| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Java Viren seit Java DeinstallationWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.02.2013, 11:12
| #1 |
 |  Java Viren seit Java Deinstallation Hallo liebes TB-Team, habe gestern im Internet gelesen, dass Java erhebliche Sicherheitsmängel aufweist und daraufhin Java von meinem Laptop deinstalliert. Danach war mein Laptop sehr langsam. Fenster, die ich geöffnet habe, sind in Zeitlupe aufgegangen, sodass es aussah, als würden die Fenster ganz langsam "erscheinen"(wie der eine Effekt in Powerpoint^^). Nach einem Neustart sehen die Fenster wieder normal aus. Habe einen Suchlauf mit Avira gemacht, 12 Java Viren wurden gefunden (habe erst vor einer Woche den letzten Suchlauf gestartet und da fand Avira noch nichts). Hier meine log-Files: OTL.txt Code:
ATTFilter OTL logfile created on: 05.02.2013 09:51:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free 7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.05 09:49:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Downloads\OTL(1).exe PRC - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 16:53:53 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe PRC - [2012.05.09 16:31:12 | 000,577,536 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.04.19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2010.12.29 19:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe PRC - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2009.12.02 23:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2009.09.23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2007.06.01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007.06.01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe MOD - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.02.05 00:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.10.07 14:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.09 19:14:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.09.17 05:19:27 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Kersi\AppData\Local\Temp\7zS6025\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.29 19:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost) SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.17 20:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010.10.07 14:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService) SRV - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 16:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 16:54:09 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.05 08:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2011.06.16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2011.03.26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.17 06:29:56 | 001,416,240 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011.02.05 00:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.04 23:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.17 20:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2010.12.17 20:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2010.12.17 20:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2010.12.17 20:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2010.12.16 23:47:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2010.12.16 23:47:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2010.12.16 23:47:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2010.12.16 23:47:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu) DRV:64bit: - [2010.12.01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.24 12:33:24 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.09 14:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2010.04.07 16:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2010.03.25 09:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.03.20 10:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.09.28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE:64bit: - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKCU\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.1 FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.08.05 17:55:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.25 14:12:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 18:47:59 | 000,000,000 | ---D | M] [2011.08.15 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Extensions [2012.06.07 09:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions [2012.06.07 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\staged [2011.09.27 22:54:39 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\toolbar@ask.com [2011.10.21 12:13:46 | 000,583,875 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\testpilot@labs.mozilla.com.xpi [2012.01.03 15:42:08 | 000,520,337 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.10.21 12:13:47 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.06.07 09:08:39 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\testpilot@labs.mozilla.com.xpi [2012.06.07 09:08:38 | 000,525,079 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.06.07 09:08:35 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.04.07 14:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.08.25 15:02:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation) O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts) O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com) O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft) O4 - HKLM..\RunOnce: [CTSU] C:\Program Files (x86)\Creative\Software Update\CTSURun.exe (Creative Technology Ltd.) O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{BC124~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{BC124~1\reboot.ini -l0x7 File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6124BFFB-70A1-490A-869C-7047E1C3AEF3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BFD33E-46B4-4689-A16C-43114DBF6D90}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6A7C4F5-A233-47EC-A6E5-0882137F6395}: NameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell - "" = AutoRun O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\WinRAR [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.01.21 16:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.01.13 15:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio [2013.01.11 14:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam [2013.01.11 14:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam [2013.01.07 01:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.07 01:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.07 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Local\Programs ========== Files - Modified Within 30 Days ========== [2013.02.05 09:52:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\WebReg .job [2013.02.05 09:47:32 | 000,000,000 | ---- | M] () -- C:\Users\Kersi\defogger_reenable [2013.02.05 09:46:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.02.05 09:43:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.02.05 09:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 23:33:25 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.02.04 23:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 23:32:21 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys [2013.02.03 21:26:10 | 001,642,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.03 21:26:10 | 000,708,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.03 21:26:10 | 000,663,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.03 21:26:10 | 000,151,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.03 21:26:10 | 000,124,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 18:40:09 | 000,409,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.08 23:37:46 | 001,620,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.07 01:08:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== Files Created - No Company Name ========== [2013.02.05 09:47:32 | 000,000,000 | ---- | C] () -- C:\Users\Kersi\defogger_reenable [2013.01.07 01:08:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.12.02 09:35:56 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat [2011.09.01 12:01:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.30 15:38:29 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat [2011.08.30 15:36:33 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat.temp [2011.08.30 15:36:33 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp [2011.08.05 19:14:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.08.05 19:13:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.05 19:13:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.05 19:13:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.05 19:13:22 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.05 17:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.05 17:44:55 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.02.11 18:45:27 | 001,620,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.08.14 23:37:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\DigitalPersona [2011.11.20 10:31:57 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\Epson [2011.08.16 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PCDr [2011.08.31 09:16:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PhotoFiltre ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 09:51:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yoshi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free
7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS
Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3587A0C0-1EC3-4345-825B-FDBA96FB5C7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EF01DD3-9B6C-4880-AF26-BB81BC6C305D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5C81E03E-DB3E-4A28-AB34-2A7B601CEBFD}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C8963FE-3AFB-4458-A181-A0F8F9E08DB8}" = rport=138 | protocol=17 | dir=out | app=system |
"{5E1F2858-B134-444A-8833-D4242279B345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{619C9527-52FD-46AE-A21B-6A990D99767E}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update |
"{66C24403-6CA2-4C87-8B11-009157F23697}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68C0882D-61BC-4C4C-B3E1-BE8AE93613A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{6EF97E1C-EAE8-44C2-9CF7-95112CF27616}" = rport=445 | protocol=6 | dir=out | app=system |
"{70CDAC83-DCC9-45AC-B713-67000B09BDE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{793377EE-C56F-43DC-8E7D-C70C44EABD5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A1472E6-EDEF-458D-AFDD-4C2D9729C39B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{890D9966-AE4B-4FA8-B3E0-B397176745AE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{89A2624B-6472-4083-BCE0-0A5614323ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FE33200-A884-4192-850A-32FBD2FD4FE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9352FA7F-4AA0-47E4-A041-B24D33B92701}" = rport=10243 | protocol=6 | dir=out | app=system |
"{967F230B-F5ED-4E35-B4CC-931BDCFB1891}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A768EBB1-50B8-467D-9455-76792DDE02D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BE90127B-14F3-49CF-9522-8CED91EEC7EA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1ED3D8F-A71E-4447-A530-4FFFF6817BF0}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9F2F2CB-DAFC-4B3F-810A-3DC049BC9F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CAF9752C-F0D3-4689-9C8D-FF25330F6056}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2D308E7-8781-4B5E-A87B-572867791A68}" = rport=137 | protocol=17 | dir=out | app=system |
"{DAF80082-643F-4E86-BD62-57B15E301B2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC25FBC3-EAC5-4A8D-8483-52948987A838}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED8FD923-2D1A-4031-B17A-6BFF3CC088EE}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C480C8-FDCB-4273-A9D5-7872FA945D57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1F6D00B4-A0AE-4968-A9C8-7F192A919154}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{20235AE5-2683-4F5A-A078-96D1166CB56D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{20FFA239-92D1-46F9-AAE8-25BC80ABED19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23F1BFB9-2A0B-404A-9D09-768711A3701F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{295B5177-A056-4953-96E8-4B53A7CD142B}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htc sync\htcsyncloader.exe |
"{2DFD026C-4372-4C84-B079-A63339E30B06}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{2E6527EA-2E14-40D9-A514-5688CC4C981E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{41112723-9D25-41D2-A44E-1A740073DD9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{4222B3DD-045E-422F-9B58-70C686184407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F056231-B7E9-4A0E-A05B-5B758E8E59E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7718A546-F049-4611-A118-3027B21CABBD}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{79733A63-E9DB-4E32-9A0C-582E9E891B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E3D32E1-26CF-41F9-82BD-B0B8C11573B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8012AF6C-5A20-4F5A-A22E-FD2A6D93AE58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81606167-2E03-4424-B53B-9905516371FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E226DEF-159C-4CCF-8788-7B04904A89F2}" = protocol=6 | dir=out | app=system |
"{97E9DE23-6B37-4AAC-809D-072E5F0E4017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A351C94F-80FA-443C-9DF7-889608B8FEDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A42622D8-F8C4-4BEE-9083-9B9C4C98C93D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9D1CCE1-4308-4652-8D77-7F3654FB634E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE64B437-5E62-45BF-944E-C0C1516EABE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B433F2E4-A41D-41A7-97FA-1A33C77DE106}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BA1C33BB-5064-437D-95B9-B69419306CBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C3ED1D2B-A80E-4F75-9D02-5D41EB99CE00}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CAA6895D-BD5D-4A98-939E-C0E8F0B94C28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{CAC190DC-8207-46D8-A93E-5D7ACA833B33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{D407C6FD-A4FC-45AD-AC2E-1642FA9E86BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8FE5719-A322-4B20-AECA-F5BCB2EADC63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D933D19E-F403-4B6F-81EF-7936D9F826B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD205CE4-DFAE-4B13-9A7A-8BBAACE3A277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6A1AF81-7DAD-413D-891E-5AEBC0BCD1DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F1B59442-5AB8-4AF3-828A-ADA38CCA42F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F366F347-BAB3-4C8D-A2BA-BEEA4E7BE8F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1483A6E6-8F43-4275-931F-112B4B7E9402}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe |
"TCP Query User{28D6BC67-3253-487C-9662-FA23579A8768}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{653CD78E-5C2F-476B-9D62-2BF9690C730A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{CBF25348-60A7-4F08-8C3F-FEF816AD1EFD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{4C6D9D31-C9FE-436C-8185-DAB3C9ED4B39}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{5F4A6D1C-4B6F-4AE0-B083-8C28B298DA6F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{ED6D0CC7-574C-45B9-BA01-061C7C08D17A}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe |
"UDP Query User{F46E4061-C46F-461F-9278-96A6C4502115}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08AABBF5-353E-43E5-9E38-94989DDE600C}" = Iomega Encryption
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18C99C4F-6BAB-84D1-261B-EC1099610C63}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{480C331C-C21E-F744-DBFF-98F8F2B0D4AC}" = ATI Catalyst Install Manager
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{729F2EAD-6283-7CFE-E5DB-03C653A309E0}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series
"GIMP-2_is1" = GIMP 2.8.2
"HP Smart Web Printing" = HP Smart Web Printing
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 4.20 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{07E10D8F-9E63-9334-4902-192A954E3B64}" = CCC Help Norwegian
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FA0F736-0851-C84A-08AE-D2F39C188B83}" = PX Profile Update
"{17422E25-DCC9-9192-6FC7-A0E8B324A7C9}" = CCC Help Finnish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2554B5A7-330A-D672-0F4B-D960F4F4F428}" = CCC Help German
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C6F513-5800-96BF-12EA-B4C7DC7DD671}" = Catalyst Control Center InstallProxy
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{428C0601-9461-B6C8-D6D6-191FF8308410}" = ccc-core-static
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46314378-EB8B-46B4-A790-4CFD0461ADA1}" = Catalyst Control Center - Branding
"{470AE5CD-6626-2D2A-6123-5D898D8813E5}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5765DDB0-6A73-F8CB-006E-76168E3DE49F}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5CFB494B-1A52-82E3-9EB2-8E21084390F6}" = CCC Help Swedish
"{5D2E23BC-C6A2-BB50-E738-B756F8040E65}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68998208-3CED-2259-C735-92F0C0D57620}" = Catalyst Control Center Localization All
"{69D91A61-4328-08DD-E0FB-D011E324F610}" = Catalyst Control Center Profiles Mobile
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CA87328-1AFA-3B5C-A279-C917D299E0CB}" = CCC Help Italian
"{8328181F-5C6B-9304-DDDC-85BE47A3B917}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{878F597D-BA4C-2694-55E9-F1AE1988B144}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.3.1
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA22076-945C-F764-4D33-2AF4DFE6A3F0}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1024FE-2009-2350-446F-3A6E00E5181A}" = CCC Help Russian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28FC637-A783-FE1C-8488-CAA05F11B690}" = CCC Help Chinese Traditional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9454417-3019-FDB1-272B-A64F39202E3C}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDA023EF-0F82-4030-BF23-5283C1EE1031}" = Nero 7 Essentials
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9C53AC8-C288-5727-1856-5B641CDFA2C1}" = CCC Help Dutch
"{FC687ED0-69A9-67E7-0219-55CFB9B643CC}" = CCC Help Chinese Standard
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0 (x86 en-GB)" = Mozilla Firefox 9.0 (x86 en-GB)
"RStudio" = RStudio
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 10:06:41 | Computer Name = LaptopKersi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 5.10.1.44067,
Zeitstempel: 0x5000146c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x009f00c4 ID des fehlerhaften
Prozesses: 0x774 Startzeit der fehlerhaften Anwendung: 0x01ce02178d7bedc1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Updater\Updater.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: ee8fce88-6e0a-11e2-9ae0-3859f9760090
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 11:45:34 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.02.2013 17:27:51 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 10:57:04 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 04.02.2013 11:59:51 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 18:33:30 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 04.02.2013 10:58:01 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 10:58:50 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 04.02.2013 10:59:02 | Computer Name = LaptopKersi | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 04.02.2013 11:01:07 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
Error - 04.02.2013 12:00:50 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 12:18:38 | Computer Name = LaptopKersi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2013 um 17:09:16 unerwartet heruntergefahren.
