| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Browser hat immer script akamaihd.net, Google Suche wird umgeleitetWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.02.2013, 16:44
| #1 |
 |  Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Hallo Liebes Trojaner-Board Team, ich habe leider seit einigen Tagen akamaihd.net in meinem Browser (Chrome) und das mittlerweile durch NotScript geblockt. Gestern habe ich den dummen Fehler gemacht ein angebliche APP für Chrome HD runterzuladen, habe einfach nicht nachgedacht und nachdem sich das ganze dann installiert hatte, hatte ich auch den Salat. Die Google suche wurde umgeleitet und ich habe Malewarebytes drüber laufen lassen, der auch etwas gefunden hat. Habe das dann damit gelöscht und gehofft, dass es weg ist. Die Suche wird zwar nicht mehr umgeleitet, aber ich denke, dass ich noch etwas im System habe und da ich sowieso dieses akamaihd.net Problem habe, melde ich mich. Es wäre sehr nett wenn Ihr mir helfen würdet, aus diesem leider selbstverschuldeten Schlamassel wieder wieder herauszukommen. Vielen Dank schonmal im voraus. Gruß, Doderan |
|
10.02.2013, 18:15
| #2 |
| /// Malware-holic   | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
10.02.2013, 18:55
| #3 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet OTLOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.02.2013 18:32:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,31% Memory free 8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 52,63 Gb Total Space | 20,81 Gb Free Space | 39,53% Space Free | Partition Type: NTFS Drive D: | 180,25 Gb Total Space | 75,66 Gb Free Space | 41,97% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive H: | 465,76 Gb Total Space | 75,14 Gb Free Space | 16,13% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.10 18:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.06.23 10:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.22 16:31:31 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.10 11:37:07 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.07.19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.06.23 10:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.07.08 13:31:00 | 000,035,840 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64) DRV:64bit: - [2009.12.21 11:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.02.09 16:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:64bit: - [2009.02.09 16:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:64bit: - [2009.02.09 16:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:64bit: - [2008.05.15 02:28:50 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 8A 59 8B C1 06 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=749 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=7d6f3dad00000000000000ffdb1beaa7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 11:37:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 11:37:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.28 11:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2013.02.08 20:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.02.08 20:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: Google Docs = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Movie2kDownloader = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\ CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\ CHR - Extension: Grooveshark Germany unlocker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig CHR - Extension: NotScripts for Chrome OS = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggelcmlddhfancdnejmjpjifkdohobkd\0.9.6.2_0\ CHR - Extension: Evernote Web = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\ CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23291BF4-AED3-4951-9A4C-B7B597AF8317}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4502F8-C28A-41B2-B55A-A69637EE40E2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.26 19:33:30 | 001,851,934 | ---- | M] () - H:\autosave.save_multiplayer -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk - C:\PROGRA~2\NETGEAR\WNDA3200\WNDA32~1.EXE - (NETGEAR) MsConfig:64bit - StartUpFolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.10 18:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013.02.09 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\DStipendium [2013.02.09 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.02.09 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2013.02.09 13:37:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.09 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.09 13:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.09 13:37:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs [2013.02.09 13:31:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.08 20:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.02.08 20:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.02.08 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.08 20:25:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Babylon [2013.02.08 20:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.02.08 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com [2013.02.08 20:24:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com [2013.02.08 20:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com [2013.01.28 19:39:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.01.28 19:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.28 19:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.10 18:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013.02.10 18:10:17 | 000,001,051 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.10 17:49:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job [2013.02.10 13:58:41 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job [2013.02.10 13:27:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.10 13:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.10 13:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.10 13:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.10 13:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.10 12:31:59 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 12:31:59 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.10 12:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.10 12:15:42 | 3219,976,192 | -HS- | M] () -- C:\hiberfil.sys [2013.02.09 13:39:56 | 000,002,374 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk [2013.02.04 22:47:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.31 14:36:59 | 000,058,708 | ---- | M] () -- C:\Users\Daniel\Desktop\Aktuell_steuer_checkliste.pdf [2 C:\*.tmp files -> C:\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.10 18:10:17 | 000,001,051 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.09 13:39:56 | 000,002,374 | ---- | C] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk [2013.02.09 13:39:05 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job [2013.02.09 13:39:03 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job [2013.02.04 22:47:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.01.31 14:28:08 | 000,058,708 | ---- | C] () -- C:\Users\Daniel\Desktop\Aktuell_steuer_checkliste.pdf [2013.01.29 15:49:47 | 735,834,112 | ---- | C] () -- C:\Users\Daniel\Desktop\Wall-E.avi [2012.08.28 10:40:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.08 20:25:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Babylon [2013.02.10 18:20:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox [2012.08.28 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly [2012.08.28 11:10:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2012.12.14 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client [2012.09.01 21:16:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tunngle ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.27 13:18:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.08.28 11:36:02 | 000,000,000 | -HSD | M] -- C:\Boot [2012.11.11 11:45:49 | 000,000,000 | ---D | M] -- C:\cygwin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.01 20:32:08 | 000,000,000 | ---D | M] -- C:\IExp0.tmp [2012.09.01 20:32:15 | 000,000,000 | ---D | M] -- C:\IExp1.tmp [2012.10.25 17:55:39 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.13 22:09:50 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.09 13:37:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.09 14:05:49 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.10 18:33:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.07 17:04:27 | 000,000,000 | ---D | M] -- C:\temp [2012.10.27 13:18:02 | 000,000,000 | R--D | M] -- C:\Users [2012.09.07 17:03:35 | 000,000,000 | ---D | M] -- C:\VMWAD2 [2013.02.09 13:41:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.02.09 13:39:03 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job [2013.02.09 13:39:05 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.10 18:32:29 | 001,572,864 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT [2013.02.10 18:32:28 | 000,262,144 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG1 [2012.08.28 10:47:12 | 000,000,000 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG2 [2012.08.28 11:33:32 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.08.28 11:33:32 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.08.28 11:33:32 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.08.28 10:47:12 | 000,000,020 | -HS- | M] () -- C:\Users\Daniel\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.02.2013 18:32:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,31% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,63 Gb Total Space | 20,81 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 180,25 Gb Total Space | 75,66 Gb Free Space | 41,97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 465,76 Gb Total Space | 75,14 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021AAE48-CE94-43C1-B99D-9902360F91AC}" = lport=137 | protocol=17 | dir=in | app=system |
"{0DFF8EC1-B781-4010-88BA-8E66B0F9F2C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0F198480-BB10-47F0-94DA-7562619108DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1343A03A-072D-47A5-8BE4-44E51213BF6E}" = lport=139 | protocol=6 | dir=in | app=system |
"{283D206D-8135-48E1-822E-18816D412411}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F3BD1EA-53E2-4294-A105-DF7EEEB6387B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31F6FFE5-088F-4BFF-A4AF-75491E392477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{33101252-3108-4DC5-BD91-BDD5111E7DE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{37E9D4C7-A487-4269-A454-ECDB0A3AFD30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{402C4BB7-44B4-4ECA-8B55-4766FA1EFEF4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7124DD22-0DBF-4E3D-BE68-67BEB7C96162}" = lport=445 | protocol=6 | dir=in | app=system |
"{72BA1D5A-0158-442F-A45B-7A88B664703D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C704206-8D7C-4C86-AA71-F759B65D63BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{8EEE84E9-A4E1-4992-A278-24ACE56948CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2475277-CA00-498C-A51F-6811ACB684FF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A501F7A7-5F95-4467-B0E6-E6F9C99E0E1E}" = rport=445 | protocol=6 | dir=out | app=system |
"{A60312DD-4095-47E8-86E3-2580449BB3E9}" = lport=138 | protocol=17 | dir=in | app=system |
"{CF39F07B-4B64-4138-91E7-D59EA5981572}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D80FA614-9965-4E51-B420-1B5DFD7F08F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E2937125-86D1-4FE8-AF3A-825A0F84F54C}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2A488F4-F9F2-40B5-8844-827D596A2882}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E3828FC7-E073-4BAC-AD20-1D24E9033361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E752D28F-4D5D-4564-B4BF-5AB671C6D959}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0987EBF6-9D52-48EA-879B-A6224649BDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0AECF93A-97B5-42EF-B10A-78C65406FBF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F12AA4A-7270-4C85-B7DD-12D457F42505}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{125C0B33-592D-4A0F-9053-6710949A16D6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{16094D3F-F58E-48AB-A01B-86818DD713CA}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1669ACB5-D2B9-427F-87A6-A25515C04A71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20154B23-7EA2-4562-85D1-2A8B07D4541A}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{24D25C5A-3F73-4AFF-8907-35BED616928A}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{2B26D8A2-21E2-46D6-A5AA-2FA85BF8658C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{2B70AAB5-B188-4865-8E48-E9B61993F2CE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{30B8D30B-B424-47BF-876C-B742C897B84A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{36993BA9-84F9-4010-B6A7-4F28AF07687B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37476ECA-51C1-4CEF-B9F0-3F622531DCCE}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{3AF6BA49-6997-4625-8D19-C567F83409B4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{432A7D8F-4E6C-4FC0-AF9F-76D4CA888B1B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild ii\guildii.exe |
"{49207771-8250-4355-B025-ED7CEECAFC72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B34F38A-6191-4F6D-8A16-F85C19659B17}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"{4CEE7BCE-1FB4-4FC2-A196-074F0A9E574D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{52C1061F-783D-4C83-90A7-C2BE71BEECCE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{5C1DEF57-4CA5-43A3-994D-53553CC955F3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild ii\guildii.exe |
