.0147 0076 UmPass - ok
12:57:21.0163 0076 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
12:57:21.0178 0076 UmRdpService - ok
12:57:21.0225 0076 [ C485FB802F6C4A306B8F89BA087E5CA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:57:21.0241 0076 UNS - ok
12:57:21.0257 0076 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
12:57:21.0272 0076 upnphost - ok
12:57:21.0288 0076 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
12:57:21.0304 0076 usbccgp - ok
12:57:21.0319 0076 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
12:57:21.0335 0076 usbcir - ok
12:57:21.0350 0076 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
12:57:21.0366 0076 usbehci - ok
12:57:21.0366 0076 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
12:57:21.0382 0076 usbhub - ok
12:57:21.0397 0076 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
12:57:21.0413 0076 USBHUB3 - ok
12:57:21.0429 0076 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
12:57:21.0429 0076 usbohci - ok
12:57:21.0444 0076 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
12:57:21.0475 0076 usbprint - ok
12:57:21.0491 0076 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:57:21.0507 0076 usbscan - ok
12:57:21.0522 0076 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
12:57:21.0538 0076 USBSTOR - ok
12:57:21.0538 0076 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
12:57:21.0554 0076 usbuhci - ok
12:57:21.0569 0076 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
12:57:21.0585 0076 USBXHCI - ok
12:57:21.0585 0076 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
12:57:21.0600 0076 VaultSvc - ok
12:57:21.0600 0076 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:57:21.0616 0076 vdrvroot - ok
12:57:21.0632 0076 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
12:57:21.0663 0076 vds - ok
12:57:21.0679 0076 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
12:57:21.0679 0076 VerifierExt - ok
12:57:21.0694 0076 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
12:57:21.0710 0076 vhdmp - ok
12:57:21.0725 0076 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
12:57:21.0725 0076 viaide - ok
12:57:21.0757 0076 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:57:21.0772 0076 vmbus - ok
12:57:21.0788 0076 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
12:57:21.0804 0076 VMBusHID - ok
12:57:21.0819 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
12:57:21.0850 0076 vmicheartbeat - ok
12:57:21.0850 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
12:57:21.0866 0076 vmickvpexchange - ok
12:57:21.0882 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
12:57:21.0882 0076 vmicrdv - ok
12:57:21.0897 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
12:57:21.0897 0076 vmicshutdown - ok
12:57:21.0897 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
12:57:21.0913 0076 vmictimesync - ok
12:57:21.0929 0076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
12:57:21.0944 0076 vmicvss - ok
12:57:21.0960 0076 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:57:21.0960 0076 volmgr - ok
12:57:21.0975 0076 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:57:21.0991 0076 volmgrx - ok
12:57:21.0991 0076 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:57:22.0007 0076 volsnap - ok
12:57:22.0007 0076 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
12:57:22.0022 0076 vpci - ok
12:57:22.0022 0076 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:57:22.0038 0076 vsmraid - ok
12:57:22.0054 0076 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
12:57:22.0100 0076 VSS - ok
12:57:22.0116 0076 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
12:57:22.0132 0076 VSTXRAID - ok
12:57:22.0147 0076 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:57:22.0163 0076 vwifibus - ok
12:57:22.0179 0076 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:57:22.0194 0076 vwififlt - ok
12:57:22.0194 0076 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:57:22.0210 0076 vwifimp - ok
12:57:22.0225 0076 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
12:57:22.0241 0076 W32Time - ok
12:57:22.0257 0076 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
12:57:22.0272 0076 WacomPen - ok
12:57:22.0288 0076 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:57:22.0304 0076 Wanarp - ok