Error - 04.02.2013 18:34:05 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description =
Error - 04.02.2013 20:42:54 | Computer Name = LaptopKersi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
< End of report >
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-05 10:43:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0001 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Kersi\AppData\Local\Temp\uxdyyfow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000762d1401 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000762d1419 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000762d1431 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000762d144a 2 bytes [2D, 76]
.text ... * 9
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000762d14dd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000762d14f5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000762d150d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000762d1525 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000762d153d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000762d1555 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000762d156d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000762d1585 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000762d159d 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000762d15b5 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000762d15cd 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000762d16b2 2 bytes [2D, 76]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000762d16bd 2 bytes [2D, 76]
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9760090
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9760090 (not active ControlSet)
---- EOF - GMER 2.0 ----
Habe hoffentlich alles richtig gemacht! Vielen Dank schon mal im Voraus für eure Hilfe!! |
|
06.02.2013, 11:44
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Java Viren seit Java Deinstallation Zitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bevor wir uns an weitere die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
06.02.2013, 13:21
| #3 |
| | Java Viren seit Java Deinstallation Hi cosinus,
__________________Danke für deine Hilfe! Habe die Anleitung gelesen. Als ich an den Laptop musste, hatte ich wieder das Problem mit den langsam "erscheinenden" Fenstern. Auch beim hoch- und runterfahren ergaben sich seltsame Übergänge...also z.B. wurde es beim hochfahren schrittweise von nem dunklen Bildschirm heller, bis mein normaler Desktophintergrund sichtbar war (irgendwie schwer das zu beschreiben). Hab gestern noch Scans von Avira und Malwarebytes durchlaufen lassen. Bei den Scans von gestern wurde aber nichts mehr gefunden. Habe im Anschluss noch den CCleaner durchlaufen lassen. Hier die ganzen Logs: 1. Avira Suchdurchlauf (mit 12 Funden) Code:
ATTFilter Exported events:
05.02.2013 09:25 [System Scanner] Malware found
The file
'C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819
a72'
contained a virus or unwanted program 'JAVA/Lamar.QU.3' [virus]
Action(s) taken:
The file was moved to the quarantine directory under the name '5994603f.qua'!
In dem report file von dem damaligen Suchdurchlauf werden aber alle angezeigt. Hier der Log dazu Code:
ATTFilter
Avira Free Antivirus
Report file date: Dienstag, 5. Februar 2013 00:05
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Professional
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LAPTOPKERSI
Version information:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:18:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 15:53:54
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 11.12.2012 15:53:54
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 15:54:05
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 16:53:08
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 16:53:08
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 16:53:09
avlode.rdf : 13.0.0.36 10917 Bytes 29.01.2013 15:51:45
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 15:35:20
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 14:19:52
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 14:19:52
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 14:19:52
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 14:19:52
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 14:19:52
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 13:56:32
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 18:20:12
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 21:39:39
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 09:19:25
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 08:58:48
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 23:19:49
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:45:13
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 15:18:22
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 11:03:41
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 15:36:08
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 20:22:25
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 09:57:40
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 23:28:23
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 21:48:11
VBASE027.VDF : 7.11.59.68 1887744 Bytes 31.01.2013 15:53:44
VBASE028.VDF : 7.11.59.159 431104 Bytes 04.02.2013 22:37:52
VBASE029.VDF : 7.11.59.160 2048 Bytes 04.02.2013 22:37:53
VBASE030.VDF : 7.11.59.161 2048 Bytes 04.02.2013 22:37:53
VBASE031.VDF : 7.11.59.174 21504 Bytes 04.02.2013 22:37:53
Engine version : 8.2.10.246
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.86 467323 Bytes 31.01.2013 15:53:47
AESCN.DLL : 8.1.10.0 131445 Bytes 14.12.2012 14:00:55
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 11:16:25
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 22:54:14
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 15:57:03
AEHEUR.DLL : 8.1.4.194 5710199 Bytes 01.02.2013 20:50:35
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 15:52:32
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 21:15:15
AEEXP.DLL : 8.3.0.18 188789 Bytes 31.01.2013 15:53:47
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 14.12.2012 14:00:54
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 15:57:01
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 15:53:54
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 16:53:08
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 15:53:51
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 15:53:53
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:55
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 15:54:05
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 11.12.2012 15:53:50
RCTEXT.DLL : 13.4.0.360 66336 Bytes 11.12.2012 15:53:50
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, G:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +SPR,
Start of the scan: Dienstag, 5. Februar 2013 00:05
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting search for hidden objects.
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '129' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'vcsFPService.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'spoolsv.exe' - '99' Module(s) have been scanned
Scan process 'DpHostW.exe' - '86' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '40' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'AERTSr64.exe' - '8' Module(s) have been scanned
Scan process 'avguard.exe' - '77' Module(s) have been scanned
Scan process 'Ath_CoexAgent.exe' - '40' Module(s) have been scanned
Scan process 'adminservice.exe' - '30' Module(s) have been scanned
Scan process 'cvpnd.exe' - '57' Module(s) have been scanned
Scan process 'DCService.exe' - '37' Module(s) have been scanned
Scan process 'HSMServiceEntry.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'PSIA.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '75' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'taskhost.exe' - '44' Module(s) have been scanned
Scan process 'DPAgent.exe' - '60' Module(s) have been scanned
Scan process 'Dwm.exe' - '40' Module(s) have been scanned
Scan process 'Explorer.EXE' - '169' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'USBVaccine.exe' - '36' Module(s) have been scanned
Scan process 'DCSHelper.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '58' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '51' Module(s) have been scanned
Scan process 'igfxtray.exe' - '33' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'igfxpers.exe' - '42' Module(s) have been scanned
Scan process 'FF_Protection.exe' - '39' Module(s) have been scanned
Scan process 'BtvStack.exe' - '90' Module(s) have been scanned
Scan process 'AthBtTray.exe' - '47' Module(s) have been scanned
Scan process 'quickset.exe' - '60' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'DbrmTrayicon.exe' - '43' Module(s) have been scanned
Scan process 'DPAgent.exe' - '20' Module(s) have been scanned
Scan process 'sidebar.exe' - '100' Module(s) have been scanned
Scan process 'E_IATIGJE.EXE' - '30' Module(s) have been scanned
Scan process 'E_IATIGJE.EXE' - '31' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '54' Module(s) have been scanned
Scan process 'StikyNot.exe' - '44' Module(s) have been scanned
Scan process 'psi_tray.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned
Scan process 'SignalIslandUi.exe' - '89' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '36' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '109' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '68' Module(s) have been scanned
Scan process 'MOM.exe' - '73' Module(s) have been scanned
Scan process 'winampa.exe' - '32' Module(s) have been scanned
Scan process 'FUFAXSTM.exe' - '91' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '56' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '49' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'CCC.exe' - '175' Module(s) have been scanned
Scan process 'TurboBoost.exe' - '26' Module(s) have been scanned
Scan process 'DllHost.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'NASvc.exe' - '46' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'sua.exe' - '23' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '101' Module(s) have been scanned
Scan process 'splwow64.exe' - '45' Module(s) have been scanned
Scan process 'firefox.exe' - '112' Module(s) have been scanned
Scan process 'avcenter.exe' - '93' Module(s) have been scanned
Scan process 'avscan.exe' - '123' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'taskmgr.exe' - '52' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '77' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '3604' files ).
Starting the file scan:
Begin scan in 'C:\' <OS>
C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819a72
[0] Archive type: ZIP
--> Additional.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.TP Java virus
[WARNING] Infected files in archives cannot be repaired
--> BAsoxo.class
[DETECTION] Contains recognition pattern of the JAVA/Treams.JS.1 Java virus
[WARNING] Infected files in archives cannot be repaired
--> Bobnam.class
[DETECTION] Contains recognition pattern of the JAVA/Lamar.QS.4 Java virus
[WARNING] Infected files in archives cannot be repaired
--> Grouiz.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.UD Java virus
[WARNING] Infected files in archives cannot be repaired
--> Iusus.class
[DETECTION] Contains recognition pattern of the EXP/2013-0422.AA exploit
[WARNING] Infected files in archives cannot be repaired
--> MAsla.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.VU Java virus
[WARNING] Infected files in archives cannot be repaired
--> Omototro.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.VV Java virus
[WARNING] Infected files in archives cannot be repaired
--> Tawwer.class
[DETECTION] Contains recognition pattern of the JAVA/Lamar.RT.1 Java virus
[WARNING] Infected files in archives cannot be repaired
--> Tidura.class
[DETECTION] Contains recognition pattern of the JAVA/Treams.JA.3 Java virus
[WARNING] Infected files in archives cannot be repaired
--> Vlast.class
[DETECTION] Contains recognition pattern of the JAVA/Jogek.VW Java virus
[WARNING] Infected files in archives cannot be repaired
--> YOpuiso.class
[DETECTION] Contains recognition pattern of the JAVA/Treams.JB.3 Java virus
[WARNING] Infected files in archives cannot be repaired
--> Yusioir.class
[DETECTION] Contains recognition pattern of the JAVA/Lamar.QU.3 Java virus
[WARNING] Infected files in archives cannot be repaired
Begin scan in 'G:\' <Iomega_HDD>
Beginning disinfection:
C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819a72
[DETECTION] Contains recognition pattern of the JAVA/Lamar.QU.3 Java virus
[NOTE] The file was moved to the quarantine directory under the name '5994603f.qua'!
End of the scan: Dienstag, 5. Februar 2013 09:25
Used time: 2:00:12 Hour(s)
The scan has been done completely.