"{5D03C1FC-25E7-492D-BFA1-B0DC58D39F01}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{61E0242B-941B-46E4-B340-0726CB72D3FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"{61EFB977-20FC-4618-8AEE-9B4353B28589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69CBFA8F-DDC5-407A-8B7A-BB5C95CBAFF9}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{6A3AE7B0-BCC7-4F16-92C4-DBEA96D02F40}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{6BB1364F-22E9-499C-9DDD-DC7DCF827477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{704BCB8F-E124-4FA7-B536-826C2686B45E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75D79E93-7084-48E8-B65A-45B45DBEA9B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{809317C2-4EC9-4A28-B3E9-432ECDD8279D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{85896174-AACE-4DB9-A9CC-B03D3D94AFC8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{873D3C89-F816-4285-BF65-F4E8860251C1}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{8EABBA7C-CF11-4D86-8989-830E403F3BCF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe |
"{94CBEC12-27EE-4027-B4D6-ABDB522DAF4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9604A9AD-7F44-4E29-A50B-94CB5901FF69}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{98068359-1343-4378-8A93-8DC2BDABF542}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{9A7C0114-058F-4EF6-BB89-5B2A8AF90F5D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{9AB62898-6CB9-4BEE-874A-830CB421ED4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A182054B-B78E-487B-81E8-17DABD714B7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A1B6B9C7-C5D9-436A-939F-30C71676A766}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A39C8A3E-2B0A-40AA-804F-CD84389E3AD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A7B2414D-A455-4199-8466-E61CBE5D3C06}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe |
"{ABAFEAC6-942F-476D-A777-84B70F58AF2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD217864-709B-4F86-A6EF-35C7E399E006}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe |
"{AE76669C-442F-4403-A338-0F8E2FDE4420}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"{B62CA187-5CBE-4F87-B7B4-40B0BF296429}" = protocol=6 | dir=out | app=system |
"{C5547689-0711-40B2-BAF4-595BEE3009D7}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat |
"{C5C9F833-CAEF-44FC-8F4D-762D1959397C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6BCA721-3C73-47AD-806D-B6C572E28617}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{C852EBBC-FB28-42C0-A91E-2F94D4B1776E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CC0DF56E-0ABE-49C8-9B94-C53447C0F99E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{CE144149-993A-4AE3-9256-AD4EEB35D9B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{D63C8CDE-86E3-4379-A776-69B5FBF621E9}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{DE3C6543-8178-4BDB-9E25-C6E39FC30BA2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{E7C45E55-FE38-4EBD-B8FB-634381CA0EA7}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{E847C353-45E8-445B-98AC-77D83D312831}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EA280363-3188-495A-95F1-260EFA4F6D97}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{EEF87EF8-E4A9-4F0D-867B-6EBF1B9BAC8C}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{F0313DC8-6337-4F0E-B161-F2D7E23C3376}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html |
"{F6B54350-FC52-48CF-9E72-11F21E6A71C6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat |
"{FBF8535C-9085-4E5C-8879-607335624409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0221207E-7DCF-4CEB-A844-947C15727F77}C:\users\daniel\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\gw2.exe |
"TCP Query User{1550E728-4FC7-4FBA-8D57-5487EA8541FE}D:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{381ACF05-C0C5-46CC-BFFC-5C9B7EE52715}H:\spiele\csserver\srcds.exe" = protocol=6 | dir=in | app=h:\spiele\csserver\srcds.exe |
"TCP Query User{4D1374B7-B62F-4EA8-B035-D2516C4343D2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5133DE32-FA54-4EF6-A833-FCD3D335A1D7}H:\spiele\dungeon siege\dungeonsiege.exe" = protocol=6 | dir=in | app=h:\spiele\dungeon siege\dungeonsiege.exe |
"TCP Query User{5333C006-14F4-4BC8-9D3F-94FAD4670619}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{597BBDEE-9129-4258-8B15-BCE4B0BD872D}H:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"TCP Query User{71A72B0B-2827-4E7A-AB36-7DB520783D61}F:\steam\steamapps\common\the guild 2 renaissance\guildii.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"TCP Query User{8377901E-83C3-415D-8B05-F3D3364E708D}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"TCP Query User{85C0B961-1A0A-42A8-B584-83C757EB401C}H:\steam\steam.exe" = protocol=6 | dir=in | app=h:\steam\steam.exe |
"TCP Query User{91D6C390-0D53-428F-8E18-E7BBC280AC25}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe |
"TCP Query User{97D77C52-E631-4856-A9F7-A469C9F2489D}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"TCP Query User{97F64444-28EF-4641-8A64-F0368C08675E}F:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{9924CB17-3CD6-4F06-ACD4-FEA161F4F9F2}H:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"TCP Query User{A63CAF71-F260-4F93-A259-673021F5136E}D:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{BA540D51-574E-43B3-A51C-B20AA7375DAB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{DFF28454-2D69-42D7-9573-17A5F076BAAD}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{00635860-2344-48B5-8924-D4422A558C0A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{030E5357-95C3-4117-A4E1-FD991D2E0C51}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{18693CA1-5971-4B4E-8230-BB344EF54F62}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"UDP Query User{1A767B38-A3BE-4199-BF6E-A450608635F6}F:\steam\steamapps\common\the guild 2 renaissance\guildii.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\the guild 2 renaissance\guildii.exe |
"UDP Query User{2835BA67-9A40-4B5B-83B0-85D4B3942A18}H:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe |
"UDP Query User{4D329617-75FC-4334-91DD-09AA2DFCD20C}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{66EB2597-367D-4850-BEA6-3ECE3DDE62E3}H:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"UDP Query User{751D37AE-6CCF-4B3C-AFF6-82E805ECB4B7}D:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{758F14AF-326A-4DAC-B707-9E386ACAB03B}C:\users\daniel\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\gw2.exe |
"UDP Query User{8346C5F2-330F-4E0B-B069-5B3A2DED1EE1}H:\spiele\csserver\srcds.exe" = protocol=17 | dir=in | app=h:\spiele\csserver\srcds.exe |
"UDP Query User{ADCA620E-573D-4287-8166-9D31D6D6FCCA}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe |
"UDP Query User{B44B764D-23A5-4334-8DDB-4DFA12A8F334}F:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{D371473C-DE35-42B8-A43B-B0BBFEC962E7}D:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{DC947AFC-9A94-42C0-A29F-600274D3A947}H:\steam\steam.exe" = protocol=17 | dir=in | app=h:\steam\steam.exe |
"UDP Query User{E93A679A-5FCD-4BA4-AC71-ACF3F53A42BA}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{F89CEDB9-C0D1-4151-9219-05F7A04DD578}H:\spiele\dungeon siege\dungeonsiege.exe" = protocol=17 | dir=in | app=h:\spiele\dungeon siege\dungeonsiege.exe |
"UDP Query User{FC657A8F-A5A3-4A05-835A-CE70C9CAF273}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{6096E25F-A431-4C1F-9442-E7AA0C1A730B}" = Virgin Media
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{DFF82CF1-E9A1-473C-9288-28F0A472FCA0}" = Virgin Media
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = HDVidCodec
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DungeonSiege 1.0" = Dungeon Siege
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 8930" = Sid Meier's Civilization V
"Tunngle beta_is1" = Tunngle beta
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Zipeg" = Zipeg
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.02.2013 14:26:34 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.02.2013 15:14:08 | Computer Name = Daniel-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.02.2013 15:20:40 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.02.2013 07:53:19 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.02.2013 08:36:30 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\M9JQC7EJ\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 09.02.2013 08:36:33 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\M9JQC7EJ\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 09.02.2013 09:07:42 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.02.2013 11:00:37 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 07:17:32 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.02.2013 07:33:01 | Computer Name = Daniel-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 09.02.2013 18:43:46 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:44:15 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:44:19 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:44:24 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:45:27 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:45:28 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 18:45:45 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 09.02.2013 21:41:02 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10.02.2013 07:15:49 | Computer Name = Daniel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10.02.2013 07:15:49 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
Danke, Doderan |
|
10.02.2013, 19:33
| #4 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.02.2013, 16:31
| #5 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Report: 16:25:01.0626 3896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:25:01.0704 3896 ============================================================ 16:25:01.0704 3896 Current date / time: 2013/02/11 16:25:01.0704 16:25:01.0704 3896 SystemInfo: 16:25:01.0704 3896 16:25:01.0704 3896 OS Version: 6.1.7601 ServicePack: 1.0 16:25:01.0704 3896 Product type: Workstation 16:25:01.0704 3896 ComputerName: DANIEL-PC 16:25:01.0704 3896 UserName: Daniel 16:25:01.0704 3896 Windows directory: C:\Windows 16:25:01.0704 3896 System windows directory: C:\Windows 16:25:01.0704 3896 Running under WOW64 16:25:01.0704 3896 Processor architecture: Intel x64 16:25:01.0704 3896 Number of processors: 2 16:25:01.0704 3896 Page size: 0x1000 16:25:01.0704 3896 Boot type: Normal boot 16:25:01.0704 3896 ============================================================ 16:25:03.0311 3896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:25:03.0311 3896 ============================================================ 16:25:03.0311 3896 \Device\Harddisk0\DR0: 16:25:03.0311 3896 MBR partitions: 16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6944DD8 16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6944E17, BlocksNum 0x1687F76A 16:25:03.0311 3896 ============================================================ 16:25:03.0327 3896 C: <-> \Device\Harddisk0\DR0\Partition1 16:25:03.0405 3896 D: <-> \Device\Harddisk0\DR0\Partition2 16:25:03.0405 3896 ============================================================ 16:25:03.0405 3896 Initialize success 16:25:03.0405 3896 ============================================================ 16:25:07.0820 1944 ============================================================ 16:25:07.0820 1944 Scan started 16:25:07.0820 1944 Mode: Manual; SigCheck; TDLFS; 16:25:07.0820 1944 ============================================================ 16:25:09.0380 1944 ================ Scan system memory ======================== 16:25:09.0380 1944 System memory - ok 16:25:09.0380 1944 ================ Scan services ============================= 16:25:09.0567 1944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:25:09.0660 1944 1394ohci - ok 16:25:09.0692 1944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:25:09.0707 1944 ACPI - ok 16:25:09.0754 1944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:25:09.0848 1944 AcpiPmi - ok 16:25:09.0910 1944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:25:09.0941 1944 adp94xx - ok 16:25:09.0957 1944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:25:09.0988 1944 adpahci - ok 16:25:10.0004 1944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:25:10.0019 1944 adpu320 - ok 16:25:10.0035 1944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:25:10.0206 1944 AeLookupSvc - ok 16:25:10.0269 1944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 16:25:10.0331 1944 AFD - ok 16:25:10.0378 1944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:25:10.0394 1944 agp440 - ok 16:25:10.0425 1944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 16:25:10.0487 1944 ALG - ok 16:25:10.0503 1944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 16:25:10.0518 1944 aliide - ok 16:25:10.0565 1944 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:25:10.0628 1944 AMD External Events Utility - ok 16:25:10.0659 1944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 16:25:10.0674 1944 amdide - ok 16:25:10.0690 1944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:25:10.0721 1944 AmdK8 - ok 16:25:10.0737 1944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 16:25:10.0768 1944 AmdPPM - ok 16:25:10.0815 1944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:25:10.0830 1944 amdsata - ok 16:25:10.0862 1944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 16:25:10.0893 1944 amdsbs - ok 16:25:10.0908 1944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:25:10.0924 1944 amdxata - ok 16:25:10.0986 1944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 16:25:11.0018 1944 AntiVirSchedulerService - ok 16:25:11.0064 1944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 16:25:11.0142 1944 AntiVirService - ok 16:25:11.0220 1944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 16:25:11.0267 1944 AppID - ok 16:25:11.0298 1944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:25:11.0345 1944 AppIDSvc - ok 16:25:11.0392 1944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 16:25:11.0454 1944 Appinfo - ok 16:25:11.0486 1944 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 16:25:11.0548 1944 AppMgmt - ok 16:25:11.0548 1944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 16:25:11.0579 1944 arc - ok 16:25:11.0610 1944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:25:11.0626 1944 arcsas - ok 16:25:11.0657 1944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:25:11.0704 1944 AsyncMac - ok 16:25:11.0720 1944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 16:25:11.0735 1944 atapi - ok 16:25:11.0907 1944 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:25:12.0110 1944 atikmdag - ok 16:25:12.0156 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:25:12.0234 