12:57:22.0304 0076 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:57:22.0319 0076 Wanarpv6 - ok
12:57:22.0350 0076 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
12:57:22.0397 0076 wbengine - ok
12:57:22.0397 0076 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:57:22.0429 0076 WbioSrvc - ok
12:57:22.0444 0076 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
12:57:22.0444 0076 Wcmsvc - ok
12:57:22.0475 0076 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:57:22.0491 0076 wcncsvc - ok
12:57:22.0507 0076 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:57:22.0522 0076 WcsPlugInService - ok
12:57:22.0522 0076 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
12:57:22.0538 0076 Wd - ok
12:57:22.0538 0076 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
12:57:22.0554 0076 WdBoot - ok
12:57:22.0569 0076 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:57:22.0585 0076 Wdf01000 - ok
12:57:22.0600 0076 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
12:57:22.0616 0076 WdFilter - ok
12:57:22.0632 0076 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:57:22.0647 0076 WdiServiceHost - ok
12:57:22.0663 0076 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:57:22.0663 0076 WdiSystemHost - ok
12:57:22.0679 0076 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
12:57:22.0694 0076 WebClient - ok
12:57:22.0710 0076 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:57:22.0725 0076 Wecsvc - ok
12:57:22.0741 0076 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:57:22.0819 0076 wercplsupport - ok
12:57:22.0835 0076 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
12:57:22.0851 0076 WerSvc - ok
12:57:22.0866 0076 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
12:57:22.0882 0076 WFPLWFS - ok
12:57:22.0897 0076 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
12:57:22.0897 0076 WiaRpc - ok
12:57:22.0913 0076 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:57:22.0929 0076 WIMMount - ok
12:57:22.0944 0076 WinDefend - ok
12:57:22.0960 0076 [ 7911470B6018059A880469A63B65700A ] WinH**pAutoProxySvc C:\Windows\system32\winh**p.dll
12:57:22.0991 0076 WinH**pAutoProxySvc - ok
12:57:23.0023 0076 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:57:23.0038 0076 Winmgmt - ok
12:57:23.0085 0076 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
12:57:23.0179 0076 WinRM - ok
12:57:23.0194 0076 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:57:23.0210 0076 WinUsb - ok
12:57:23.0241 0076 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
12:57:23.0273 0076 WlanSvc - ok
12:57:23.0304 0076 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
12:57:23.0351 0076 wlidsvc - ok
12:57:23.0366 0076 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
12:57:23.0382 0076 WmiAcpi - ok
12:57:23.0413 0076 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:57:23.0429 0076 wmiApSrv - ok
12:57:23.0444 0076 WMPNetworkSvc - ok
12:57:23.0460 0076 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
12:57:23.0476 0076 wpcfltr - ok
12:57:23.0491 0076 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:57:23.0507 0076 WPCSvc - ok
12:57:23.0523 0076 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:57:23.0554 0076 WPDBusEnum - ok
12:57:23.0569 0076 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
12:57:23.0569 0076 WpdUpFltr - ok
12:57:23.0601 0076 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:57:23.0601 0076 ws2ifsl - ok
12:57:23.0616 0076 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
12:57:23.0632 0076 wscsvc - ok
12:57:23.0663 0076 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
12:57:23.0663 0076 WSDPrintDevice - ok
12:57:23.0679 0076 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
12:57:23.0694 0076 WSDScan - ok
12:57:23.0694 0076 WSearch - ok
12:57:23.0741 0076 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
12:57:23.0804 0076 WSService - ok
12:57:23.0851 0076 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
12:57:23.0944 0076 wuauserv - ok
12:57:23.0960 0076 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:57:23.0991 0076 WudfPf - ok
12:57:24.0007 0076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
12:57:24.0038 0076 WUDFRd - ok
12:57:24.0038 0076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0054 0076 WUDFSensorLP - ok