30097 Scanned directories
1715783 Files were scanned
12 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1715771 Files not concerned
21395 Archives were scanned
12 Warnings
1 Notes
876334 Objects were scanned with rootkit scan
0 Hidden objects were found
Wie gesagt, der Avira Suchdurchlauf von gestern hat nichts ergeben. Bevor ich den (positiven) Avira Scan durchlaufen lassen hab, hab ich noch nen Quick Scan mit Malwarebytes gemacht. Da wurde nichts gefunden. In dem kompletten Scan von Malwarebytes, den ich gestern durchlaufen lassen hab, wurde auch nichts gefunden. Die Logs sind wahrscheinlich sinnlos, aber ich poste sie trotzdem mal. Quick Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yoshi :: LAPTOPKERSI [limited] 05.02.2013 00:00:17 mbam-log-2013-02-05 (00-00-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 175334 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.06.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Yoshi :: LAPTOPKERSI [limited] 05.02.2013 00:00:17 mbam-log-2013-02-05 (00-00-17).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 175334 Time elapsed: 4 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Habe mir Malwarebytes Anti-Rootkit heruntergeladen und einen Scan durchlaufen lassen. Aber auch hier wurde nichts gefunden. Der Log dazu: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org
Database version: v2013.02.06.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kersi :: LAPTOPKERSI [administrator]
06.02.2013 12:56:54
mbar-log-2013-02-06 (12-56-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29574
Time elapsed: 12 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Gerade ist mein Laptop wieder normal, was das Anzeigen der Fenster etc. angeht. Muss das überhaupt durch Viren o.Ä. zustande gekommen sein oder kann das auch auf Probleme mit der Graphikkarte oder sowas in der Art hindeuten? LG Geändert von Gizmo_ (06.02.2013 um 13:43 Uhr) |
|
06.02.2013, 14:27
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java DeinstallationZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
06.02.2013, 19:00
| #5 |
| | Java Viren seit Java Deinstallation Hi, Das ist mein ganz normaler Laptop. Professional ist drauf, weil das bei dem Laptop, als ich ihn gekauft hab, drauf war... Wusste nicht, dass es Unsinn ist Professional für den Heimgebrauch zu verwenden. |
|
06.02.2013, 21:35
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java Deinstallation Naja, manche nehmen diese Edititon für den XP-Mode, aber wenn ich eine Pro sehe vermute ich auch immer gewerbliche Nutzung 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Java Viren seit Java Deinstallation |
|
06.02.2013, 23:47
| #7 |
| | Java Viren seit Java Deinstallation Hi, hier der Log von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-06 22:57:40
-----------------------------
22:57:40.780 OS Version: Windows x64 6.1.7601 Service Pack 1
22:57:40.781 Number of processors: 4 586 0x2A07
22:57:40.783 ComputerName: LAPTOPKERSI UserName: Kersi
22:57:41.746 Initialize success
22:59:16.174 AVAST engine defs: 13020600
22:59:51.394 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:51.409 Disk 0 Vendor: ST320LT0 0001 Size: 305245MB BusType: 3
22:59:51.440 Disk 0 MBR read successfully
22:59:51.440 Disk 0 MBR scan
22:59:51.456 Disk 0 Windows VISTA default MBR code
22:59:51.456 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
22:59:51.472 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 21900 MB offset 208896
22:59:51.487 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 283242 MB offset 45060096
22:59:51.550 Disk 0 scanning C:\Windows\system32\drivers
23:00:05.806 Service scanning
23:00:32.486 Modules scanning
23:00:32.504 Disk 0 trace - called modules:
23:00:32.522 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
23:00:32.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006612060]
23:00:32.531 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80064c0cb0]
23:00:32.534 5 stdcfltn.sys[fffff88001b53c52] -> nt!IofCallDriver -> [0xfffffa8004b0b3d0]
23:00:32.538 7 ACPI.sys[fffff88000f0a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b11050]
23:00:33.671 AVAST engine scan C:\Windows
23:00:36.877 AVAST engine scan C:\Windows\system32
23:04:01.712 AVAST engine scan C:\Windows\system32\drivers
23:04:18.294 AVAST engine scan C:\Users\Kersi
23:07:57.642 AVAST engine scan C:\ProgramData
23:12:15.314 Scan finished successfully
23:14:13.687 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:14:13.703 The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:15:44.989 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:15:44.993 The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:16:35.710 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:16:35.710 The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:17:06.525 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Documents\MBR.dat"
23:17:06.525 The log file has been saved successfully to "C:\Users\Kersi\Documents\aswMBR.txt"
23:18:16.846 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:18:16.846 The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR2.txt"
23:19:08.408 Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:19:08.408 The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:20:58.616 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
23:20:58.632 The log file has been saved successfully to "C:\aswMBR.txt"
Hier der Log von TDSS-Killer: Code:
ATTFilter 23:31:29.0287 2456 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:31:29.0489 2456 ============================================================
23:31:29.0489 2456 Current date / time: 2013/02/06 23:31:29.0489
23:31:29.0489 2456 SystemInfo:
23:31:29.0489 2456
23:31:29.0489 2456 OS Version: 6.1.7601 ServicePack: 1.0
23:31:29.0490 2456 Product type: Workstation
23:31:29.0490 2456 ComputerName: LAPTOPKERSI
23:31:29.0490 2456 UserName: Kersi
23:31:29.0490 2456 Windows directory: C:\Windows
23:31:29.0490 2456 System windows directory: C:\Windows
23:31:29.0490 2456 Running under WOW64
23:31:29.0490 2456 Processor architecture: Intel x64
23:31:29.0490 2456 Number of processors: 4
23:31:29.0490 2456 Page size: 0x1000
23:31:29.0490 2456 Boot type: Normal boot
23:31:29.0490 2456 ============================================================
23:31:30.0419 2456 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize:
0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags
0x00000040
23:31:30.0435 2456 Drive \Device\Harddisk1\DR1 - Size: 0xE8B51B6000 (930.83 Gb), SectorSize:
0x1000, Cylinders: 0x3B55, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:30.0766 2456 ============================================================
23:31:30.0766 2456 \Device\Harddisk0\DR0:
23:31:30.0766 2456 MBR partitions:
23:31:30.0766 2456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000,
BlocksNum 0x2AC6000
23:31:30.0766 2456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2AF9000,
BlocksNum 0x229352B0
23:31:30.0766 2456 \Device\Harddisk1\DR1:
23:31:30.0766 2456 MBR partitions:
23:31:30.0766 2456 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum
0xE8B4F00
23:31:30.0766 2456 ============================================================
23:31:30.0813 2456 C: <-> \Device\Harddisk0\DR0\Partition2
23:31:30.0829 2456 G: <-> \Device\Harddisk1\DR1\Partition1
23:31:30.0829 2456 ============================================================
23:31:30.0829 2456 Initialize success
23:31:30.0829 2456 ============================================================
23:33:42.0366 6160 ============================================================
23:33:42.0366 6160 Scan started
23:33:42.0366 6160 Mode: Manual; SigCheck; TDLFS;
23:33:42.0366 6160 ============================================================
23:33:43.0400 6160 ================ Scan system memory ========================
23:33:43.0400 6160 System memory - ok
23:33:43.0400 6160 ================ Scan services =============================
23:33:43.0540 6160 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows
\system32\drivers\1394ohci.sys
23:33:43.0774 6160 1394ohci - ok
23:33:43.0805 6160 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows
\system32\DRIVERS\Accelern.sys
23:33:43.0899 6160 Acceler - ok
23:33:43.0946 6160 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows
\system32\drivers\ACPI.sys
23:33:43.0977 6160 ACPI - ok
23:33:43.0992 6160 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows
\system32\drivers\acpipmi.sys
23:33:44.0119 6160 AcpiPmi - ok
23:33:44.0235 6160 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files
(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:33:44.0260 6160 AdobeARMservice - ok
23:33:44.0423 6160 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows
\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:33:44.0454 6160 AdobeFlashPlayerUpdateSvc - ok
23:33:44.0501 6160 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows
\system32\drivers\adp94xx.sys
23:33:44.0547 6160 adp94xx - ok
23:33:44.0579 6160 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows
\system32\drivers\adpahci.sys
23:33:44.0610 6160 adpahci - ok
23:33:44.0610 6160 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows
\system32\drivers\adpu320.sys
23:33:44.0625 6160 adpu320 - ok
23:33:44.0641 6160 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows
\System32\aelupsvc.dll
23:33:44.0766 6160 AeLookupSvc - ok
23:33:44.0828 6160 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files
\Realtek\Audio\HDA\AERTSr64.exe
23:33:44.0859 6160 AERTFilters - ok
23:33:44.0891 6160 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows
\system32\drivers\afd.sys
23:33:45.0015 6160 AFD - ok
23:33:45.0047 6160 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows
\system32\drivers\agp440.sys
23:33:45.0082 6160 agp440 - ok
23:33:45.0114 6160 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows
\System32\alg.exe
23:33:45.0216 6160 ALG - ok
23:33:45.0235 6160 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows
\system32\drivers\aliide.sys
23:33:45.0243 6160 aliide - ok
23:33:45.0277 6160 [ EC9904687265F3274583258AA435B405 ] AMD External Events Utility C:
\Windows\system32\atiesrxx.exe
23:33:45.0397 6160 AMD External Events Utility - ok
23:33:45.0397 6160 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows
\system32\drivers\amdide.sys
23:33:45.0412 6160 amdide - ok
23:33:45.0428 6160 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows
\system32\drivers\amdk8.sys
23:33:45.0475 6160 AmdK8 - ok
23:33:45.0646 6160 [ 1E04097AC7637F11257003D5DB8780D6 ] amdkmdag C:\Windows
\system32\DRIVERS\atikmdag.sys
23:33:45.0865 6160 amdkmdag - ok
23:33:45.0896 6160 [ 3796C675884092141D5ECE9B2689D113 ] amdkmdap C:\Windows
\system32\DRIVERS\atikmpag.sys
23:33:45.0943 6160 amdkmdap - ok
23:33:45.0943 6160 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows
\system32\drivers\amdppm.sys
23:33:45.0974 6160 AmdPPM - ok
23:33:46.0036 6160 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows
\system32\drivers\amdsata.sys
23:33:46.0052 6160 amdsata - ok
23:33:46.0079 6160 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows
\system32\drivers\amdsbs.sys
23:33:46.0092 6160 amdsbs - ok
23:33:46.0112 6160 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows
\system32\drivers\amdxata.sys
23:33:46.0119 6160 amdxata - ok
23:33:46.0194 6160 [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program
Files (x86)\Avira\AntiVir Desktop\sched.exe
23:33:46.0209 6160 AntiVirSchedulerService - ok
23:33:46.0245 6160 [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService C:\Program Files
(x86)\Avira\AntiVir Desktop\avguard.exe
23:33:46.0252 6160 AntiVirService - ok
23:33:46.0287 6160 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows
\system32\drivers\appid.sys
23:33:46.0466 6160 AppID - ok
23:33:46.0497 6160 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows
\System32\appidsvc.dll
23:33:46.0591 6160 AppIDSvc - ok
23:33:46.0653 6160 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows
\System32\appinfo.dll
23:33:46.0747 6160 Appinfo - ok
23:33:46.0794 6160 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows
\System32\appmgmts.dll
23:33:46.0887 6160 AppMgmt - ok
23:33:46.0919 6160 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows
\system32\drivers\arc.sys
23:33:46.0934 6160 arc - ok
23:33:46.0965 6160 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows
\system32\drivers\arcsas.sys
23:33:46.0965 6160 arcsas - ok
23:33:47.0059 6160 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows
\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:33:47.0090 6160 aspnet_state - ok
23:33:47.0090 6160 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows
\system32\DRIVERS\asyncmac.sys
23:33:47.0184 6160 AsyncMac - ok
23:33:47.0231 6160 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows
\system32\drivers\atapi.sys
23:33:47.0246 6160 atapi - ok
23:33:47.0293 6160 [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort C:\Windows