1944 AudioEndpointBuilder - ok 16:25:12.0266 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:25:12.0297 1944 AudioSrv - ok 16:25:12.0375 1944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 16:25:12.0422 1944 avgntflt - ok 16:25:12.0468 1944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 16:25:12.0484 1944 avipbb - ok 16:25:12.0515 1944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 16:25:12.0531 1944 avkmgr - ok 16:25:12.0578 1944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:25:12.0656 1944 AxInstSV - ok 16:25:12.0718 1944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 16:25:12.0765 1944 b06bdrv - ok 16:25:12.0827 1944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:25:12.0858 1944 b57nd60a - ok 16:25:12.0921 1944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 16:25:12.0952 1944 BDESVC - ok 16:25:12.0968 1944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 16:25:13.0014 1944 Beep - ok 16:25:13.0077 1944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 16:25:13.0155 1944 BFE - ok 16:25:13.0202 1944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 16:25:13.0295 1944 BITS - ok 16:25:13.0342 1944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:25:13.0373 1944 blbdrive - ok 16:25:13.0404 1944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:25:13.0436 1944 bowser - ok 16:25:13.0467 1944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:25:13.0498 1944 BrFiltLo - ok 16:25:13.0498 1944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:25:13.0514 1944 BrFiltUp - ok 16:25:13.0576 1944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 16:25:13.0607 1944 Browser - ok 16:25:13.0638 1944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:25:13.0701 1944 Brserid - ok 16:25:13.0701 1944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:25:13.0732 1944 BrSerWdm - ok 16:25:13.0732 1944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:25:13.0763 1944 BrUsbMdm - ok 16:25:13.0763 1944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:25:13.0779 1944 BrUsbSer - ok 16:25:13.0826 1944 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 16:25:13.0872 1944 BthEnum - ok 16:25:13.0872 1944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:25:13.0904 1944 BTHMODEM - ok 16:25:13.0919 1944 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:25:13.0950 1944 BthPan - ok 16:25:13.0997 1944 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 16:25:14.0044 1944 BTHPORT - ok 16:25:14.0075 1944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 16:25:14.0122 1944 bthserv - ok 16:25:14.0138 1944 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 16:25:14.0169 1944 BTHUSB - ok 16:25:14.0216 1944 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS 16:25:14.0231 1944 BVRPMPR5a64 - ok 16:25:14.0278 1944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:25:14.0325 1944 cdfs - ok 16:25:14.0387 1944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:25:14.0403 1944 cdrom - ok 16:25:14.0465 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 16:25:14.0528 1944 CertPropSvc - ok 16:25:14.0543 1944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 16:25:14.0574 1944 circlass - ok 16:25:14.0606 1944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 16:25:14.0637 1944 CLFS - ok 16:25:14.0699 1944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:25:14.0715 1944 clr_optimization_v2.0.50727_32 - ok 16:25:14.0793 1944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:25:14.0808 1944 clr_optimization_v2.0.50727_64 - ok 16:25:14.0902 1944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:25:14.0902 1944 clr_optimization_v4.0.30319_32 - ok 16:25:14.0949 1944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:25:14.0949 1944 clr_optimization_v4.0.30319_64 - ok 16:25:14.0996 1944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:25:15.0027 1944 CmBatt - ok 16:25:15.0027 1944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:25:15.0042 1944 cmdide - ok 16:25:15.0089 1944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 16:25:15.0136 1944 CNG - ok 16:25:15.0167 1944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:25:15.0183 1944 Compbatt - ok 16:25:15.0198 1944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:25:15.0230 1944 CompositeBus - ok 16:25:15.0245 1944 COMSysApp - ok 16:25:15.0261 1944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:25:15.0276 1944 crcdisk - ok 16:25:15.0323 1944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:25:15.0354 1944 CryptSvc - ok 16:25:15.0370 1944 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 16:25:15.0448 1944 CSC - ok 16:25:15.0479 1944 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 16:25:15.0542 1944 CscService - ok 16:25:15.0588 1944 [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp C:\Windows\system32\drivers\bthav.sys 16:25:15.0635 1944 csr_a2dp - ok 16:25:15.0682 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:25:15.0713 1944 DcomLaunch - ok 16:25:15.0744 1944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 16:25:15.0807 1944 defragsvc - ok 16:25:15.0838 1944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:25:15.0885 1944 DfsC - ok 16:25:15.0932 1944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 16:25:15.0978 1944 Dhcp - ok 16:25:15.0994 1944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 16:25:16.0025 1944 discache - ok 16:25:16.0088 1944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 16:25:16.0103 1944 Disk - ok 16:25:16.0134 1944 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:25:16.0166 1944 dmvsc - ok 16:25:16.0212 1944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:25:16.0244 1944 Dnscache - ok 16:25:16.0275 1944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:25:16.0322 1944 dot3svc - ok 16:25:16.0353 1944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 16:25:16.0384 1944 DPS - ok 16:25:16.0431 1944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:25:16.0446 1944 drmkaud - ok 16:25:16.0493 1944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:25:16.0524 1944 DXGKrnl - ok 16:25:16.0571 1944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 16:25:16.0618 1944 EapHost - ok 16:25:16.0712 1944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 16:25:16.0852 1944 ebdrv - ok 16:25:16.0883 1944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 16:25:16.0930 1944 EFS - ok 16:25:16.0977 1944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:25:17.0055 1944 ehRecvr - ok 16:25:17.0070 1944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 16:25:17.0102 1944 ehSched - ok 16:25:17.0164 1944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:25:17.0195 1944 elxstor - ok 16:25:17.0211 1944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:25:17.0226 1944 ErrDev - ok 16:25:17.0273 1944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 16:25:17.0336 1944 EventSystem - ok 16:25:17.0382 1944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 16:25:17.0445 1944 exfat - ok 16:25:17.0492 1944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:25:17.0538 1944 fastfat - ok 16:25:17.0601 1944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 16:25:17.0648 1944 Fax - ok 16:25:17.0648 1944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 16:25:17.0663 1944 fdc - ok 16:25:17.0710 1944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 16:25:17.0741 1944 fdPHost - ok 16:25:17.0741 1944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 16:25:17.0788 1944 FDResPub - ok 16:25:17.0835 1944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:25:17.0850 1944 FileInfo - ok 16:25:17.0850 1944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:25:17.0897 1944 Filetrace - ok 16:25:17.0913 1944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 16:25:17.0928 1944 flpydisk - ok 16:25:17.0944 1944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:25:17.0975 1944 FltMgr - ok 16:25:18.0038 1944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 16:25:18.0100 1944 FontCache - ok 16:25:18.0162 1944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:25:18.0178 1944 FontCache3.0.0.0 - ok 16:25:18.0209 1944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:25:18.0225 1944 FsDepends - ok 16:25:18.0256 1944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:25:18.0272 1944 Fs_Rec - ok 16:25:18.0287 1944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:25:18.0303 1944 fvevol - ok 16:25:18.0334 1944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:25:18.0350 1944 gagp30kx - ok 16:25:18.0396 1944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 16:25:18.0443 1944 gpsvc - ok 16:25:18.0459 1944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:25:18.0506 1944 hcw85cir - ok 16:25:18.0552 1944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:25:18.0615 1944 HdAudAddService - ok 16:25:18.0646 1944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:25:18.0662 1944 HDAudBus - ok 16:25:18.0677 1944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:25:18.0693 1944 HidBatt - ok 16:25:18.0708 1944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:25:18.0724 1944 HidBth - ok 16:25:18.0755 1944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 16:25:18.0771 1944 HidIr - ok 16:25:18.0802 1944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 16:25:18.0833 1944 hidserv - ok 16:25:18.0880 1944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:25:18.0896 1944 HidUsb - ok 16:25:18.0911 1944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:25:18.0958 1944 hkmsvc - ok 16:25:18.0989 1944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:25:19.0020 1944 HomeGroupListener - ok 16:25:19.0036 1944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:25:19.0067 1944 HomeGroupProvider - ok 16:25:19.0098 1944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:25:19.0114 1944 HpSAMD - ok 16:25:19.0161 1944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:25:19.0223 1944 HTTP - ok 16:25:19.0254 1944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:25:19.0270 1944 hwpolicy - ok 16:25:19.0270 1944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:25:19.0286 1944 i8042prt - ok 16:25:19.0317 1944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:25:19.0364 1944 iaStorV - ok 16:25:19.0410 1944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:25:19.0473 1944 idsvc - ok 16:25:19.0488 1944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:25:19.0504 1944 iirsp - ok 16:25:19.0535 1944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 16:25:19.0613 1944 IKEEXT - ok 16:25:19.0754 1944 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:25:19.0816 1944 IntcAzAudAddService - ok 16:25:19.0832 1944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 16:25:19.0847 1944 intelide - ok 16:25:19.0878 1944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:25:19.0894 1944 intelppm - ok 16:25:19.0910 1944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:25:19.0956 1944 IPBusEnum - ok 16:25:19.0972 1944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:25:20.0003 1944 IpFilterDriver - ok 16:25:20.0050 1944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:25:20.0097 1944 iphlpsvc - ok 16:25:20.0112 1944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:25:20.0128 1944 IPMIDRV - ok 16:25:20.0144 1944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:25:20.0190 1944 IPNAT - ok 16:25:20.0206 1944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:25:20.0237 1944 IRENUM - ok 16:25:20.0253 1944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:25:20.0268 1944 isapnp - ok 16:25:20.0284 1944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:25:20.0300 1944 iScsiPrt - ok 16:25:20.0393 1944 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe 16:25:20.0456 1944 jswpsapi ( UnsignedFile.Multi.Generic ) - warning 16:25:20.0456 1944 jswpsapi - detected UnsignedFile.Multi.Generic (1) 16:25:20.0487 1944 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys 16:25:20.0534 1944 JSWPSLWF - ok 16:25:20.0549 1944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:25:20.0565 1944 kbdclass - ok 16:25:20.0612 1944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:25:20.0643 1944 kbdhid - ok 16:25:20.0658 1944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 16:25:20.0674 1944 KeyIso - ok 16:25:20.0736 1944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:25:20.0752 1944 KSecDD - ok 16:25:20.0768 1944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:25:20.0799 1944 KSecPkg - ok 16:25:20.0799 1944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:25:20.0861 1944 ksthunk - ok 16:25:20.0892 1944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 16:25:20.0924 1944 KtmRm - ok 16:25:20.0970 1944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:25:21.0017 1944 LanmanServer - ok 16:25:21.0064 1944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:25:21.0111 1944 LanmanWorkstation - ok 16:25:21.0142 1944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:25:21.0189 1944 lltdio - ok 16:25:21.0236 1944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:25:21.0298 1944 lltdsvc - ok 16:25:21.0360 1944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:25:21.0407 1944 lmhosts - ok 16:25:21.0423 1944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:25:21.0438 1944 LSI_FC - ok 16:25:21.0485 1944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:25:21.0501 1944 LSI_SAS - ok 16:25:21.0516 1944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:25:21.0532 1944 LSI_SAS2 - ok 16:25:21.0548 1944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:25:21.0563 1944 LSI_SCSI - ok 16:25:21.0579 1944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 16:25:21.0626 1944 luafv - ok 16:25:21.0657 1944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:25:21.0719 1944 Mcx2Svc - ok 16:25:21.0735 1944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 16:25:21.0750 1944 megasas - ok 16:25:21.0797 1944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:25:21.0828 1944 MegaSR - ok 16:25:21.0844 1944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 16:25:21.0891 1944 MMCSS - ok 16:25:21.0891 1944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 16:25:21.0938 