12:57:24.0054 0076 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:57:24.0069 0076 wudfsvc - ok
12:57:24.0069 0076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0085 0076 WUDFWpdFs - ok
12:57:24.0085 0076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
12:57:24.0101 0076 WUDFWpdMtp - ok
12:57:24.0116 0076 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:57:24.0148 0076 WwanSvc - ok
12:57:24.0148 0076 ================ Scan global ===============================
12:57:24.0179 0076 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
12:57:24.0210 0076 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
12:57:24.0226 0076 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
12:57:24.0241 0076 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
12:57:24.0241 0076 [Global] - ok
12:57:24.0241 0076 ================ Scan MBR ==================================
12:57:24.0257 0076 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
12:57:24.0319 0076 \Device\Harddisk0\DR0 - ok
12:57:24.0319 0076 ================ Scan VBR ==================================
12:57:24.0351 0076 [ C713EDA3BEA8E99A3CCEAD490417024D ] \Device\Harddisk0\DR0\Partition1
12:57:24.0351 0076 \Device\Harddisk0\DR0\Partition1 - ok
12:57:24.0366 0076 [ 299B9BCAB4B067E44F05C7BB57FB988F ] \Device\Harddisk0\DR0\Partition2
12:57:24.0366 0076 \Device\Harddisk0\DR0\Partition2 - ok
12:57:24.0366 0076 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
12:57:24.0366 0076 \Device\Harddisk0\DR0\Partition3 - ok
12:57:24.0382 0076 [ E4F92E0562E78781C416520712288865 ] \Device\Harddisk0\DR0\Partition4
12:57:24.0382 0076 \Device\Harddisk0\DR0\Partition4 - ok
12:57:24.0382 0076 [ 7C463434516F31613A7FF97808E84C17 ] \Device\Harddisk0\DR0\Partition5
12:57:24.0382 0076 \Device\Harddisk0\DR0\Partition5 - ok
12:57:24.0413 0076 [ 080F0AA57D9F62421DFBC641348F435D ] \Device\Harddisk0\DR0\Partition6
12:57:24.0413 0076 \Device\Harddisk0\DR0\Partition6 - ok
12:57:24.0413 0076 ============================================================
12:57:24.0413 0076 Scan finished
12:57:24.0413 0076 ============================================================
12:57:24.0429 3388 Detected object count: 5
12:57:24.0429 3388 Actual detected object count: 5
15:28:49.0899 3388 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:49.0899 3388 ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388 ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:49.0899 3388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:49.0899 3388 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388 IAStorDataMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:28:49.0899 3388 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - skipped by user
15:28:49.0899 3388 Samsung Network Fax Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von cosinus (04.02.2013 um 13:49 Uhr) Grund: CODE-Tags |
|
03.02.2013, 22:33
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Soll ich das mit den CODE-Tags nochmal erwähnen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2013, 13:40
| #12 |
| | Taskmanager schließt bei Drücken von "mehr Details" uh, wo wir wieder bei meinem 0815-PC-Kenntnissen sind. Sollte der Code in so einen Rahmen rein? |
|
04.02.2013, 13:49
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Ist doch extra dick, fett und ausführlichst beschrieben worden...warte ich korrigiere deinen Beitrag eben Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten Geändert von cosinus (04.02.2013 um 13:54 Uhr) |
|
04.02.2013, 20:36
| #14 |
| | Taskmanager schließt bei Drücken von "mehr Details" kann ich leider nicht starten, wird für win8/win2000 nicht unterstützt. |
|
04.02.2013, 21:43
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Taskmanager schließt bei Drücken von "mehr Details" Hm, CF ist noch nicht mit Win8 kompatibel adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Taskmanager schließt bei Drücken von "mehr Details" |
| acrobat update, adobe, adobe flash player, applaus, bho, bonjour, computer, defender, ebanking, excel, explorer, firefox, flash player, google, hijack, hijackthis, internet, internet explorer, internet security 2013, kaspersky internet security 2013, logfile, mozilla, nvidia, nvidia update, problem, scan, security, sich automatisch, starten, super, tablet, taskmanager, windows, windows 8 pro, wmp |
Linear-Darstellung