\system32\DRIVERS\btath_flt.sys
23:33:47.0309 6160 AthBTPort - ok
23:33:47.0340 6160 [ 4119870B90E1B5E7797D6433D21F9216 ] AthDfu C:\Windows
\System32\Drivers\AthDfu.sys
23:33:47.0355 6160 AthDfu - ok
23:33:47.0402 6160 [ 67B8BD46E8626C348688930244761DAB ] Atheros Bt&Wlan Coex Agent C:\Program
Files (x86)\Dell Wireless\Ath_CoexAgent.exe
23:33:47.0449 6160 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
23:33:47.0449 6160 Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
23:33:47.0480 6160 [ 8430ED17CEF0D7878B25776E02508957 ] AtherosSvc C:\Program Files
(x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
23:33:47.0511 6160 AtherosSvc - ok
23:33:47.0605 6160 [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr C:\Windows
\system32\DRIVERS\athrx.sys
23:33:47.0761 6160 athr - ok
23:33:47.0839 6160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows
\System32\Audiosrv.dll
23:33:47.0964 6160 AudioEndpointBuilder - ok
23:33:48.0011 6160 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows
\System32\Audiosrv.dll
23:33:48.0042 6160 AudioSrv - ok
23:33:48.0073 6160 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows
\system32\DRIVERS\avgntflt.sys
23:33:48.0130 6160 avgntflt - ok
23:33:48.0151 6160 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows
\system32\DRIVERS\avipbb.sys
23:33:48.0185 6160 avipbb - ok
23:33:48.0212 6160 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows
\system32\DRIVERS\avkmgr.sys
23:33:48.0257 6160 avkmgr - ok
23:33:48.0309 6160 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows
\System32\AxInstSV.dll
23:33:48.0423 6160 AxInstSV - ok
23:33:48.0454 6160 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows
\system32\drivers\bxvbda.sys
23:33:48.0563 6160 b06bdrv - ok
23:33:48.0595 6160 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows
\system32\DRIVERS\b57nd60a.sys
23:33:48.0673 6160 b57nd60a - ok
23:33:48.0766 6160 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows
\System32\bdesvc.dll
23:33:48.0844 6160 BDESVC - ok
23:33:48.0860 6160 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows
\system32\drivers\Beep.sys
23:33:48.0922 6160 Beep - ok
23:33:49.0000 6160 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows
\System32\bfe.dll
23:33:49.0118 6160 BFE - ok
23:33:49.0172 6160 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows
\System32\qmgr.dll
23:33:49.0255 6160 BITS - ok
23:33:49.0300 6160 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows
\system32\DRIVERS\blbdrive.sys
23:33:49.0357 6160 blbdrive - ok
23:33:49.0394 6160 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows
\system32\DRIVERS\bowser.sys
23:33:49.0472 6160 bowser - ok
23:33:49.0503 6160 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows
\system32\drivers\BrFiltLo.sys
23:33:49.0550 6160 BrFiltLo - ok
23:33:49.0550 6160 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows
\system32\drivers\BrFiltUp.sys
23:33:49.0566 6160 BrFiltUp - ok
23:33:49.0612 6160 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows
\System32\browser.dll
23:33:49.0722 6160 Browser - ok
23:33:49.0753 6160 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows
\System32\Drivers\Brserid.sys
23:33:49.0846 6160 Brserid - ok
23:33:49.0846 6160 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows
\System32\Drivers\BrSerWdm.sys
23:33:49.0893 6160 BrSerWdm - ok
23:33:49.0893 6160 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows
\System32\Drivers\BrUsbMdm.sys
23:33:49.0924 6160 BrUsbMdm - ok
23:33:49.0924 6160 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows
\System32\Drivers\BrUsbSer.sys
23:33:49.0940 6160 BrUsbSer - ok
23:33:50.0002 6160 [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP C:\Windows
\system32\drivers\btath_a2dp.sys
23:33:50.0034 6160 BTATH_A2DP - ok
23:33:50.0080 6160 [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS C:\Windows
\system32\DRIVERS\btath_bus.sys
23:33:50.0098 6160 BTATH_BUS - ok
23:33:50.0111 6160 [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP C:\Windows
\system32\DRIVERS\btath_hcrp.sys
23:33:50.0119 6160 BTATH_HCRP - ok
23:33:50.0140 6160 [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT C:\Windows
\system32\DRIVERS\btath_lwflt.sys
23:33:50.0146 6160 BTATH_LWFLT - ok
23:33:50.0157 6160 [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP C:\Windows
\system32\DRIVERS\btath_rcp.sys
23:33:50.0165 6160 BTATH_RCP - ok
23:33:50.0178 6160 [ 486720DA2B3BB13D1080C83140C18B56 ] BtFilter C:\Windows
\system32\DRIVERS\btfilter.sys
23:33:50.0187 6160 BtFilter - ok
23:33:50.0265 6160 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows
\system32\drivers\BthEnum.sys
23:33:50.0344 6160 BthEnum - ok
23:33:50.0367 6160 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows
\system32\drivers\bthmodem.sys
23:33:50.0429 6160 BTHMODEM - ok
23:33:50.0461 6160 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows
\system32\DRIVERS\bthpan.sys
23:33:50.0523 6160 BthPan - ok
23:33:50.0585 6160 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows
\System32\Drivers\BTHport.sys
23:33:50.0663 6160 BTHPORT - ok
23:33:50.0726 6160 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows
\system32\bthserv.dll
23:33:50.0773 6160 bthserv - ok
23:33:50.0835 6160 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows
\System32\Drivers\BTHUSB.sys
23:33:50.0897 6160 BTHUSB - ok
23:33:50.0944 6160 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows
\system32\DRIVERS\cdfs.sys
23:33:51.0022 6160 cdfs - ok
23:33:51.0128 6160 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows
\system32\DRIVERS\cdrom.sys
23:33:51.0156 6160 cdrom - ok
23:33:51.0176 6160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows
\System32\certprop.dll
23:33:51.0272 6160 CertPropSvc - ok
23:33:51.0308 6160 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows
\system32\drivers\circlass.sys
23:33:51.0353 6160 circlass - ok
23:33:51.0373 6160 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows
\system32\CLFS.sys
23:33:51.0420 6160 CLFS - ok
23:33:51.0482 6160 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:
\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:33:51.0498 6160 clr_optimization_v2.0.50727_32 - ok
23:33:51.0545 6160 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:
\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:33:51.0576 6160 clr_optimization_v2.0.50727_64 - ok
23:33:51.0638 6160 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:
\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:33:51.0654 6160 clr_optimization_v4.0.30319_32 - ok
23:33:51.0685 6160 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:
\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:33:51.0716 6160 clr_optimization_v4.0.30319_64 - ok
23:33:51.0732 6160 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows
\system32\DRIVERS\CmBatt.sys
23:33:51.0794 6160 CmBatt - ok
23:33:51.0810 6160 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows
\system32\drivers\cmdide.sys
23:33:51.0826 6160 cmdide - ok
23:33:51.0919 6160 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows
\system32\Drivers\cng.sys
23:33:51.0950 6160 CNG - ok
23:33:51.0997 6160 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows
\system32\DRIVERS\compbatt.sys
23:33:51.0997 6160 Compbatt - ok
23:33:52.0028 6160 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows
\system32\DRIVERS\CompositeBus.sys
23:33:52.0075 6160 CompositeBus - ok
23:33:52.0106 6160 COMSysApp - ok
23:33:52.0138 6160 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows
\system32\drivers\crcdisk.sys
23:33:52.0169 6160 crcdisk - ok
23:33:52.0231 6160 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows
\system32\cryptsvc.dll
23:33:52.0325 6160 CryptSvc - ok
23:33:52.0356 6160 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows
\system32\drivers\csc.sys
23:33:52.0434 6160 CSC - ok
23:33:52.0465 6160 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows
\System32\cscsvc.dll
23:33:52.0543 6160 CscService - ok
23:33:52.0684 6160 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows
\system32\DRIVERS\CtClsFlt.sys
23:33:52.0730 6160 CtClsFlt - ok
23:33:52.0777 6160 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows
\system32\DRIVERS\CVirtA64.sys
23:33:52.0840 6160 CVirtA - ok
23:33:52.0902 6160 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files
(x86)\Cisco Systems\VPN Client\cvpnd.exe
23:33:52.0949 6160 CVPND - ok
23:33:52.0996 6160 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows
\system32\Drivers\CVPNDRVA.sys
23:33:53.0058 6160 CVPNDRVA - ok
23:33:53.0105 6160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows
\system32\rpcss.dll
23:33:53.0195 6160 DcomLaunch - ok
23:33:53.0285 6160 [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe C:\ProgramData
\DatacardService\DCService.exe
23:33:53.0328 6160 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
23:33:53.0328 6160 DCService.exe - detected UnsignedFile.Multi.Generic (1)
23:33:53.0384 6160 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows
\System32\defragsvc.dll
23:33:53.0466 6160 defragsvc - ok
23:33:53.0498 6160 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows
\system32\Drivers\dfsc.sys
23:33:53.0576 6160 DfsC - ok
23:33:53.0622 6160 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows
\system32\dhcpcore.dll
23:33:53.0700 6160 Dhcp - ok
23:33:53.0732 6160 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows
\system32\drivers\discache.sys
23:33:53.0810 6160 discache - ok
23:33:53.0903 6160 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows
\system32\drivers\disk.sys
23:33:53.0934 6160 Disk - ok
23:33:53.0966 6160 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows
\system32\drivers\dmvsc.sys
23:33:54.0012 6160 dmvsc - ok
23:33:54.0044 6160 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows
\system32\DRIVERS\dne64x.sys
23:33:54.0044 6160 DNE - ok
23:33:54.0075 6160 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows
\System32\dnsrslvr.dll
23:33:54.0159 6160 Dnscache - ok
23:33:54.0192 6160 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows
\System32\dot3svc.dll
23:33:54.0273 6160 dot3svc - ok
23:33:54.0375 6160 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows
\system32\DRIVERS\Dot4.sys
23:33:54.0409 6160 Dot4 - ok
23:33:54.0503 6160 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows
\system32\DRIVERS\Dot4Prt.sys
23:33:54.0565 6160 Dot4Print - ok
23:33:54.0596 6160 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows
\system32\DRIVERS\dot4usb.sys
23:33:54.0659 6160 dot4usb - ok
23:33:54.0721 6160 [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost C:\Program Files
\DigitalPersona\Bin\DpHostW.exe
23:33:54.0752 6160 DpHost - ok
23:33:54.0784 6160 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows
\system32\dps.dll
23:33:54.0862 6160 DPS - ok
23:33:54.0893 6160 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows
\system32\drivers\drmkaud.sys
23:33:54.0955 6160 drmkaud - ok
23:33:55.0018 6160 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows
\System32\drivers\dxgkrnl.sys
23:33:55.0049 6160 DXGKrnl - ok
23:33:55.0064 6160 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows
\System32\eapsvc.dll
23:33:55.0142 6160 EapHost - ok
23:33:55.0246 6160 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows
\system32\drivers\evbda.sys
23:33:55.0373 6160 ebdrv - ok
23:33:55.0463 6160 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows
\System32\lsass.exe
23:33:55.0494 6160 EFS - ok
23:33:55.0541 6160 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome
\ehRecvr.exe
23:33:55.0666 6160 ehRecvr - ok
23:33:55.0728 6160 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome
\ehsched.exe
23:33:55.0775 6160 ehSched - ok
23:33:55.0853 6160 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows
\system32\drivers\elxstor.sys
23:33:55.0915 6160 elxstor - ok
23:33:56.0071 6160 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program
Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
23:33:56.0102 6160 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
23:33:56.0102 6160 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
23:33:56.0118 6160 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows
\system32\drivers\errdev.sys
23:33:56.0134 6160 ErrDev - ok
23:33:56.0201 6160 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows
\system32\es.dll
23:33:56.0287 6160 EventSystem - ok
23:33:56.0343 6160 [ 23B79B19F49A037EBA4A9A3BB03ED91D ] ewusbnet C:\Windows
\system32\DRIVERS\ewusbnet.sys
23:33:56.0427 6160 ewusbnet - ok
23:33:56.0458 6160 [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev C:\Windows
\system32\DRIVERS\ew_hwusbdev.sys
23:33:56.0505 6160 ew_hwusbdev - ok
23:33:56.0521 6160 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows
\system32\drivers\exfat.sys
23:33:56.0552 6160 exfat - ok
23:33:56.0583 6160 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows
\system32\drivers\fastfat.sys