1944 Modem - ok 16:25:21.0953 1944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:25:21.0984 1944 monitor - ok 16:25:22.0016 1944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:25:22.0031 1944 mouclass - ok 16:25:22.0078 1944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:25:22.0109 1944 mouhid - ok 16:25:22.0125 1944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:25:22.0140 1944 mountmgr - ok 16:25:22.0218 1944 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:25:22.0234 1944 MozillaMaintenance - ok 16:25:22.0250 1944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 16:25:22.0265 1944 mpio - ok 16:25:22.0281 1944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:25:22.0328 1944 mpsdrv - ok 16:25:22.0359 1944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:25:22.0421 1944 MpsSvc - ok 16:25:22.0452 1944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:25:22.0484 1944 MRxDAV - ok 16:25:22.0515 1944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:25:22.0546 1944 mrxsmb - ok 16:25:22.0577 1944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:25:22.0593 1944 mrxsmb10 - ok 16:25:22.0624 1944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:25:22.0640 1944 mrxsmb20 - ok 16:25:22.0671 1944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 16:25:22.0686 1944 msahci - ok 16:25:22.0718 1944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:25:22.0733 1944 msdsm - ok 16:25:22.0796 1944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 16:25:22.0827 1944 MSDTC - ok 16:25:22.0889 1944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:25:22.0936 1944 Msfs - ok 16:25:22.0952 1944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:25:22.0998 1944 mshidkmdf - ok 16:25:23.0014 1944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:25:23.0030 1944 msisadrv - ok 16:25:23.0061 1944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:25:23.0092 1944 MSiSCSI - ok 16:25:23.0108 1944 msiserver - ok 16:25:23.0123 1944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:25:23.0186 1944 MSKSSRV - ok 16:25:23.0217 1944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:25:23.0264 1944 MSPCLOCK - ok 16:25:23.0279 1944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:25:23.0326 1944 MSPQM - ok 16:25:23.0342 1944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:25:23.0373 1944 MsRPC - ok 16:25:23.0388 1944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:25:23.0404 1944 mssmbios - ok 16:25:23.0435 1944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:25:23.0498 1944 MSTEE - ok 16:25:23.0513 1944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:25:23.0544 1944 MTConfig - ok 16:25:23.0560 1944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 16:25:23.0576 1944 Mup - ok 16:25:23.0591 1944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 16:25:23.0669 1944 napagent - ok 16:25:23.0700 1944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:25:23.0732 1944 NativeWifiP - ok 16:25:23.0778 1944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:25:23.0825 1944 NDIS - ok 16:25:23.0841 1944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:25:23.0872 1944 NdisCap - ok 16:25:23.0903 1944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:25:23.0934 1944 NdisTapi - ok 16:25:23.0950 1944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:25:23.0997 1944 Ndisuio - ok 16:25:24.0028 1944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:25:24.0075 1944 NdisWan - ok 16:25:24.0090 1944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:25:24.0122 1944 NDProxy - ok 16:25:24.0137 1944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:25:24.0184 1944 NetBIOS - ok 16:25:24.0215 1944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:25:24.0246 1944 NetBT - ok 16:25:24.0262 1944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 16:25:24.0278 1944 Netlogon - ok 16:25:24.0324 1944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 16:25:24.0371 1944 Netman - ok 16:25:24.0387 1944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 16:25:24.0434 1944 netprofm - ok 16:25:24.0465 1944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:25:24.0480 1944 NetTcpPortSharing - ok 16:25:24.0652 1944 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 16:25:24.0855 1944 netw5v64 - ok 16:25:24.0902 1944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:25:24.0917 1944 nfrd960 - ok 16:25:24.0995 1944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:25:25.0026 1944 NlaSvc - ok 16:25:25.0042 1944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:25:25.0073 1944 Npfs - ok 16:25:25.0089 1944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 16:25:25.0120 1944 nsi - ok 16:25:25.0120 1944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:25:25.0167 1944 nsiproxy - ok 16:25:25.0229 1944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:25:25.0354 1944 Ntfs - ok 16:25:25.0370 1944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 16:25:25.0416 1944 Null - ok 16:25:25.0463 1944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:25:25.0479 1944 nvraid - ok 16:25:25.0494 1944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:25:25.0510 1944 nvstor - ok 16:25:25.0526 1944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:25:25.0541 1944 nv_agp - ok 16:25:25.0744 1944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:25:25.0775 1944 odserv - ok 16:25:25.0806 1944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:25:25.0838 1944 ohci1394 - ok 16:25:25.0900 1944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:25:25.0916 1944 ose - ok 16:25:25.0947 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:25:26.0009 1944 p2pimsvc - ok 16:25:26.0025 1944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 16:25:26.0072 1944 p2psvc - ok 16:25:26.0103 1944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 16:25:26.0118 1944 Parport - ok 16:25:26.0150 1944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:25:26.0165 1944 partmgr - ok 16:25:26.0196 1944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:25:26.0259 1944 PcaSvc - ok 16:25:26.0274 1944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 16:25:26.0290 1944 pci - ok 16:25:26.0306 1944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 16:25:26.0321 1944 pciide - ok 16:25:26.0337 1944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:25:26.0352 1944 pcmcia - ok 16:25:26.0368 1944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 16:25:26.0384 1944 pcw - ok 16:25:26.0415 1944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:25:26.0493 1944 PEAUTH - ok 16:25:26.0618 1944 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:25:26.0696 1944 PeerDistSvc - ok 16:25:26.0774 1944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:25:26.0805 1944 PerfHost - ok 16:25:26.0867 1944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 16:25:26.0961 1944 pla - ok 16:25:27.0023 1944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:25:27.0101 1944 PlugPlay - ok 16:25:27.0117 1944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:25:27.0148 1944 PNRPAutoReg - ok 16:25:27.0164 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:25:27.0179 1944 PNRPsvc - ok 16:25:27.0226 1944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:25:27.0288 1944 PolicyAgent - ok 16:25:27.0304 1944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 16:25:27.0382 1944 Power - ok 16:25:27.0413 1944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:25:27.0444 1944 PptpMiniport - ok 16:25:27.0460 1944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 16:25:27.0491 1944 Processor - ok 16:25:27.0538 1944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 16:25:27.0569 1944 ProfSvc - ok 16:25:27.0569 1944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:25:27.0585 1944 ProtectedStorage - ok 16:25:27.0616 1944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:25:27.0678 1944 Psched - ok 16:25:27.0741 1944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:25:27.0819 1944 ql2300 - ok 16:25:27.0866 1944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:25:27.0881 1944 ql40xx - ok 16:25:27.0944 1944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 16:25:27.0975 1944 QWAVE - ok 16:25:28.0006 1944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:25:28.0037 1944 QWAVEdrv - ok 16:25:28.0053 1944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:25:28.0084 1944 RasAcd - ok 16:25:28.0115 1944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:25:28.0146 1944 RasAgileVpn - ok 16:25:28.0162 1944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 16:25:28.0209 1944 RasAuto - ok 16:25:28.0224 1944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:25:28.0271 1944 Rasl2tp - ok 16:25:28.0287 1944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 16:25:28.0334 1944 RasMan - ok 16:25:28.0349 1944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:25:28.0412 1944 RasPppoe - ok 16:25:28.0427 1944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:25:28.0474 1944 RasSstp - ok 16:25:28.0490 1944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:25:28.0552 1944 rdbss - ok 16:25:28.0568 1944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:25:28.0630 1944 rdpbus - ok 16:25:28.0646 1944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:25:28.0677 1944 RDPCDD - ok 16:25:28.0724 1944 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:25:28.0739 1944 RDPDR - ok 16:25:28.0755 1944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:25:28.0817 1944 RDPENCDD - ok 16:25:28.0833 1944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:25:28.0880 1944 RDPREFMP - ok 16:25:28.0926 1944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:25:28.0958 1944 RDPWD - ok 16:25:29.0004 1944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:25:29.0020 1944 rdyboost - ok 16:25:29.0051 1944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:25:29.0129 1944 RemoteAccess - ok 16:25:29.0145 1944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:25:29.0192 1944 RemoteRegistry - ok 16:25:29.0238 1944 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:25:29.0270 1944 RFCOMM - ok 16:25:29.0301 1944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:25:29.0348 1944 RpcEptMapper - ok 16:25:29.0363 1944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 16:25:29.0410 1944 RpcLocator - ok 16:25:29.0441 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 16:25:29.0472 1944 RpcSs - ok 16:25:29.0550 1944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:25:29.0582 1944 rspndr - ok 16:25:29.0628 1944 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 16:25:29.0644 1944 RTL8167 - ok 16:25:29.0738 1944 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:25:29.0784 1944 s3cap - ok 16:25:29.0800 1944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 16:25:29.0816 1944 SamSs - ok 16:25:29.0847 1944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:25:29.0862 1944 sbp2port - ok 16:25:29.0894 1944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:25:29.0940 1944 SCardSvr - ok 16:25:29.0956 1944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:25:30.0018 1944 scfilter - ok 16:25:30.0065 1944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 16:25:30.0128 1944 Schedule - ok 16:25:30.0159 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:25:30.0190 1944 SCPolicySvc - ok 16:25:30.0268 1944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:25:30.0362 1944 SDRSVC - ok 16:25:30.0377 1944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:25:30.0424 1944 secdrv - ok 16:25:30.0440 1944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 16:25:30.0471 1944 seclogon - ok 16:25:30.0486 1944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 16:25:30.0533 1944 SENS - ok 16:25:30.0549 1944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:25:30.0611 1944 SensrSvc - ok 16:25:30.0627 1944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 16:25:30.0658 1944 Serenum - ok 16:25:30.0705 1944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 16:25:30.0736 1944 Serial - ok 16:25:30.0752 1944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:25:30.0767 1944 sermouse - ok 16:25:30.0798 1944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 16:25:30.0845 1944 SessionEnv - ok 16:25:30.0845 1944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:25:30.0861 1944 sffdisk - ok 16:25:30.0876 1944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:25:30.0908 1944 sffp_mmc - ok 16:25:30.0908 1944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:25:30.0923 1944 sffp_sd - ok 16:25:30.0923 1944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:25:30.0954 1944 sfloppy - ok 16:25:30.0986 1944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:25:31.0064 1944 SharedAccess - ok 16:25:31.0110 1944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:25:31.0157 1944 ShellHWDetection - ok 16:25:31.0204 1944 [ 1B731AE02FC0C1CCDC4B7D32FCC95660 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys 16:25:31.0220 1944 Si3531 - ok 16:25:31.0235 1944 [ 8574809375C8147CC9B6A62822018FD6 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys 16:25:31.0235 1944 SiFilter - ok 16:25:31.0251 1944 [ E7B586131C8C417691E303C511C3563B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys 16:25:31.0266 1944 SiRemFil - ok 16:25:31.0282 1944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:25:31.0298 1944 SiSRaid2 - ok 16:25:31.0329 1944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:25:31.0344 1944 SiSRaid4 - ok 16:25:31.0391 1944 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:25:31.0438 1944 SkypeUpdate - ok 16:25:31.0469 1944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:25:31.0516 1944 Smb - ok 16:25:31.0578 1944 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\Windows\system32\DRIVERS\SmSerl64.sys 16:25:31.0641 1944 smserial - ok 16:25:31.0656 1944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:25:31.0688 1944 SNMPTRAP - ok 16:25:31.0719 1944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 16:25:31.0734 1944 spldr - ok 16:25:31.0766 1944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 16:25:31.0812 1944 Spooler - ok 16:25:31.0890 1944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 