23:33:56.0661 6160 fastfat - ok
23:33:56.0724 6160 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows
\system32\fxssvc.exe
23:33:56.0833 6160 Fax - ok
23:33:56.0864 6160 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows
\system32\drivers\fdc.sys
23:33:56.0911 6160 fdc - ok
23:33:56.0942 6160 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows
\system32\fdPHost.dll
23:33:56.0973 6160 fdPHost - ok
23:33:56.0989 6160 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows
\system32\fdrespub.dll
23:33:57.0051 6160 FDResPub - ok
23:33:57.0098 6160 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows
\system32\drivers\fileinfo.sys
23:33:57.0098 6160 FileInfo - ok
23:33:57.0114 6160 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows
\system32\drivers\filetrace.sys
23:33:57.0200 6160 Filetrace - ok
23:33:57.0221 6160 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows
\system32\drivers\flpydisk.sys
23:33:57.0232 6160 flpydisk - ok
23:33:57.0254 6160 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows
\system32\drivers\fltmgr.sys
23:33:57.0268 6160 FltMgr - ok
23:33:57.0311 6160 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows
\system32\FntCache.dll
23:33:57.0431 6160 FontCache - ok
23:33:57.0463 6160 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows
\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:33:57.0494 6160 FontCache3.0.0.0 - ok
23:33:57.0509 6160 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows
\system32\drivers\FsDepends.sys
23:33:57.0525 6160 FsDepends - ok
23:33:57.0587 6160 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows
\system32\drivers\Fs_Rec.sys
23:33:57.0603 6160 Fs_Rec - ok
23:33:57.0619 6160 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows
\system32\DRIVERS\fvevol.sys
23:33:57.0634 6160 fvevol - ok
23:33:57.0650 6160 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows
\system32\drivers\gagp30kx.sys
23:33:57.0665 6160 gagp30kx - ok
23:33:57.0697 6160 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows
\System32\gpsvc.dll
23:33:57.0759 6160 gpsvc - ok
23:33:57.0775 6160 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows
\system32\drivers\hcw85cir.sys
23:33:57.0837 6160 hcw85cir - ok
23:33:57.0884 6160 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows
\system32\drivers\HdAudio.sys
23:33:57.0946 6160 HdAudAddService - ok
23:33:57.0977 6160 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows
\system32\DRIVERS\HDAudBus.sys
23:33:58.0024 6160 HDAudBus - ok
23:33:58.0055 6160 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows
\system32\drivers\HidBatt.sys
23:33:58.0102 6160 HidBatt - ok
23:33:58.0133 6160 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows
\system32\drivers\hidbth.sys
23:33:58.0194 6160 HidBth - ok
23:33:58.0224 6160 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows
\system32\drivers\hidir.sys
23:33:58.0236 6160 HidIr - ok
23:33:58.0249 6160 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows
\system32\hidserv.dll
23:33:58.0277 6160 hidserv - ok
23:33:58.0301 6160 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows
\system32\DRIVERS\hidusb.sys
23:33:58.0311 6160 HidUsb - ok
23:33:58.0328 6160 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows
\system32\kmsvc.dll
23:33:58.0383 6160 hkmsvc - ok
23:33:58.0415 6160 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows
\system32\ListSvc.dll
23:33:58.0442 6160 HomeGroupListener - ok
23:33:58.0473 6160 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows
\system32\provsvc.dll
23:33:58.0504 6160 HomeGroupProvider - ok
23:33:58.0520 6160 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows
\system32\drivers\HpSAMD.sys
23:33:58.0535 6160 HpSAMD - ok
23:33:58.0738 6160 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Users\Kersi
\AppData\Local\Temp\7zS6025\hpslpsvc64.dll
23:33:58.0832 6160 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:33:58.0832 6160 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:33:58.0925 6160 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows
\system32\Drivers\ANDROIDUSB.sys
23:33:59.0003 6160 HTCAND64 - ok
23:33:59.0159 6160 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files
(x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
23:33:59.0179 6160 HTCMonitorService - ok
23:33:59.0256 6160 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows
\system32\DRIVERS\htcnprot.sys
23:33:59.0294 6160 htcnprot - ok
23:33:59.0329 6160 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows
\system32\drivers\HTTP.sys
23:33:59.0408 6160 HTTP - ok
23:33:59.0440 6160 [ 08B1A06A55F068A17A51BA26618CF50F ] huawei_enumerator C:\Windows
\system32\DRIVERS\ew_jubusenum.sys
23:33:59.0503 6160 huawei_enumerator - ok
23:33:59.0535 6160 [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard C:\Windows
\system32\DRIVERS\ewusbmdm.sys
23:33:59.0628 6160 hwdatacard - ok
23:33:59.0644 6160 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows
\system32\drivers\hwpolicy.sys
23:33:59.0675 6160 hwpolicy - ok
23:33:59.0722 6160 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows
\system32\DRIVERS\i8042prt.sys
23:33:59.0753 6160 i8042prt - ok
23:33:59.0815 6160 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows
\system32\drivers\iaStor.sys
23:33:59.0862 6160 iaStor - ok
23:33:59.0893 6160 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows
\system32\drivers\iaStorV.sys
23:33:59.0909 6160 iaStorV - ok
23:33:59.0956 6160 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows
\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:34:00.0003 6160 idsvc - ok
23:34:00.0018 6160 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows
\system32\drivers\iirsp.sys
23:34:00.0018 6160 iirsp - ok
23:34:00.0065 6160 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows
\System32\ikeext.dll
23:34:00.0174 6160 IKEEXT - ok
23:34:00.0264 6160 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows
\system32\drivers\RTKVHD64.sys
23:34:00.0331 6160 IntcAzAudAddService - ok
23:34:00.0356 6160 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows
\system32\DRIVERS\IntcDAud.sys
23:34:00.0380 6160 IntcDAud - ok
23:34:00.0399 6160 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows
\system32\drivers\intelide.sys
23:34:00.0407 6160 intelide - ok
23:34:00.0622 6160 [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd C:\Windows
\system32\DRIVERS\igdpmd64.sys
23:34:00.0949 6160 intelkmd - ok
23:34:00.0981 6160 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows
\system32\DRIVERS\intelppm.sys
23:34:01.0027 6160 intelppm - ok
23:34:01.0074 6160 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows
\system32\ipbusenum.dll
23:34:01.0168 6160 IPBusEnum - ok
23:34:01.0199 6160 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows
\system32\DRIVERS\ipfltdrv.sys
23:34:01.0231 6160 IpFilterDriver - ok
23:34:01.0311 6160 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows
\System32\iphlpsvc.dll
23:34:01.0400 6160 iphlpsvc - ok
23:34:01.0418 6160 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows
\system32\drivers\IPMIDrv.sys
23:34:01.0451 6160 IPMIDRV - ok
23:34:01.0457 6160 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows
\system32\drivers\ipnat.sys
23:34:01.0490 6160 IPNAT - ok
23:34:01.0522 6160 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows
\system32\drivers\irenum.sys
23:34:01.0584 6160 IRENUM - ok
23:34:01.0600 6160 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows
\system32\drivers\isapnp.sys
23:34:01.0615 6160 isapnp - ok
23:34:01.0615 6160 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows
\system32\drivers\msiscsi.sys
23:34:01.0631 6160 iScsiPrt - ok
23:34:01.0662 6160 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows
\system32\DRIVERS\kbdclass.sys
23:34:01.0678 6160 kbdclass - ok
23:34:01.0693 6160 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows
\system32\drivers\kbdhid.sys
23:34:01.0756 6160 kbdhid - ok
23:34:01.0787 6160 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows
\system32\lsass.exe
23:34:01.0787 6160 KeyIso - ok
23:34:01.0865 6160 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows
\system32\Drivers\ksecdd.sys
23:34:01.0896 6160 KSecDD - ok
23:34:01.0912 6160 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows
\system32\Drivers\ksecpkg.sys
23:34:01.0927 6160 KSecPkg - ok
23:34:01.0943 6160 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows
\system32\drivers\ksthunk.sys
23:34:02.0005 6160 ksthunk - ok
23:34:02.0052 6160 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows
\system32\msdtckrm.dll
23:34:02.0130 6160 KtmRm - ok
23:34:02.0177 6160 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows
\system32\srvsvc.dll
23:34:02.0259 6160 LanmanServer - ok
23:34:02.0286 6160 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows
\System32\wkssvc.dll
23:34:02.0365 6160 LanmanWorkstation - ok
23:34:02.0405 6160 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows
\system32\DRIVERS\lltdio.sys
23:34:02.0467 6160 lltdio - ok
23:34:02.0510 6160 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows
\System32\lltdsvc.dll
23:34:02.0557 6160 lltdsvc - ok
23:34:02.0588 6160 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows
\System32\lmhsvc.dll
23:34:02.0666 6160 lmhosts - ok
23:34:02.0729 6160 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:34:02.0776 6160 LMS - ok
23:34:02.0822 6160 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows
\system32\drivers\lsi_fc.sys
23:34:02.0854 6160 LSI_FC - ok
23:34:02.0854 6160 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows
\system32\drivers\lsi_sas.sys
23:34:02.0869 6160 LSI_SAS - ok
23:34:02.0869 6160 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows
\system32\drivers\lsi_sas2.sys
23:34:02.0869 6160 LSI_SAS2 - ok
23:34:02.0885 6160 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows
\system32\drivers\lsi_scsi.sys
23:34:02.0900 6160 LSI_SCSI - ok
23:34:02.0916 6160 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows
\system32\drivers\luafv.sys
23:34:02.0994 6160 luafv - ok
23:34:03.0010 6160 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows
\system32\Mcx2Svc.dll
23:34:03.0072 6160 Mcx2Svc - ok
23:34:03.0103 6160 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows
\system32\drivers\megasas.sys
23:34:03.0103 6160 megasas - ok
23:34:03.0119 6160 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows
\system32\drivers\MegaSR.sys
23:34:03.0134 6160 MegaSR - ok
23:34:03.0166 6160 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows
\system32\DRIVERS\HECIx64.sys
23:34:03.0212 6160 MEIx64 - ok
23:34:03.0245 6160 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows
\system32\mmcss.dll
23:34:03.0274 6160 MMCSS - ok
23:34:03.0289 6160 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows
\system32\drivers\modem.sys
23:34:03.0370 6160 Modem - ok
23:34:03.0400 6160 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows
\system32\DRIVERS\monitor.sys
23:34:03.0449 6160 monitor - ok
23:34:03.0478 6160 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows
\system32\DRIVERS\mouclass.sys
23:34:03.0487 6160 mouclass - ok
23:34:03.0501 6160 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows
\system32\DRIVERS\mouhid.sys
23:34:03.0517 6160 mouhid - ok
23:34:03.0532 6160 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows
\system32\drivers\mountmgr.sys
23:34:03.0563 6160 mountmgr - ok
23:34:03.0579 6160 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows
\system32\drivers\mpio.sys
23:34:03.0595 6160 mpio - ok
23:34:03.0626 6160 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows
\system32\drivers\mpsdrv.sys
23:34:03.0673 6160 mpsdrv - ok
23:34:03.0688 6160 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows
\system32\mpssvc.dll
23:34:03.0735 6160 MpsSvc - ok
23:34:03.0735 6160 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows
\system32\drivers\mrxdav.sys
23:34:03.0797 6160 MRxDAV - ok
23:34:03.0844 6160 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows
\system32\DRIVERS\mrxsmb.sys
23:34:03.0922 6160 mrxsmb - ok
23:34:03.0953 6160 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows
\system32\DRIVERS\mrxsmb10.sys
23:34:03.0985 6160 mrxsmb10 - ok
23:34:04.0000 6160 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows
\system32\DRIVERS\mrxsmb20.sys
23:34:04.0000 6160 mrxsmb20 - ok
23:34:04.0031 6160 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows
\system32\drivers\msahci.sys
23:34:04.0063 6160 msahci - ok
23:34:04.0078 6160 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows
\system32\drivers\msdsm.sys
23:34:04.0094 6160 msdsm - ok
23:34:04.0109 6160 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows
\System32\msdtc.exe
23:34:04.0156 6160 MSDTC - ok
23:34:04.0203 6160 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows
\system32\drivers\Msfs.sys
23:34:04.0272 6160 Msfs - ok
23:34:04.0311 6160 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows
\System32\drivers\mshidkmdf.sys
23:34:04.0380 6160 mshidkmdf - ok
23:34:04.0421 6160 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows
\system32\drivers\msisadrv.sys
23:34:04.0429 6160 msisadrv - ok
23:34:04.0461 6160 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows
\system32\iscsiexe.dll
23:34:04.0494 6160 MSiSCSI - ok
23:34:04.0497 6160 msiserver - ok
23:34:04.0524 6160 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows
\system32\drivers\MSKSSRV.sys
23:34:04.0586 6160 MSKSSRV - ok
23:34:04.0617 6160 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows
\system32\drivers\MSPCLOCK.sys
23:34:04.0695 6160 MSPCLOCK - ok
23:34:04.0711 6160 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows
\system32\drivers\MSPQM.sys
23:34:04.0742 6160 MSPQM - ok
23:34:04.0773 6160 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows
\system32\drivers\MsRPC.sys
23:34:04.0789 6160 MsRPC - ok
23:34:04.0805 6160 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows
\system32\DRIVERS\mssmbios.sys
23:34:04.0805 6160 mssmbios - ok
23:34:04.0820 6160 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows
\system32\drivers\MSTEE.sys
23:34:04.0851 6160 MSTEE - ok
23:34:04.0851 6160 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows
\system32\drivers\MTConfig.sys
23:34:04.0867 6160 MTConfig - ok
23:34:04.0883 6160 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows
\system32\Drivers\mup.sys
23:34:04.0898 6160 Mup - ok
23:34:04.0914 6160 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows
\system32\qagentRT.dll
23:34:04.0945 6160 napagent - ok
23:34:04.0976 6160 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows
\system32\DRIVERS\nwifi.sys
23:34:05.0054 6160 NativeWifiP - ok
23:34:05.0195 6160 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files
(x86)\Nero\Update\NASvc.exe
23:34:05.0210 6160 NAUpdate - ok
23:34:05.0305 6160 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows
\system32\drivers\ndis.sys
23:34:05.0341 6160 NDIS - ok
23:34:05.0364 6160 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows
\system32\DRIVERS\ndiscap.sys
23:34:05.0393 6160 NdisCap - ok
23:34:05.0412 6160 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows
\system32\DRIVERS\ndistapi.sys
23:34:05.0440 6160 NdisTapi - ok
23:34:05.0460 6160 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows
\system32\DRIVERS\ndisuio.sys
23:34:05.0516 6160 Ndisuio - ok
23:34:05.0531 6160 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows
\system32\DRIVERS\ndiswan.sys
23:34:05.0609 6160 NdisWan - ok
23:34:05.0656 6160 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows
\system32\drivers\NDProxy.sys
23:34:05.0734 6160 NDProxy - ok
23:34:05.0781 6160 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows
\system32\HPZinw12.dll
23:34:05.0796 6160 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:34:05.0796 6160 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:34:05.0796 6160 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows
\system32\DRIVERS\netbios.sys
23:34:05.0874 6160 NetBIOS - ok
23:34:05.0921 6160 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows
\system32\DRIVERS\netbt.sys
23:34:05.0968 6160 NetBT - ok
23:34:05.0983 6160 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows
\system32\lsass.exe
23:34:05.0999 6160 Netlogon - ok
23:34:06.0030 6160 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows
\System32\netman.dll
23:34:06.0124 6160 Netman - ok
23:34:06.0186 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows
\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0202 6160 NetMsmqActivator - ok
23:34:06.0217 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows
\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0233 6160 NetPipeActivator - ok
23:34:06.0250 6160 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows
\System32\netprofm.dll
23:34:06.0337 6160 netprofm - ok
23:34:06.0438 6160 [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364 C:\Windows
\system32\DRIVERS\netr7364.sys
23:34:06.0479 6160 netr7364 - ok
23:34:06.0486 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows
\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0494 6160 NetTcpActivator - ok
23:34:06.0498 6160 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows
\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0506 6160 NetTcpPortSharing - ok
23:34:06.0549 6160 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows
\system32\DRIVERS\netvsc60.sys
23:34:06.0587 6160 netvsc - ok
23:34:06.0634 6160 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows
\system32\drivers\nfrd960.sys
23:34:06.0665 6160 nfrd960 - ok
23:34:06.0743 6160 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows
\System32\nlasvc.dll
23:34:06.0790 6160 NlaSvc - ok
23:34:06.0868 6160 [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files
(x86)\Common Files\Ahead\Lib\NMIndexingService.exe
23:34:06.0899 6160 NMIndexingService - ok
23:34:06.0915 6160 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows
\system32\drivers\Npfs.sys
23:34:06.0931 6160 Npfs - ok
23:34:06.0962 6160 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows
\system32\nsisvc.dll
23:34:07.0040 6160 nsi - ok
23:34:07.0055 6160 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows
\system32\drivers\nsiproxy.sys
23:34:07.0133 6160 nsiproxy - ok
23:34:07.0227 6160 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows
\system32\drivers\Ntfs.sys
23:34:07.0274 6160 Ntfs - ok
23:34:07.0289 6160 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows
\system32\drivers\Null.sys
23:34:07.0353 6160 Null - ok
23:34:07.0402 6160 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows
\system32\DRIVERS\nusb3hub.sys
23:34:07.0433 6160 nusb3hub - ok
23:34:07.0456 6160 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows
\system32\DRIVERS\nusb3xhc.sys
23:34:07.0526 6160 nusb3xhc - ok
23:34:07.0561 6160 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows
\system32\drivers\nvraid.sys
23:34:07.0561 6160 nvraid - ok
23:34:07.0592 6160 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows
\system32\drivers\nvstor.sys
23:34:07.0623 6160 nvstor - ok
23:34:07.0639 6160 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows
\system32\drivers\nv_agp.sys
23:34:07.0639 6160 nv_agp - ok
23:34:07.0655 6160 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows
\system32\drivers\ohci1394.sys
23:34:07.0701 6160 ohci1394 - ok
23:34:07.0811 6160 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files
(x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:34:07.0842 6160 ose - ok
23:34:07.0935 6160 [ DAF5D6B1696D42140839CD557336EFC8 ] OXSDIDRV_x64 C:\Windows
\system32\DRIVERS\OXSDIDRV_x64.sys
23:34:07.0998 6160 OXSDIDRV_x64 - ok
23:34:08.0029 6160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows
\system32\pnrpsvc.dll
23:34:08.0107 6160 p2pimsvc - ok
23:34:08.0138 6160 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows
\system32\p2psvc.dll
23:34:08.0154 6160 p2psvc - ok
23:34:08.0169 6160 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows
\system32\drivers\parport.sys
23:34:08.0201 6160 Parport - ok
23:34:08.0263 6160 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows
\system32\drivers\partmgr.sys
23:34:08.0279 6160 partmgr - ok
23:34:08.0362 6160 [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files
(x86)\HTC\Internet Pass-Through\PassThruSvr.exe
23:34:08.0373 6160 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
23:34:08.0374 6160 PassThru Service - detected UnsignedFile.Multi.Generic (1)
23:34:08.0395 6160 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows
\System32\pcasvc.dll
23:34:08.0468 6160 PcaSvc - ok
23:34:08.0524 6160 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows
\system32\drivers\pci.sys
23:34:08.0545 6160 pci - ok
23:34:08.0564 6160 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows
\system32\drivers\pciide.sys
23:34:08.0566 6160 pciide - ok
23:34:08.0582 6160 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows
\system32\drivers\pcmcia.sys
23:34:08.0597 6160 pcmcia - ok
23:34:08.0613 6160 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows
\system32\drivers\pcw.sys
23:34:08.0613 6160 pcw - ok
23:34:08.0644 6160 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows
\system32\drivers\peauth.sys
23:34:08.0753 6160 PEAUTH - ok
23:34:08.0816 6160 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows
\system32\peerdistsvc.dll
23:34:08.0941 6160 PeerDistSvc - ok
23:34:09.0034 6160 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows
\SysWow64\perfhost.exe
23:34:09.0081 6160 PerfHost - ok
23:34:09.0175 6160 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows
\system32\pla.dll
23:34:09.0268 6160 pla - ok
23:34:09.0345 6160 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows
\system32\umpnpmgr.dll
23:34:09.0432 6160 PlugPlay - ok
23:34:09.0477 6160 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows
\system32\HPZipm12.dll
23:34:09.0515 6160 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:34:09.0515 6160 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:34:09.0543 6160 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows
\system32\pnrpauto.dll
23:34:09.0591 6160 PNRPAutoReg - ok
23:34:09.0669 6160 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows
\system32\pnrpsvc.dll
23:34:09.0685 6160 PNRPsvc - ok
23:34:09.0700 6160 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows
\System32\ipsecsvc.dll
23:34:09.0778 6160 PolicyAgent - ok
23:34:09.0810 6160 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows
\system32\umpo.dll
23:34:09.0888 6160 Power - ok
23:34:09.0919 6160 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows
\system32\DRIVERS\raspptp.sys
23:34:09.0981 6160 PptpMiniport - ok
23:34:10.0012 6160 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows
\system32\drivers\processr.sys
23:34:10.0059 6160 Processor - ok
23:34:10.0122 6160 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows
\system32\profsvc.dll
23:34:10.0215 6160 ProfSvc - ok
23:34:10.0215 6160 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows
\system32\lsass.exe
23:34:10.0231 6160 ProtectedStorage - ok
23:34:10.0262 6160 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows
\system32\DRIVERS\pacer.sys
23:34:10.0329 6160 Psched - ok
23:34:10.0392 6160 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows
\system32\DRIVERS\psi_mf.sys
23:34:10.0424 6160 PSI - ok
23:34:10.0464 6160 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows
\system32\Drivers\PxHlpa64.sys
23:34:10.0512 6160 PxHlpa64 - ok
23:34:10.0581 6160 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows
\system32\drivers\ql2300.sys
23:34:10.0643 6160 ql2300 - ok
23:34:10.0659 6160 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows
\system32\drivers\ql40xx.sys
23:34:10.0659 6160 ql40xx - ok
23:34:10.0706 6160 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows
\system32\qwave.dll
23:34:10.0768 6160 QWAVE - ok
23:34:10.0784 6160 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows
\system32\drivers\qwavedrv.sys
23:34:10.0830 6160 QWAVEdrv - ok
23:34:10.0830 6160 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows
\system32\DRIVERS\rasacd.sys
23:34:10.0862 6160 RasAcd - ok
23:34:10.0893 6160 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows
\system32\DRIVERS\AgileVpn.sys
23:34:10.0940 6160 RasAgileVpn - ok
23:34:10.0955 6160 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows
\System32\rasauto.dll
23:34:11.0002 6160 RasAuto - ok
23:34:11.0033 6160 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows
\system32\DRIVERS\rasl2tp.sys
23:34:11.0080 6160 Rasl2tp - ok
23:34:11.0127 6160 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows
\System32\rasmans.dll
23:34:11.0205 6160 RasMan - ok
23:34:11.0205 6160 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows
\system32\DRIVERS\raspppoe.sys
23:34:11.0283 6160 RasPppoe - ok
23:34:11.0314 6160 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows
\system32\DRIVERS\rassstp.sys
23:34:11.0403 6160 RasSstp - ok
23:34:11.0434 6160 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows
\system32\DRIVERS\rdbss.sys
23:34:11.0468 6160 rdbss - ok
23:34:11.0477 6160 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows
\system32\DRIVERS\rdpbus.sys
23:34:11.0490 6160 rdpbus - ok
23:34:11.0517 6160 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows
\system32\DRIVERS\RDPCDD.sys
23:34:11.0545 6160 RDPCDD - ok
23:34:11.0576 6160 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows
\system32\drivers\rdpdr.sys
23:34:11.0601 6160 RDPDR - ok
23:34:11.0616 6160 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows
\system32\drivers\rdpencdd.sys
23:34:11.0682 6160 RDPENCDD - ok
23:34:11.0713 6160 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows
\system32\drivers\rdprefmp.sys
23:34:11.0744 6160 RDPREFMP - ok
23:34:11.0806 6160 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows
\system32\drivers\RDPWD.sys
23:34:11.0884 6160 RDPWD - ok
23:34:11.0900 6160 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows
\system32\drivers\rdyboost.sys
23:34:11.0916 6160 rdyboost - ok
23:34:11.0947 6160 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows
\System32\mprdim.dll
23:34:11.0994 6160 RemoteAccess - ok
23:34:12.0025 6160 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows
\system32\regsvc.dll
23:34:12.0103 6160 RemoteRegistry - ok
23:34:12.0150 6160 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows
\system32\DRIVERS\rfcomm.sys
23:34:12.0212 6160 RFCOMM - ok
23:34:12.0337 6160 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files
(x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:34:12.0408 6160 RoxMediaDB12OEM - ok
23:34:12.0438 6160 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files
(x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:34:12.0493 6160 RoxWatch12 - ok
23:34:12.0516 6160 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows
\System32\RpcEpMap.dll
23:34:12.0597 6160 RpcEptMapper - ok
23:34:12.0626 6160 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows
\system32\locator.exe
23:34:12.0689 6160 RpcLocator - ok
23:34:12.0720 6160 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows
\system32\rpcss.dll
23:34:12.0767 6160 RpcSs - ok
23:34:12.0798 6160 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows
\system32\DRIVERS\rspndr.sys
23:34:12.0814 6160 rspndr - ok
23:34:12.0860 6160 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows
\system32\Drivers\RtsUStor.sys
23:34:12.0907 6160 RSUSBSTOR - ok
23:34:12.0938 6160 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows
\system32\DRIVERS\Rt64win7.sys
23:34:12.0985 6160 RTL8167 - ok
23:34:13.0016 6160 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows
\system32\drivers\vms3cap.sys
23:34:13.0063 6160 s3cap - ok
23:34:13.0094 6160 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows
\system32\lsass.exe
23:34:13.0094 6160 SamSs - ok
23:34:13.0110 6160 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows
\system32\drivers\sbp2port.sys
23:34:13.0126 6160 sbp2port - ok
23:34:13.0141 6160 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows
\System32\SCardSvr.dll
23:34:13.0219 6160 SCardSvr - ok
23:34:13.0250 6160 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows
\system32\DRIVERS\scfilter.sys
23:34:13.0647 6160 scfilter - ok
23:34:13.0710 6160 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows
\system32\schedsvc.dll
23:34:13.0834 6160 Schedule - ok
23:34:13.0881 6160 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows
\System32\certprop.dll
23:34:13.0928 6160 SCPolicySvc - ok
23:34:13.0944 6160 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows
\System32\SDRSVC.dll
23:34:13.0959 6160 SDRSVC - ok
23:34:13.0990 6160 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows
\system32\drivers\secdrv.sys
23:34:14.0068 6160 secdrv - ok
23:34:14.0100 6160 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows
\system32\seclogon.dll
23:34:14.0131 6160 seclogon - ok
23:34:14.0193 6160 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files
(x86)\Secunia\PSI\PSIA.exe
23:34:14.0271 6160 Secunia PSI Agent - ok
23:34:14.0271 6160 [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files
(x86)\Secunia\PSI\sua.exe
23:34:14.0302 6160 Secunia Update Agent - ok
23:34:14.0334 6160 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows
\System32\sens.dll
23:34:14.0409 6160 SENS - ok
23:34:14.0436 6160 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows
\system32\sensrsvc.dll
23:34:14.0494 6160 SensrSvc - ok
23:34:14.0519 6160 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows
\system32\drivers\serenum.sys
23:34:14.0570 6160 Serenum - ok
23:34:14.0612 6160 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows
\system32\drivers\serial.sys
23:34:14.0655 6160 Serial - ok
23:34:14.0687 6160 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows
\system32\drivers\sermouse.sys
23:34:14.0749 6160 sermouse - ok
23:34:14.0796 6160 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows
\system32\sessenv.dll
23:34:14.0874 6160 SessionEnv - ok
23:34:14.0874 6160 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows
\system32\drivers\sffdisk.sys
23:34:14.0889 6160 sffdisk - ok
23:34:14.0889 6160 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows
\system32\drivers\sffp_mmc.sys
23:34:14.0905 6160 sffp_mmc - ok
23:34:14.0952 6160 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows
\system32\drivers\sffp_sd.sys
23:34:15.0014 6160 sffp_sd - ok
23:34:15.0014 6160 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows
\system32\drivers\sfloppy.sys
23:34:15.0030 6160 sfloppy - ok
23:34:15.0077 6160 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows
\System32\ipnathlp.dll
23:34:15.0170 6160 SharedAccess - ok
23:34:15.0201 6160 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows
\System32\shsvcs.dll
23:34:15.0248 6160 ShellHWDetection - ok
23:34:15.0264 6160 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows
\system32\drivers\SiSRaid2.sys
23:34:15.0264 6160 SiSRaid2 - ok
23:34:15.0279 6160 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows
\system32\drivers\sisraid4.sys
23:34:15.0295 6160 SiSRaid4 - ok
23:34:15.0382 6160 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files
(x86)\Skype\Updater\Updater.exe
23:34:15.0397 6160 SkypeUpdate - ok
23:34:15.0428 6160 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows
\system32\DRIVERS\smb.sys
23:34:15.0458 6160 Smb - ok
23:34:15.0486 6160 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows
\System32\snmptrap.exe
23:34:15.0531 6160 SNMPTRAP - ok
23:34:15.0561 6160 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows
\system32\drivers\spldr.sys
23:34:15.0589 6160 spldr - ok
23:34:15.0677 6160 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows
\System32\spoolsv.exe
23:34:15.0724 6160 Spooler - ok
23:34:15.0802 6160 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows
\system32\sppsvc.exe
23:34:15.0958 6160 sppsvc - ok
23:34:15.0974 6160 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows
\system32\sppuinotify.dll
23:34:16.0005 6160 sppuinotify - ok
23:34:16.0036 6160 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows
\system32\DRIVERS\srv.sys
23:34:16.0114 6160 srv - ok
23:34:16.0145 6160 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows
\system32\DRIVERS\srv2.sys
23:34:16.0192 6160 srv2 - ok
23:34:16.0223 6160 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows
\system32\DRIVERS\srvnet.sys
23:34:16.0239 6160 srvnet - ok
23:34:16.0270 6160 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows
\System32\ssdpsrv.dll
23:34:16.0332 6160 SSDPSRV - ok
23:34:16.0332 6160 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows
\system32\sstpsvc.dll
23:34:16.0364 6160 SstpSvc - ok
23:34:16.0401 6160 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows
\system32\DRIVERS\stdcfltn.sys
23:34:16.0430 6160 stdcfltn - ok
23:34:16.0465 6160 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows
\system32\drivers\stexstor.sys
23:34:16.0475 6160 stexstor - ok
23:34:16.0508 6160 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows
\System32\wiaservc.dll
23:34:16.0562 6160 stisvc - ok
23:34:16.0616 6160 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files
(x86)\Common Files\SureThing Shared\stllssvr.exe
23:34:16.0642 6160 stllssvr - ok
23:34:16.0670 6160 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows
\system32\storsvc.dll
23:34:16.0732 6160 StorSvc - ok
23:34:16.0779 6160 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows
\system32\drivers\storvsc.sys
23:34:16.0795 6160 storvsc - ok
23:34:16.0810 6160 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows
\system32\DRIVERS\swenum.sys
23:34:16.0810 6160 swenum - ok
23:34:16.0826 6160 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows
\System32\swprv.dll
23:34:16.0873 6160 swprv - ok
23:34:16.0888 6160 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows
\system32\DRIVERS\VMBusVideoM.sys
23:34:16.0935 6160 SynthVid - ok
23:34:17.0029 6160 [ BCD5B4AB94DA436F083FCD0C636D00F3 ] SynTP C:\Windows
\system32\DRIVERS\SynTP.sys
23:34:17.0075 6160 SynTP - ok
23:34:17.0107 6160 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows
\system32\sysmain.dll
23:34:17.0200 6160 SysMain - ok
23:34:17.0231 6160 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows
\System32\TabSvc.dll
23:34:17.0247 6160 TabletInputService - ok
23:34:17.0263 6160 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows
\System32\tapisrv.dll
23:34:17.0341 6160 TapiSrv - ok
23:34:17.0372 6160 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows
\System32\tbssvc.dll
23:34:17.0402 6160 TBS - ok
23:34:17.0497 6160 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows
\system32\drivers\tcpip.sys
23:34:17.0555 6160 Tcpip - ok
23:34:17.0598 6160 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows
\system32\DRIVERS\tcpip.sys
23:34:17.0631 6160 TCPIP6 - ok
23:34:17.0690 6160 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows
\system32\drivers\tcpipreg.sys
23:34:17.0721 6160 tcpipreg - ok
23:34:17.0736 6160 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows
\system32\drivers\tdpipe.sys
23:34:17.0814 6160 TDPIPE - ok
23:34:17.0877 6160 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows
\system32\drivers\tdtcp.sys
23:34:17.0908 6160 TDTCP - ok
23:34:17.0955 6160 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows
\system32\DRIVERS\tdx.sys
23:34:18.0002 6160 tdx - ok
23:34:18.0017 6160 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows
\system32\DRIVERS\termdd.sys
23:34:18.0017 6160 TermDD - ok
23:34:18.0048 6160 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows
\System32\termsrv.dll
23:34:18.0111 6160 TermService - ok
23:34:18.0142 6160 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows
\system32\themeservice.dll
23:34:18.0158 6160 Themes - ok
23:34:18.0173 6160 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows
\system32\mmcss.dll
23:34:18.0204 6160 THREADORDER - ok
23:34:18.0204 6160 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows
\System32\trkwks.dll
23:34:18.0267 6160 TrkWks - ok
23:34:18.0314 6160 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows
\servicing\TrustedInstaller.exe
23:34:18.0376 6160 TrustedInstaller - ok
23:34:18.0376 6160 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows
\system32\DRIVERS\tssecsrv.sys
23:34:18.0454 6160 tssecsrv - ok
23:34:18.0476 6160 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows
\system32\drivers\tsusbflt.sys
23:34:18.0504 6160 TsUsbFlt - ok
23:34:18.0529 6160 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows
\system32\drivers\TsUsbGD.sys
23:34:18.0540 6160 TsUsbGD - ok
23:34:18.0576 6160 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows
\system32\DRIVERS\tunnel.sys
23:34:18.0651 6160 tunnel - ok
23:34:18.0701 6160 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows
\system32\DRIVERS\TurboB.sys
23:34:18.0763 6160 TurboB - ok
23:34:18.0810 6160 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files
\Intel\TurboBoost\TurboBoost.exe
23:34:18.0826 6160 TurboBoost - ok
23:34:18.0857 6160 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows
\system32\drivers\uagp35.sys
23:34:18.0888 6160 uagp35 - ok
23:34:18.0904 6160 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows
\system32\DRIVERS\udfs.sys
23:34:18.0982 6160 udfs - ok
23:34:19.0028 6160 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows
\system32\UI0Detect.exe
23:34:19.0075 6160 UI0Detect - ok
23:34:19.0106 6160 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows
\system32\drivers\uliagpkx.sys
23:34:19.0138 6160 uliagpkx - ok
23:34:19.0138 6160 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows
\system32\DRIVERS\umbus.sys
23:34:19.0184 6160 umbus - ok
23:34:19.0184 6160 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows
\system32\drivers\umpass.sys
23:34:19.0200 6160 UmPass - ok
23:34:19.0247 6160 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows
\System32\umrdp.dll
23:34:19.0294 6160 UmRdpService - ok
23:34:19.0418 6160 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files
(x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:34:19.0517 6160 UNS - ok
23:34:19.0530 6160 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows
\System32\upnphost.dll
23:34:19.0595 6160 upnphost - ok
23:34:19.0654 6160 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows
\system32\DRIVERS\usbccgp.sys
23:34:19.0720 6160 usbccgp - ok
23:34:19.0751 6160 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows
\system32\drivers\usbcir.sys
23:34:19.0798 6160 usbcir - ok
23:34:19.0814 6160 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows
\system32\drivers\usbehci.sys
23:34:19.0861 6160 usbehci - ok
23:34:19.0923 6160 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows
\system32\DRIVERS\usbhub.sys