16:25:32.0046 1944 sppsvc - ok 16:25:32.0062 1944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:25:32.0093 1944 sppuinotify - ok 16:25:32.0140 1944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 16:25:32.0187 1944 srv - ok 16:25:32.0218 1944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:25:32.0280 1944 srv2 - ok 16:25:32.0327 1944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:25:32.0405 1944 srvnet - ok 16:25:32.0452 1944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:25:32.0483 1944 SSDPSRV - ok 16:25:32.0514 1944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:25:32.0546 1944 SstpSvc - ok 16:25:32.0592 1944 Steam Client Service - ok 16:25:32.0608 1944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:25:32.0624 1944 stexstor - ok 16:25:32.0686 1944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 16:25:32.0748 1944 stisvc - ok 16:25:32.0764 1944 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:25:32.0780 1944 storflt - ok 16:25:32.0795 1944 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 16:25:32.0842 1944 StorSvc - ok 16:25:32.0858 1944 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:25:32.0873 1944 storvsc - ok 16:25:32.0889 1944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:25:32.0904 1944 swenum - ok 16:25:32.0951 1944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 16:25:32.0998 1944 swprv - ok 16:25:33.0092 1944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 16:25:33.0170 1944 SysMain - ok 16:25:33.0185 1944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:25:33.0216 1944 TabletInputService - ok 16:25:33.0279 1944 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys 16:25:33.0326 1944 tap0901t ( UnsignedFile.Multi.Generic ) - warning 16:25:33.0326 1944 tap0901t - detected UnsignedFile.Multi.Generic (1) 16:25:33.0357 1944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:25:33.0419 1944 TapiSrv - ok 16:25:33.0435 1944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 16:25:33.0466 1944 TBS - ok 16:25:33.0528 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:25:33.0669 1944 Tcpip - ok 16:25:33.0731 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:25:33.0762 1944 TCPIP6 - ok 16:25:33.0794 1944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:25:33.0809 1944 tcpipreg - ok 16:25:33.0825 1944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:25:33.0856 1944 TDPIPE - ok 16:25:33.0872 1944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:25:33.0903 1944 TDTCP - ok 16:25:33.0934 1944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:25:33.0981 1944 tdx - ok 16:25:33.0996 1944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:25:34.0012 1944 TermDD - ok 16:25:34.0059 1944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 16:25:34.0152 1944 TermService - ok 16:25:34.0168 1944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 16:25:34.0199 1944 Themes - ok 16:25:34.0215 1944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 16:25:34.0246 1944 THREADORDER - ok 16:25:34.0293 1944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 16:25:34.0340 1944 TrkWks - ok 16:25:34.0371 1944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:25:34.0402 1944 TrustedInstaller - ok 16:25:34.0449 1944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:25:34.0511 1944 tssecsrv - ok 16:25:34.0558 1944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:25:34.0589 1944 TsUsbFlt - ok 16:25:34.0605 1944 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:25:34.0636 1944 TsUsbGD - ok 16:25:34.0667 1944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:25:34.0730 1944 tunnel - ok 16:25:34.0808 1944 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe 16:25:34.0917 1944 TunngleService ( UnsignedFile.Multi.Generic ) - warning 16:25:34.0917 1944 TunngleService - detected UnsignedFile.Multi.Generic (1) 16:25:34.0948 1944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:25:34.0964 1944 uagp35 - ok 16:25:34.0979 1944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:25:35.0042 1944 udfs - ok 16:25:35.0104 1944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:25:35.0120 1944 UI0Detect - ok 16:25:35.0151 1944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:25:35.0166 1944 uliagpkx - ok 16:25:35.0182 1944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:25:35.0213 1944 umbus - ok 16:25:35.0229 1944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 16:25:35.0260 1944 UmPass - ok 16:25:35.0276 1944 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 16:25:35.0322 1944 UmRdpService - ok 16:25:35.0369 1944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 16:25:35.0416 1944 upnphost - ok 16:25:35.0478 1944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:25:35.0510 1944 usbaudio - ok 16:25:35.0556 1944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:25:35.0603 1944 usbccgp - ok 16:25:35.0666 1944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:25:35.0681 1944 usbcir - ok 16:25:35.0712 1944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:25:35.0728 1944 usbehci - ok 16:25:35.0759 1944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:25:35.0790 1944 usbhub - ok 16:25:35.0790 1944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:25:35.0822 1944 usbohci - ok 16:25:35.0853 1944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:25:35.0868 1944 usbprint - ok 16:25:35.0900 1944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:25:35.0962 1944 USBSTOR - ok 16:25:35.0978 1944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:25:35.0993 1944 usbuhci - ok 16:25:36.0024 1944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 16:25:36.0071 1944 usbvideo - ok 16:25:36.0102 1944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 16:25:36.0149 1944 UxSms - ok 16:25:36.0180 1944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 16:25:36.0180 1944 VaultSvc - ok 16:25:36.0243 1944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:25:36.0258 1944 vdrvroot - ok 16:25:36.0290 1944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 16:25:36.0368 1944 vds - ok 16:25:36.0399 1944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:25:36.0414 1944 vga - ok 16:25:36.0430 1944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 16:25:36.0477 1944 VgaSave - ok 16:25:36.0477 1944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:25:36.0524 1944 vhdmp - ok 16:25:36.0539 1944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 16:25:36.0555 1944 viaide - ok 16:25:36.0570 1944 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:25:36.0602 1944 vmbus - ok 16:25:36.0617 1944 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:25:36.0633 1944 VMBusHID - ok 16:25:36.0648 1944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:25:36.0680 1944 volmgr - ok 16:25:36.0680 1944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:25:36.0695 1944 volmgrx - ok 16:25:36.0726 1944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:25:36.0758 1944 volsnap - ok 16:25:36.0789 1944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:25:36.0804 1944 vsmraid - ok 16:25:36.0882 1944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 16:25:37.0023 1944 VSS - ok 16:25:37.0038 1944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 16:25:37.0070 1944 vwifibus - ok 16:25:37.0085 1944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 16:25:37.0148 1944 W32Time - ok 16:25:37.0179 1944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:25:37.0194 1944 WacomPen - ok 16:25:37.0241 1944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:25:37.0288 1944 WANARP - ok 16:25:37.0304 1944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:25:37.0335 1944 Wanarpv6 - ok 16:25:37.0413 1944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 16:25:37.0491 1944 WatAdminSvc - ok 16:25:37.0538 1944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 16:25:37.0694 1944 wbengine - ok 16:25:37.0709 1944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:25:37.0740 1944 WbioSrvc - ok 16:25:37.0772 1944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:25:37.0803 1944 wcncsvc - ok 16:25:37.0834 1944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:25:37.0865 1944 WcsPlugInService - ok 16:25:37.0881 1944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 16:25:37.0896 1944 Wd - ok 16:25:37.0959 1944 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe 16:25:38.0006 1944 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning 16:25:38.0006 1944 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1) 16:25:38.0052 1944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:25:38.0115 1944 Wdf01000 - ok 16:25:38.0130 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:25:38.0240 1944 WdiServiceHost - ok 16:25:38.0240 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:25:38.0271 1944 WdiSystemHost - ok 16:25:38.0286 1944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 16:25:38.0333 1944 WebClient - ok 16:25:38.0349 1944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:25:38.0411 1944 Wecsvc - ok 16:25:38.0427 1944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:25:38.0458 1944 wercplsupport - ok 16:25:38.0505 1944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 16:25:38.0536 1944 WerSvc - ok 16:25:38.0567 1944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:25:38.0598 1944 WfpLwf - ok 16:25:38.0614 1944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:25:38.0630 1944 WIMMount - ok 16:25:38.0645 1944 WinDefend - ok 16:25:38.0645 1944 WinHttpAutoProxySvc - ok 16:25:38.0708 1944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:25:38.0739 1944 Winmgmt - ok 16:25:38.0817 1944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 16:25:38.0957 1944 WinRM - ok 16:25:39.0004 1944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:25:39.0035 1944 WinUsb - ok 16:25:39.0082 1944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 16:25:39.0129 1944 Wlansvc - ok 16:25:39.0144 1944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:25:39.0160 1944 WmiAcpi - ok 16:25:39.0207 1944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:25:39.0222 1944 wmiApSrv - ok 16:25:39.0269 1944 WMPNetworkSvc - ok 16:25:39.0285 1944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:25:39.0300 1944 WPCSvc - ok 16:25:39.0316 1944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:25:39.0332 1944 WPDBusEnum - ok 16:25:39.0347 1944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:25:39.0378 1944 ws2ifsl - ok 16:25:39.0410 1944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 16:25:39.0456 1944 wscsvc - ok 16:25:39.0456 1944 WSearch - ok 16:25:39.0534 1944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 16:25:39.0612 1944 wuauserv - ok 16:25:39.0644 1944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:25:39.0690 1944 WudfPf - ok 16:25:39.0737 1944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:25:39.0768 1944 WUDFRd - ok 16:25:39.0784 1944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:25:39.0815 1944 wudfsvc - ok 16:25:39.0909 1944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 16:25:39.0924 1944 WwanSvc - ok 16:25:39.0971 1944 ================ Scan global =============================== 16:25:39.0987 1944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 16:25:40.0034 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 16:25:40.0080 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 16:25:40.0096 1944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 16:25:40.0127 1944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 16:25:40.0158 1944 [Global] - ok 16:25:40.0158 1944 ================ Scan MBR ================================== 16:25:40.0174 1944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:25:40.0626 1944 \Device\Harddisk0\DR0 - ok 16:25:40.0626 1944 ================ Scan VBR ================================== 16:25:40.0626 1944 [ 9A41F03AA6B58A12EBB379785219C37A ] \Device\Harddisk0\DR0\Partition1 16:25:40.0642 1944 \Device\Harddisk0\DR0\Partition1 - ok 16:25:40.0658 1944 [ 50DAAD8F7B8CEA706BBFDFA2B6097FBB ] \Device\Harddisk0\DR0\Partition2 16:25:40.0658 1944 \Device\Harddisk0\DR0\Partition2 - ok 16:25:40.0658 1944 ============================================================ 16:25:40.0658 1944 Scan finished 16:25:40.0658 1944 ============================================================ 16:25:40.0658 1220 Detected object count: 4 16:25:40.0658 1220 Actual detected object count: 4 16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip Log im nächsten post, da zu viele Zeichen. Danke, Daniel |
|
11.02.2013, 16:31
| #6 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Log: 16:25:01.0626 3896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:25:01.0704 3896 ============================================================ 16:25:01.0704 3896 Current date / time: 2013/02/11 16:25:01.0704 16:25:01.0704 3896 SystemInfo: 16:25:01.0704 3896 16:25:01.0704 3896 OS Version: 6.1.7601 ServicePack: 1.0 16:25:01.0704 3896 Product type: Workstation 16:25:01.0704 3896 ComputerName: DANIEL-PC 16:25:01.0704 3896 UserName: Daniel 16:25:01.0704 3896 Windows directory: C:\Windows 16:25:01.0704 3896 System windows directory: C:\Windows 16:25:01.0704 3896 Running under WOW64 16:25:01.0704 3896 Processor architecture: Intel x64 16:25:01.0704 3896 Number of processors: 2 16:25:01.0704 3896 Page size: 0x1000 16:25:01.0704 3896 Boot type: Normal boot 16:25:01.0704 3896 ============================================================ 16:25:03.0311 3896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:25:03.0311 3896 ============================================================ 16:25:03.0311 3896 \Device\Harddisk0\DR0: 16:25:03.0311 3896 MBR partitions: 16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6944DD8 16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6944E17, BlocksNum 0x1687F76A 16:25:03.0311 3896 ============================================================ 16:25:03.0327 3896 C: <-> \Device\Harddisk0\DR0\Partition1 16:25:03.0405 3896 D: <-> \Device\Harddisk0\DR0\Partition2 16:25:03.0405 3896 ============================================================ 16:25:03.0405 3896 Initialize success 16:25:03.0405 3896 ============================================================ 16:25:07.0820 1944 ============================================================ 16:25:07.0820 1944 Scan started 16:25:07.0820 1944 Mode: Manual; SigCheck; TDLFS; 16:25:07.0820 1944 ============================================================ 16:25:09.0380 1944 ================ Scan system memory ======================== 16:25:09.0380 1944 System memory - ok 16:25:09.0380 1944 ================ Scan services ============================= 16:25:09.0567 1944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:25:09.0660 1944 1394ohci - ok 16:25:09.0692 1944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:25:09.0707 1944 ACPI - ok 16:25:09.0754 1944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:25:09.0848 1944 AcpiPmi - ok 16:25:09.0910 1944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:25:09.0941 1944 adp94xx - ok 16:25:09.0957 1944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:25:09.0988 1944 adpahci - ok 16:25:10.0004 1944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:25:10.0019 1944 adpu320 - ok 16:25:10.0035 1944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:25:10.0206 1944 AeLookupSvc - ok 16:25:10.0269 1944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 16:25:10.0331 1944 AFD - ok 16:25:10.0378 1944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:25:10.0394 1944 agp440 - ok 16:25:10.0425 1944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 16:25:10.0487 1944 ALG - ok 16:25:10.0503 1944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 16:25:10.0518 1944 aliide - ok 16:25:10.0565 1944 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:25:10.0628 1944 AMD External Events Utility - ok 16:25:10.0659 1944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 16:25:10.0674 1944 amdide - ok 16:25:10.0690 1944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:25:10.0721 1944 AmdK8 - ok 16:25:10.0737 1944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 16:25:10.0768 1944 AmdPPM - ok 16:25:10.0815 1944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:25:10.0830 1944 amdsata - ok 16:25:10.0862 1944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 16:25:10.0893 1944 amdsbs - ok 16:25:10.0908 1944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:25:10.0924 1944 amdxata - ok 16:25:10.0986 1944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 16:25:11.0018 1944 AntiVirSchedulerService - ok 16:25:11.0064 1944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 16:25:11.0142 1944 AntiVirService - ok 16:25:11.0220 1944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 16:25:11.0267 1944 AppID - ok 16:25:11.0298 1944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:25:11.0345 1944 AppIDSvc - ok 16:25:11.0392 1944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 16:25:11.0454 1944 Appinfo - ok 16:25:11.0486 1944 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 16:25:11.0548 1944 AppMgmt - ok 16:25:11.0548 1944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 16:25:11.0579 1944 arc - ok 16:25:11.0610 1944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:25:11.0626 1944 arcsas - ok 16:25:11.0657 1944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:25:11.0704 1944 AsyncMac - ok 16:25:11.0720 1944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 16:25:11.0735 1944 atapi - ok 16:25:11.0907 1944 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:25:12.0110 1944 atikmdag - ok 16:25:12.0156 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:25:12.0234 1944 AudioEndpointBuilder - ok 16:25:12.0266 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:25:12.0297 1944 AudioSrv - ok 16:25:12.0375 1944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 16:25:12.0422 1944 avgntflt - ok 16:25:12.0468 1944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 16:25:12.0484 1944 avipbb - ok 16:25:12.0515 1944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 16:25:12.0531 1944 avkmgr - ok 16:25:12.0578 1944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:25:12.0656 1944 AxInstSV - ok 16:25:12.0718 1944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 16:25:12.0765 1944 b06bdrv - ok 16:25:12.0827 1944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:25:12.0858 1944 b57nd60a - ok 16:25:12.0921 1944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 16:25:12.0952 1944 BDESVC - ok 16:25:12.0968 1944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 16:25:13.0014 1944 Beep - ok 16:25:13.0077 1944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 16:25:13.0155 1944 BFE - ok 16:25:13.0202 1944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 16:25:13.0295 1944 BITS - ok 16:25:13.0342 1944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:25:13.0373 1944 blbdrive - ok 16:25:13.0404 1944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:25:13.0436 1944 bowser - ok 16:25:13.0467 1944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:25:13.0498 1944 BrFiltLo - ok 16:25:13.0498 1944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:25:13.0514 1944 BrFiltUp - ok 16:25:13.0576 1944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 16:25:13.0607 1944 Browser - ok 16:25:13.0638 1944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:25:13.0701 1944 Brserid - ok 16:25:13.0701 1944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:25:13.0732 1944 BrSerWdm - ok 16:25:13.0732 1944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:25:13.0763 1944 BrUsbMdm - ok 16:25:13.0763 1944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:25:13.0779 1944 BrUsbSer - ok 16:25:13.0826 1944 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 16:25:13.0872 1944 BthEnum - ok 16:25:13.0872 1944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:25:13.0904 1944 BTHMODEM - ok 16:25:13.0919 1944 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 16:25:13.0950 1944 BthPan - ok 16:25:13.0997 1944 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 16:25:14.0044 1944 BTHPORT - ok 16:25:14.0075 1944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 16:25:14.0122 1944 bthserv - ok 16:25:14.0138 1944 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 16:25:14.0169 1944 BTHUSB - ok 16:25:14.0216 1944 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS 16:25:14.0231 1944 BVRPMPR5a64 - ok 16:25:14.0278 1944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:25:14.0325 1944 cdfs - ok 16:25:14.0387 1944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:25:14.0403 1944 cdrom - ok 16:25:14.0465 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 16:25:14.0528 1944 CertPropSvc - ok 16:25:14.0543 1944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 16:25:14.0574 1944 circlass - ok 16:25:14.0606 1944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 16:25:14.0637 1944 CLFS - ok 16:25:14.0699 1944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:25:14.0715 1944 clr_optimization_v2.0.50727_32 - ok 16:25:14.0793 1944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:25:14.0808 1944 clr_optimization_v2.0.50727_64 - ok 16:25:14.0902 1944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:25:14.0902 1944 clr_optimization_v4.0.30319_32 - ok 16:25:14.0949 1944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:25:14.0949 1944 clr_optimization_v4.0.30319_64 - ok 16:25:14.0996 1944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:25:15.0027 1944 CmBatt - ok 16:25:15.0027 1944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:25:15.0042 1944 cmdide - ok 16:25:15.0089 1944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 16:25:15.0136 1944 CNG - ok 16:25:15.0167 1944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:25:15.0183 1944 Compbatt - ok 16:25:15.0198 1944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:25:15.0230 1944 CompositeBus - ok 16:25:15.0245 1944 COMSysApp - ok 16:25:15.0261 1944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:25:15.0276 1944 crcdisk - ok 16:25:15.0323 1944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:25:15.0354 1944 CryptSvc - ok 16:25:15.0370 1944 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 16:25:15.0448 1944 CSC - ok 16:25:15.0479 1944 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 16:25:15.0542 1944 CscService - ok 16:25:15.0588 1944 [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp C:\Windows\system32\drivers\bthav.sys 16:25:15.0635 1944 csr_a2dp - ok 16:25:15.0682 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:25:15.0713 1944 DcomLaunch - ok 16:25:15.0744 1944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 16:25:15.0807 1944 defragsvc - ok 16:25:15.0838 1944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:25:15.0885 1944 DfsC - ok 16:25:15.0932 1944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 16:25:15.0978 1944 Dhcp - ok 16:25:15.0994 1944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 16:25:16.0025 1944 discache - ok 16:25:16.0088 1944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 16:25:16.0103 1944 Disk - ok 16:25:16.0134 1944 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:25:16.0166 1944 dmvsc - ok 16:25:16.0212 1944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:25:16.0244 1944 Dnscache - ok 16:25:16.0275 1944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:25:16.0322 1944 dot3svc - ok 16:25:16.0353 1944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 16:25:16.0384 1944 DPS - ok 16:25:16.0431 1944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:25:16.0446 1944 drmkaud - ok 16:25:16.0493 1944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:25:16.0524 1944 DXGKrnl - ok 16:25:16.0571 1944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 16:25:16.0618 1944 EapHost - ok 16:25:16.0712 1944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 16:25:16.0852 1944 ebdrv - ok 16:25:16.0883 1944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 16:25:16.0930 1944 EFS - ok 16:25:16.0977 1944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:25:17.0055 1944 ehRecvr - ok 16:25:17.0070 1944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 16:25:17.0102 1944 ehSched - ok 16:25:17.0164 1944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:25:17.0195 1944 elxstor - ok 16:25:17.0211 1944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:25:17.0226 1944 ErrDev - ok 16:25:17.0273 1944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 16:25:17.0336 1944 EventSystem - ok 16:25:17.0382 1944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 16:25:17.0445 1944 exfat - ok 16:25:17.0492 1944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:25:17.0538 1944 fastfat - ok 16:25:17.0601 1944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 16:25:17.0648 1944 Fax - ok 16:25:17.0648 1944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 16:25:17.0663 1944 fdc - ok 16:25:17.0710 1944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 16:25:17.0741 1944 fdPHost - ok 16:25:17.0741 1944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 16:25:17.0788 1944 FDResPub - ok 16:25:17.0835 1944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:25:17.0850 1944 FileInfo - ok 16:25:17.0850 1944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:25:17.0897 1944 Filetrace - ok 16:25:17.0913 1944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 16:25:17.0928 1944 flpydisk - ok 16:25:17.0944 1944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:25:17.0975 1944 FltMgr - ok 16:25:18.0038 1944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 16:25:18.0100 1944 FontCache - ok 16:25:18.0162 1944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:25:18.0178 1944 FontCache3.0.0.0 - ok 16:25:18.0209 1944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:25:18.0225 1944 FsDepends - ok 16:25:18.0256 1944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:25:18.0272 1944 Fs_Rec - ok 16:25:18.0287 1944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:25:18.0303 1944 fvevol - ok 16:25:18.0334 1944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:25:18.0350 1944 gagp30kx - ok 16:25:18.0396 1944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 16:25:18.0443 1944 gpsvc - ok 16:25:18.0459 1944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:25:18.0506 1944 hcw85cir - ok 16:25:18.0552 1944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:25:18.0615 1944 HdAudAddService - ok 16:25:18.0646 1944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:25:18.0662 1944 HDAudBus - ok 16:25:18.0677 1944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:25:18.0693 1944 HidBatt - ok 16:25:18.0708 1944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:25:18.0724 1944 HidBth - ok 16:25:18.0755 1944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 16:25:18.0771 1944 HidIr - ok 16:25:18.0802 1944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 16:25:18.0833 1944 hidserv - ok 16:25:18.0880 1944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:25:18.0896 1944 HidUsb - ok 16:25:18.0911 1944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:25:18.0958 1944 hkmsvc - ok 16:25:18.0989 1944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:25:19.0020 1944 HomeGroupListener - ok 16:25:19.0036 1944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:25:19.0067 1944 HomeGroupProvider - ok 16:25:19.0098 1944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:25:19.0114 1944 HpSAMD - ok 16:25:19.0161 1944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:25:19.0223 1944 HTTP - ok 16:25:19.0254 1944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:25:19.0270 1944 hwpolicy - ok 16:25:19.0270 1944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 16:25:19.0286 1944 i8042prt - ok 16:25:19.0317 1944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:25:19.0364 1944 iaStorV - ok 16:25:19.0410 1944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:25:19.0473 1944 idsvc - ok 16:25:19.0488 1944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:25:19.0504 1944 iirsp - ok 16:25:19.0535 1944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 16:25:19.0613 1944 IKEEXT - ok 16:25:19.0754 1944 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:25:19.0816 1944 IntcAzAudAddService - ok 16:25:19.0832 1944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 