23:34:19.0985 6160 usbhub - ok
23:34:20.0017 6160 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows
\system32\drivers\usbohci.sys
23:34:20.0063 6160 usbohci - ok
23:34:20.0110 6160 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows
\system32\DRIVERS\usbprint.sys
23:34:20.0173 6160 usbprint - ok
23:34:20.0266 6160 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows
\system32\DRIVERS\usbscan.sys
23:34:20.0297 6160 usbscan - ok
23:34:20.0313 6160 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows
\system32\DRIVERS\USBSTOR.SYS
23:34:20.0391 6160 USBSTOR - ok
23:34:20.0407 6160 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows
\system32\drivers\usbuhci.sys
23:34:20.0438 6160 usbuhci - ok
23:34:20.0505 6160 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows
\system32\Drivers\usbvideo.sys
23:34:20.0569 6160 usbvideo - ok
23:34:20.0603 6160 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows
\System32\uxsms.dll
23:34:20.0668 6160 UxSms - ok
23:34:20.0698 6160 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows
\system32\lsass.exe
23:34:20.0708 6160 VaultSvc - ok
23:34:20.0794 6160 [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService C:\Windows
\system32\vcsFPService.exe
23:34:20.0856 6160 vcsFPService - ok
23:34:20.0872 6160 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows
\system32\drivers\vdrvroot.sys
23:34:20.0887 6160 vdrvroot - ok
23:34:20.0903 6160 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows
\System32\vds.exe
23:34:20.0997 6160 vds - ok
23:34:21.0028 6160 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows
\system32\DRIVERS\vgapnp.sys
23:34:21.0043 6160 vga - ok
23:34:21.0059 6160 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows
\System32\drivers\vga.sys
23:34:21.0153 6160 VgaSave - ok
23:34:21.0184 6160 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows
\system32\drivers\vhdmp.sys
23:34:21.0199 6160 vhdmp - ok
23:34:21.0199 6160 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows
\system32\drivers\viaide.sys
23:34:21.0199 6160 viaide - ok
23:34:21.0246 6160 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows
\system32\drivers\VMBusHID.sys
23:34:21.0293 6160 VMBusHID - ok
23:34:21.0324 6160 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows
\system32\drivers\volmgr.sys
23:34:21.0355 6160 volmgr - ok
23:34:21.0371 6160 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows
\system32\drivers\volmgrx.sys
23:34:21.0387 6160 volmgrx - ok
23:34:21.0449 6160 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows
\system32\drivers\volsnap.sys
23:34:21.0470 6160 volsnap - ok
23:34:21.0497 6160 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows
\system32\drivers\vsmraid.sys
23:34:21.0508 6160 vsmraid - ok
23:34:21.0550 6160 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows
\system32\vssvc.exe
23:34:21.0654 6160 VSS - ok
23:34:21.0679 6160 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows
\system32\DRIVERS\vwifibus.sys
23:34:21.0731 6160 vwifibus - ok
23:34:21.0765 6160 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows
\system32\DRIVERS\vwififlt.sys
23:34:21.0827 6160 vwififlt - ok
23:34:21.0874 6160 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows
\system32\DRIVERS\vwifimp.sys
23:34:21.0952 6160 vwifimp - ok
23:34:21.0983 6160 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows
\system32\w32time.dll
23:34:22.0061 6160 W32Time - ok
23:34:22.0061 6160 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows
\system32\drivers\wacompen.sys
23:34:22.0093 6160 WacomPen - ok
23:34:22.0139 6160 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows
\system32\DRIVERS\wanarp.sys
23:34:22.0217 6160 WANARP - ok
23:34:22.0217 6160 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows
\system32\DRIVERS\wanarp.sys
23:34:22.0233 6160 Wanarpv6 - ok
23:34:22.0311 6160 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows
\system32\wbengine.exe
23:34:22.0373 6160 wbengine - ok
23:34:22.0389 6160 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows
\System32\wbiosrvc.dll
23:34:22.0405 6160 WbioSrvc - ok
23:34:22.0436 6160 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows
\System32\wcncsvc.dll
23:34:22.0497 6160 wcncsvc - ok
23:34:22.0521 6160 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows
\System32\WcsPlugInService.dll
23:34:22.0585 6160 WcsPlugInService - ok
23:34:22.0601 6160 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows
\system32\drivers\wd.sys
23:34:22.0611 6160 Wd - ok
23:34:22.0698 6160 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows
\system32\drivers\Wdf01000.sys
23:34:22.0730 6160 Wdf01000 - ok
23:34:22.0741 6160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows
\system32\wdi.dll
23:34:22.0866 6160 WdiServiceHost - ok
23:34:22.0881 6160 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows
\system32\wdi.dll
23:34:22.0897 6160 WdiSystemHost - ok
23:34:22.0913 6160 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows
\System32\webclnt.dll
23:34:22.0975 6160 WebClient - ok
23:34:22.0991 6160 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows
\system32\wecsvc.dll
23:34:23.0037 6160 Wecsvc - ok
23:34:23.0069 6160 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows
\System32\wercplsupport.dll
23:34:23.0131 6160 wercplsupport - ok
23:34:23.0178 6160 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows
\System32\WerSvc.dll
23:34:23.0225 6160 WerSvc - ok
23:34:23.0240 6160 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows
\system32\DRIVERS\wfplwf.sys
23:34:23.0271 6160 WfpLwf - ok
23:34:23.0287 6160 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows
\system32\drivers\wimmount.sys
23:34:23.0287 6160 WIMMount - ok
23:34:23.0303 6160 WinDefend - ok
23:34:23.0318 6160 WinHttpAutoProxySvc - ok
23:34:23.0365 6160 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows
\system32\wbem\WMIsvc.dll
23:34:23.0427 6160 Winmgmt - ok
23:34:23.0474 6160 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows
\system32\WsmSvc.dll
23:34:23.0572 6160 WinRM - ok
23:34:23.0610 6160 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows
\system32\DRIVERS\WinUSB.sys
23:34:23.0661 6160 WinUSB - ok
23:34:23.0684 6160 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows
\System32\wlansvc.dll
23:34:23.0745 6160 Wlansvc - ok
23:34:23.0811 6160 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files
\Windows Live\Mesh\wlcrasvc.exe
23:34:23.0842 6160 wlcrasvc - ok
23:34:23.0967 6160 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files
\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:34:24.0013 6160 wlidsvc - ok
23:34:24.0045 6160 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows
\system32\DRIVERS\wmiacpi.sys
23:34:24.0107 6160 WmiAcpi - ok
23:34:24.0154 6160 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows
\system32\wbem\WmiApSrv.exe
23:34:24.0185 6160 wmiApSrv - ok
23:34:24.0216 6160 WMPNetworkSvc - ok
23:34:24.0247 6160 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows
\System32\wpcsvc.dll
23:34:24.0279 6160 WPCSvc - ok
23:34:24.0294 6160 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows
\system32\wpdbusenum.dll
23:34:24.0310 6160 WPDBusEnum - ok
23:34:24.0325 6160 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows
\system32\drivers\ws2ifsl.sys
23:34:24.0341 6160 ws2ifsl - ok
23:34:24.0357 6160 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows
\System32\wscsvc.dll
23:34:24.0419 6160 wscsvc - ok
23:34:24.0466 6160 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows
\system32\DRIVERS\WSDPrint.sys
23:34:24.0513 6160 WSDPrintDevice - ok
23:34:24.0575 6160 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows
\system32\DRIVERS\WSDScan.sys
23:34:24.0606 6160 WSDScan - ok
23:34:24.0622 6160 WSearch - ok
23:34:24.0747 6160 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows
\system32\wuaueng.dll
23:34:24.0825 6160 wuauserv - ok
23:34:24.0887 6160 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows
\system32\drivers\WudfPf.sys
23:34:24.0965 6160 WudfPf - ok
23:34:25.0012 6160 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows
\system32\DRIVERS\WUDFRd.sys
23:34:25.0074 6160 WUDFRd - ok
23:34:25.0121 6160 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows
\System32\WUDFSvc.dll
23:34:25.0152 6160 wudfsvc - ok
23:34:25.0183 6160 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows
\System32\wwansvc.dll
23:34:25.0261 6160 WwanSvc - ok
23:34:25.0324 6160 ================ Scan global ===============================
23:34:25.0355 6160 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:34:25.0433 6160 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:34:25.0449 6160 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:34:25.0464 6160 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:34:25.0480 6160 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:34:25.0495 6160 [Global] - ok
23:34:25.0495 6160 ================ Scan MBR ==================================
23:34:25.0495 6160 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:34:25.0840 6160 \Device\Harddisk0\DR0 - ok
23:34:26.0168 6160 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:34:26.0293 6160 \Device\Harddisk1\DR1 - ok
23:34:26.0293 6160 ================ Scan VBR ==================================
23:34:26.0324 6160 [ 2138501B28259826A55D66BFB8E7DA6E ] \Device\Harddisk0\DR0\Partition1
23:34:26.0340 6160 \Device\Harddisk0\DR0\Partition1 - ok
23:34:26.0355 6160 [ E4A3D06F99E279D0E8B6D7A4FDCBC53D ] \Device\Harddisk0\DR0\Partition2
23:34:26.0355 6160 \Device\Harddisk0\DR0\Partition2 - ok
23:34:26.0386 6160 [ 1FE9AD2C9FAF0B103E9111E53D3B150B ] \Device\Harddisk1\DR1\Partition1
23:34:26.0386 6160 \Device\Harddisk1\DR1\Partition1 - ok
23:34:26.0386 6160 ============================================================
23:34:26.0386 6160 Scan finished
23:34:26.0386 6160 ============================================================
23:34:26.0418 7084 Detected object count: 7
23:34:26.0418 7084 Actual detected object count: 7
23:36:37.0804 7084 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by
user
23:36:37.0804 7084 Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select
action: Skip
23:36:37.0804 7084 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:36:37.0804 7084 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select
action: Skip
23:36:37.0804 7084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:36:37.0804 7084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:36:37.0804 7084 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:36:37.0804 7084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
07.02.2013, 00:30
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java Deinstallation Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 12:09
| #9 |
| | Java Viren seit Java Deinstallation oje, irgendwas stimmt nicht  hab combofix durchlaufrn lassen. Avira hatte ich gedacht komplett deaktiviert zu haben, aber es kamen währenddessen Fehlermeldungen von avira, dass der registry blocked worden wäre... Am Ende hat cf nen Neustart durchgeführt und seit Windows wieser hocjgefahren ist öffnet und schließt sich sich im milisekundentakt die cf-console was soll ich tun?In einer Stunde muss ich aus dem Haus, was soll ich mit dem Laptop machen?? |
|
07.02.2013, 12:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java Deinstallation Warte noch etwas ab
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 12:59
| #11 |
| | Java Viren seit Java Deinstallation Kann ich den Laptop an lassen, solange ich aus dem Haus bin? Komme in 2 1/2h wieder... |
|
07.02.2013, 13:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java Deinstallation Ja, dann lass ihn einfach an Sorge aber dafür, dass niemand da rangeht und draufrum tippert!!!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 16:12
| #13 |
| | Java Viren seit Java Deinstallation Combofix öffnet und schließt sich immer noch das ist nicht normal, oder? |
|
07.02.2013, 16:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Java Viren seit Java Deinstallation Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.02.2013, 16:21
| #15 |
| | Java Viren seit Java Deinstallation Nach dem Neustart hat es wieder angefangen sich zu öffnen und zu schließen. Kann ich den Prozess irgendwie stoppen? Oder soll ich es radikal über die Systemsteuerung versuchen, das Programm zu deinstallieren? Wenn.sich n.neues Fenster von cf öffnet,kann ich währenddessen halt.nichts anderes drücken. (bei den Programmen in der Systemsteuerung ist es nicht zu finden), soll ich die .exe vom Desktop löschen? |
|
| Themen zu Java Viren seit Java Deinstallation |
| antivir, autorun, avira, bho, clipgrab, dell computer, desktop, error, excel, failed, firefox, flash player, format, igdpmd64.sys, install.exe, internet, javavirus, logfile, panda usb vaccine, plug-in, realtek, registry, rundll, scan, secunia psi, security, server, software, svchost.exe, usb, viren, windows, wscript.exe, zeitlupe |
Linear-Darstellung