16:25:19.0847 1944 intelide - ok 16:25:19.0878 1944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:25:19.0894 1944 intelppm - ok 16:25:19.0910 1944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:25:19.0956 1944 IPBusEnum - ok 16:25:19.0972 1944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:25:20.0003 1944 IpFilterDriver - ok 16:25:20.0050 1944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:25:20.0097 1944 iphlpsvc - ok 16:25:20.0112 1944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:25:20.0128 1944 IPMIDRV - ok 16:25:20.0144 1944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:25:20.0190 1944 IPNAT - ok 16:25:20.0206 1944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:25:20.0237 1944 IRENUM - ok 16:25:20.0253 1944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:25:20.0268 1944 isapnp - ok 16:25:20.0284 1944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:25:20.0300 1944 iScsiPrt - ok 16:25:20.0393 1944 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe 16:25:20.0456 1944 jswpsapi ( UnsignedFile.Multi.Generic ) - warning 16:25:20.0456 1944 jswpsapi - detected UnsignedFile.Multi.Generic (1) 16:25:20.0487 1944 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys 16:25:20.0534 1944 JSWPSLWF - ok 16:25:20.0549 1944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:25:20.0565 1944 kbdclass - ok 16:25:20.0612 1944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:25:20.0643 1944 kbdhid - ok 16:25:20.0658 1944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 16:25:20.0674 1944 KeyIso - ok 16:25:20.0736 1944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:25:20.0752 1944 KSecDD - ok 16:25:20.0768 1944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:25:20.0799 1944 KSecPkg - ok 16:25:20.0799 1944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:25:20.0861 1944 ksthunk - ok 16:25:20.0892 1944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 16:25:20.0924 1944 KtmRm - ok 16:25:20.0970 1944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:25:21.0017 1944 LanmanServer - ok 16:25:21.0064 1944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:25:21.0111 1944 LanmanWorkstation - ok 16:25:21.0142 1944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:25:21.0189 1944 lltdio - ok 16:25:21.0236 1944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:25:21.0298 1944 lltdsvc - ok 16:25:21.0360 1944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:25:21.0407 1944 lmhosts - ok 16:25:21.0423 1944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:25:21.0438 1944 LSI_FC - ok 16:25:21.0485 1944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:25:21.0501 1944 LSI_SAS - ok 16:25:21.0516 1944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:25:21.0532 1944 LSI_SAS2 - ok 16:25:21.0548 1944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:25:21.0563 1944 LSI_SCSI - ok 16:25:21.0579 1944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 16:25:21.0626 1944 luafv - ok 16:25:21.0657 1944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:25:21.0719 1944 Mcx2Svc - ok 16:25:21.0735 1944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 16:25:21.0750 1944 megasas - ok 16:25:21.0797 1944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:25:21.0828 1944 MegaSR - ok 16:25:21.0844 1944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 16:25:21.0891 1944 MMCSS - ok 16:25:21.0891 1944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 16:25:21.0938 1944 Modem - ok 16:25:21.0953 1944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:25:21.0984 1944 monitor - ok 16:25:22.0016 1944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:25:22.0031 1944 mouclass - ok 16:25:22.0078 1944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:25:22.0109 1944 mouhid - ok 16:25:22.0125 1944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:25:22.0140 1944 mountmgr - ok 16:25:22.0218 1944 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:25:22.0234 1944 MozillaMaintenance - ok 16:25:22.0250 1944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 16:25:22.0265 1944 mpio - ok 16:25:22.0281 1944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:25:22.0328 1944 mpsdrv - ok 16:25:22.0359 1944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:25:22.0421 1944 MpsSvc - ok 16:25:22.0452 1944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:25:22.0484 1944 MRxDAV - ok 16:25:22.0515 1944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:25:22.0546 1944 mrxsmb - ok 16:25:22.0577 1944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:25:22.0593 1944 mrxsmb10 - ok 16:25:22.0624 1944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:25:22.0640 1944 mrxsmb20 - ok 16:25:22.0671 1944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 16:25:22.0686 1944 msahci - ok 16:25:22.0718 1944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:25:22.0733 1944 msdsm - ok 16:25:22.0796 1944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 16:25:22.0827 1944 MSDTC - ok 16:25:22.0889 1944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:25:22.0936 1944 Msfs - ok 16:25:22.0952 1944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:25:22.0998 1944 mshidkmdf - ok 16:25:23.0014 1944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:25:23.0030 1944 msisadrv - ok 16:25:23.0061 1944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:25:23.0092 1944 MSiSCSI - ok 16:25:23.0108 1944 msiserver - ok 16:25:23.0123 1944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:25:23.0186 1944 MSKSSRV - ok 16:25:23.0217 1944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:25:23.0264 1944 MSPCLOCK - ok 16:25:23.0279 1944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:25:23.0326 1944 MSPQM - ok 16:25:23.0342 1944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:25:23.0373 1944 MsRPC - ok 16:25:23.0388 1944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:25:23.0404 1944 mssmbios - ok 16:25:23.0435 1944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:25:23.0498 1944 MSTEE - ok 16:25:23.0513 1944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:25:23.0544 1944 MTConfig - ok 16:25:23.0560 1944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 16:25:23.0576 1944 Mup - ok 16:25:23.0591 1944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 16:25:23.0669 1944 napagent - ok 16:25:23.0700 1944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:25:23.0732 1944 NativeWifiP - ok 16:25:23.0778 1944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:25:23.0825 1944 NDIS - ok 16:25:23.0841 1944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:25:23.0872 1944 NdisCap - ok 16:25:23.0903 1944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:25:23.0934 1944 NdisTapi - ok 16:25:23.0950 1944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:25:23.0997 1944 Ndisuio - ok 16:25:24.0028 1944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:25:24.0075 1944 NdisWan - ok 16:25:24.0090 1944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:25:24.0122 1944 NDProxy - ok 16:25:24.0137 1944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:25:24.0184 1944 NetBIOS - ok 16:25:24.0215 1944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:25:24.0246 1944 NetBT - ok 16:25:24.0262 1944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 16:25:24.0278 1944 Netlogon - ok 16:25:24.0324 1944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 16:25:24.0371 1944 Netman - ok 16:25:24.0387 1944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 16:25:24.0434 1944 netprofm - ok 16:25:24.0465 1944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:25:24.0480 1944 NetTcpPortSharing - ok 16:25:24.0652 1944 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys 16:25:24.0855 1944 netw5v64 - ok 16:25:24.0902 1944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:25:24.0917 1944 nfrd960 - ok 16:25:24.0995 1944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:25:25.0026 1944 NlaSvc - ok 16:25:25.0042 1944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:25:25.0073 1944 Npfs - ok 16:25:25.0089 1944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 16:25:25.0120 1944 nsi - ok 16:25:25.0120 1944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:25:25.0167 1944 nsiproxy - ok 16:25:25.0229 1944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:25:25.0354 1944 Ntfs - ok 16:25:25.0370 1944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 16:25:25.0416 1944 Null - ok 16:25:25.0463 1944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:25:25.0479 1944 nvraid - ok 16:25:25.0494 1944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:25:25.0510 1944 nvstor - ok 16:25:25.0526 1944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:25:25.0541 1944 nv_agp - ok 16:25:25.0744 1944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:25:25.0775 1944 odserv - ok 16:25:25.0806 1944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:25:25.0838 1944 ohci1394 - ok 16:25:25.0900 1944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:25:25.0916 1944 ose - ok 16:25:25.0947 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:25:26.0009 1944 p2pimsvc - ok 16:25:26.0025 1944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 16:25:26.0072 1944 p2psvc - ok 16:25:26.0103 1944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 16:25:26.0118 1944 Parport - ok 16:25:26.0150 1944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:25:26.0165 1944 partmgr - ok 16:25:26.0196 1944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:25:26.0259 1944 PcaSvc - ok 16:25:26.0274 1944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 16:25:26.0290 1944 pci - ok 16:25:26.0306 1944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 16:25:26.0321 1944 pciide - ok 16:25:26.0337 1944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:25:26.0352 1944 pcmcia - ok 16:25:26.0368 1944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 16:25:26.0384 1944 pcw - ok 16:25:26.0415 1944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:25:26.0493 1944 PEAUTH - ok 16:25:26.0618 1944 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:25:26.0696 1944 PeerDistSvc - ok 16:25:26.0774 1944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:25:26.0805 1944 PerfHost - ok 16:25:26.0867 1944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 16:25:26.0961 1944 pla - ok 16:25:27.0023 1944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:25:27.0101 1944 PlugPlay - ok 16:25:27.0117 1944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:25:27.0148 1944 PNRPAutoReg - ok 16:25:27.0164 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:25:27.0179 1944 PNRPsvc - ok 16:25:27.0226 1944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:25:27.0288 1944 PolicyAgent - ok 16:25:27.0304 1944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 16:25:27.0382 1944 Power - ok 16:25:27.0413 1944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:25:27.0444 1944 PptpMiniport - ok 16:25:27.0460 1944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 16:25:27.0491 1944 Processor - ok 16:25:27.0538 1944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 16:25:27.0569 1944 ProfSvc - ok 16:25:27.0569 1944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:25:27.0585 1944 ProtectedStorage - ok 16:25:27.0616 1944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:25:27.0678 1944 Psched - ok 16:25:27.0741 1944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:25:27.0819 1944 ql2300 - ok 16:25:27.0866 1944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:25:27.0881 1944 ql40xx - ok 16:25:27.0944 1944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 16:25:27.0975 1944 QWAVE - ok 16:25:28.0006 1944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:25:28.0037 1944 QWAVEdrv - ok 16:25:28.0053 1944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:25:28.0084 1944 RasAcd - ok 16:25:28.0115 1944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:25:28.0146 1944 RasAgileVpn - ok 16:25:28.0162 1944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 16:25:28.0209 1944 RasAuto - ok 16:25:28.0224 1944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:25:28.0271 1944 Rasl2tp - ok 16:25:28.0287 1944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 16:25:28.0334 1944 RasMan - ok 16:25:28.0349 1944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:25:28.0412 1944 RasPppoe - ok 16:25:28.0427 1944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:25:28.0474 1944 RasSstp - ok 16:25:28.0490 1944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:25:28.0552 1944 rdbss - ok 16:25:28.0568 1944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:25:28.0630 1944 rdpbus - ok 16:25:28.0646 1944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:25:28.0677 1944 RDPCDD - ok 16:25:28.0724 1944 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:25:28.0739 1944 RDPDR - ok 16:25:28.0755 1944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:25:28.0817 1944 RDPENCDD - ok 16:25:28.0833 1944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:25:28.0880 1944 RDPREFMP - ok 16:25:28.0926 1944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:25:28.0958 1944 RDPWD - ok 16:25:29.0004 1944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:25:29.0020 1944 rdyboost - ok 16:25:29.0051 1944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:25:29.0129 1944 RemoteAccess - ok 16:25:29.0145 1944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:25:29.0192 1944 RemoteRegistry - ok 16:25:29.0238 1944 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 16:25:29.0270 1944 RFCOMM - ok 16:25:29.0301 1944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:25:29.0348 1944 RpcEptMapper - ok 16:25:29.0363 1944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 16:25:29.0410 1944 RpcLocator - ok 16:25:29.0441 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 16:25:29.0472 1944 RpcSs - ok 16:25:29.0550 1944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:25:29.0582 1944 rspndr - ok 16:25:29.0628 1944 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 16:25:29.0644 1944 RTL8167 - ok 16:25:29.0738 1944 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:25:29.0784 1944 s3cap - ok 16:25:29.0800 1944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 16:25:29.0816 1944 SamSs - ok 16:25:29.0847 1944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:25:29.0862 1944 sbp2port - ok 16:25:29.0894 1944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:25:29.0940 1944 SCardSvr - ok 16:25:29.0956 1944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:25:30.0018 1944 scfilter - ok 16:25:30.0065 1944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 16:25:30.0128 1944 Schedule - ok 16:25:30.0159 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:25:30.0190 1944 SCPolicySvc - ok 16:25:30.0268 1944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:25:30.0362 1944 SDRSVC - ok 16:25:30.0377 1944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:25:30.0424 1944 secdrv - ok 16:25:30.0440 1944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 16:25:30.0471 1944 seclogon - ok 16:25:30.0486 1944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 16:25:30.0533 1944 SENS - ok 16:25:30.0549 1944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:25:30.0611 1944 SensrSvc - ok 16:25:30.0627 1944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 16:25:30.0658 1944 Serenum - ok 16:25:30.0705 1944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 16:25:30.0736 1944 Serial - ok 16:25:30.0752 1944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:25:30.0767 1944 sermouse - ok 16:25:30.0798 1944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 16:25:30.0845 1944 SessionEnv - ok 16:25:30.0845 1944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:25:30.0861 1944 sffdisk - ok 16:25:30.0876 1944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:25:30.0908 1944 sffp_mmc - ok 16:25:30.0908 1944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:25:30.0923 1944 sffp_sd - ok 16:25:30.0923 1944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:25:30.0954 1944 sfloppy - ok 16:25:30.0986 1944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:25:31.0064 1944 SharedAccess - ok 16:25:31.0110 1944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:25:31.0157 1944 ShellHWDetection - ok 16:25:31.0204 1944 [ 1B731AE02FC0C1CCDC4B7D32FCC95660 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys 16:25:31.0220 1944 Si3531 - ok 16:25:31.0235 1944 [ 8574809375C8147CC9B6A62822018FD6 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys 16:25:31.0235 1944 SiFilter - ok 16:25:31.0251 1944 [ E7B586131C8C417691E303C511C3563B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys 16:25:31.0266 1944 SiRemFil - ok 16:25:31.0282 1944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:25:31.0298 1944 SiSRaid2 - ok 16:25:31.0329 1944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:25:31.0344 1944 SiSRaid4 - ok 16:25:31.0391 1944 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:25:31.0438 1944 SkypeUpdate - ok 16:25:31.0469 1944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:25:31.0516 1944 Smb - ok 16:25:31.0578 1944 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\Windows\system32\DRIVERS\SmSerl64.sys 16:25:31.0641 1944 smserial - ok 16:25:31.0656 1944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:25:31.0688 1944 SNMPTRAP - ok 16:25:31.0719 1944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 16:25:31.0734 1944 spldr - ok 16:25:31.0766 1944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 16:25:31.0812 1944 Spooler - ok 16:25:31.0890 1944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 16:25:32.0046 1944 sppsvc - ok 16:25:32.0062 1944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:25:32.0093 1944 sppuinotify - ok 16:25:32.0140 1944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 16:25:32.0187 1944 srv - ok 16:25:32.0218 1944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:25:32.0280 1944 srv2 - ok 16:25:32.0327 1944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:25:32.0405 1944 srvnet - ok 16:25:32.0452 1944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:25:32.0483 1944 SSDPSRV - ok 16:25:32.0514 1944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:25:32.0546 1944 SstpSvc - ok 16:25:32.0592 1944 Steam Client Service - ok 16:25:32.0608 1944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:25:32.0624 1944 stexstor - ok 16:25:32.0686 1944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 16:25:32.0748 1944 stisvc - ok 16:25:32.0764 1944 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:25:32.0780 1944 storflt - ok 16:25:32.0795 1944 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 16:25:32.0842 1944 StorSvc - ok 16:25:32.0858 1944 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:25:32.0873 1944 storvsc - ok 16:25:32.0889 1944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:25:32.0904 1944 swenum - ok 16:25:32.0951 1944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 16:25:32.0998 1944 swprv - ok 16:25:33.0092 1944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 16:25:33.0170 1944 SysMain - ok 16:25:33.0185 1944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:25:33.0216 1944 TabletInputService - ok 16:25:33.0279 1944 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys 16:25:33.0326 1944 tap0901t ( UnsignedFile.Multi.Generic ) - warning 16:25:33.0326 1944 tap0901t - detected UnsignedFile.Multi.Generic (1) 16:25:33.0357 1944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:25:33.0419 1944 TapiSrv - ok 16:25:33.0435 1944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 16:25:33.0466 1944 TBS - ok 16:25:33.0528 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:25:33.0669 1944 Tcpip - ok 16:25:33.0731 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:25:33.0762 1944 TCPIP6 - ok 16:25:33.0794 1944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:25:33.0809 1944 tcpipreg - ok 16:25:33.0825 1944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:25:33.0856 1944 TDPIPE - ok 16:25:33.0872 1944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:25:33.0903 1944 TDTCP - ok 16:25:33.0934 1944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:25:33.0981 1944 tdx - ok 16:25:33.0996 1944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:25:34.0012 1944 TermDD - ok 16:25:34.0059 1944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 16:25:34.0152 1944 TermService - ok 16:25:34.0168 1944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 16:25:34.0199 1944 Themes - ok 16:25:34.0215 1944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 16:25:34.0246 1944 THREADORDER - ok 16:25:34.0293 1944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 16:25:34.0340 1944 TrkWks - ok 16:25:34.0371 1944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:25:34.0402 1944 TrustedInstaller - ok 16:25:34.0449 1944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:25:34.0511 1944 tssecsrv - ok 16:25:34.0558 1944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:25:34.0589 1944 TsUsbFlt - ok 16:25:34.0605 1944 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:25:34.0636 1944 TsUsbGD - ok 16:25:34.0667 1944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:25:34.0730 1944 tunnel - ok 16:25:34.0808 1944 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe 16:25:34.0917 1944 TunngleService ( UnsignedFile.Multi.Generic ) - warning 16:25:34.0917 1944 TunngleService - detected UnsignedFile.Multi.Generic (1) 16:25:34.0948 1944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:25:34.0964 1944 uagp35 - ok 16:25:34.0979 1944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:25:35.0042 1944 udfs - ok 16:25:35.0104 1944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:25:35.0120 1944 UI0Detect - ok 16:25:35.0151 1944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:25:35.0166 1944 uliagpkx - ok 16:25:35.0182 1944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:25:35.0213 1944 umbus - ok 16:25:35.0229 1944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 16:25:35.0260 1944 UmPass - ok 16:25:35.0276 1944 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 16:25:35.0322 1944 UmRdpService - ok 16:25:35.0369 1944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 16:25:35.0416 1944 upnphost - ok 16:25:35.0478 1944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:25:35.0510 1944 usbaudio - ok 16:25:35.0556 1944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:25:35.0603 1944 usbccgp - ok 16:25:35.0666 1944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:25:35.0681 1944 usbcir - ok 16:25:35.0712 1944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:25:35.0728 1944 usbehci - ok 16:25:35.0759 1944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:25:35.0790 1944 usbhub - ok 16:25:35.0790 1944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:25:35.0822 1944 usbohci - ok 16:25:35.0853 1944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:25:35.0868 1944 usbprint - ok 16:25:35.0900 1944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:25:35.0962 1944 USBSTOR - ok 16:25:35.0978 1944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:25:35.0993 1944 usbuhci - ok 16:25:36.0024 1944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 16:25:36.0071 1944 usbvideo - ok 16:25:36.0102 1944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 16:25:36.0149 1944 UxSms - ok 16:25:36.0180 1944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 16:25:36.0180 1944 VaultSvc - ok 16:25:36.0243 1944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:25:36.0258 1944 vdrvroot - ok 16:25:36.0290 1944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 16:25:36.0368 1944 vds - ok 16:25:36.0399 1944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:25:36.0414 1944 vga - ok 16:25:36.0430 1944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 16:25:36.0477 1944 VgaSave - ok 16:25:36.0477 1944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:25:36.0524 1944 vhdmp - ok 16:25:36.0539 1944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 16:25:36.0555 1944 viaide - ok 16:25:36.0570 1944 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:25:36.0602 1944 vmbus - ok 16:25:36.0617 1944 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:25:36.0633 1944 VMBusHID - ok 16:25:36.0648 1944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:25:36.0680 1944 volmgr - ok 16:25:36.0680 1944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:25:36.0695 1944 volmgrx - ok 16:25:36.0726 1944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:25:36.0758 1944 volsnap - ok 16:25:36.0789 1944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:25:36.0804 1944 vsmraid - ok 16:25:36.0882 1944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 16:25:37.0023 1944 VSS - ok 16:25:37.0038 1944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 16:25:37.0070 1944 vwifibus - ok 16:25:37.0085 1944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 16:25:37.0148 1944 W32Time - ok 16:25:37.0179 1944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:25:37.0194 1944 WacomPen - ok 16:25:37.0241 1944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:25:37.0288 1944 WANARP - ok 16:25:37.0304 1944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:25:37.0335 1944 Wanarpv6 - ok 16:25:37.0413 1944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 16:25:37.0491 1944 WatAdminSvc - ok 16:25:37.0538 1944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 16:25:37.0694 1944 wbengine - ok 16:25:37.0709 1944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:25:37.0740 1944 WbioSrvc - ok 16:25:37.0772 1944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:25:37.0803 1944 wcncsvc - ok 16:25:37.0834 1944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:25:37.0865 1944 WcsPlugInService - ok 16:25:37.0881 1944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 16:25:37.0896 1944 Wd - ok 16:25:37.0959 1944 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe 16:25:38.0006 1944 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning 16:25:38.0006 1944 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1) 16:25:38.0052 1944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:25:38.0115 1944 Wdf01000 - ok 16:25:38.0130 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:25:38.0240 1944 WdiServiceHost - ok 16:25:38.0240 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:25:38.0271 1944 WdiSystemHost - ok 16:25:38.0286 1944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 16:25:38.0333 1944 WebClient - ok 16:25:38.0349 1944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:25:38.0411 1944 Wecsvc - ok 16:25:38.0427 1944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:25:38.0458 1944 wercplsupport - ok 16:25:38.0505 1944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 16:25:38.0536 1944 WerSvc - ok 16:25:38.0567 1944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:25:38.0598 1944 WfpLwf - ok 16:25:38.0614 1944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:25:38.0630 1944 WIMMount - ok 16:25:38.0645 1944 WinDefend - ok 16:25:38.0645 1944 WinHttpAutoProxySvc - ok 16:25:38.0708 1944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:25:38.0739 1944 Winmgmt - ok 16:25:38.0817 1944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 16:25:38.0957 1944 WinRM - ok 16:25:39.0004 1944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:25:39.0035 1944 WinUsb - ok 16:25:39.0082 1944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 16:25:39.0129 1944 Wlansvc - ok 16:25:39.0144 1944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:25:39.0160 1944 WmiAcpi - ok 16:25:39.0207 1944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:25:39.0222 1944 wmiApSrv - ok 16:25:39.0269 1944 WMPNetworkSvc - ok 16:25:39.0285 1944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:25:39.0300 1944 WPCSvc - ok 16:25:39.0316 1944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:25:39.0332 1944 WPDBusEnum - ok 16:25:39.0347 1944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:25:39.0378 1944 ws2ifsl - ok 16:25:39.0410 1944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 16:25:39.0456 1944 wscsvc - ok 16:25:39.0456 1944 WSearch - ok 16:25:39.0534 1944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 16:25:39.0612 1944 wuauserv - ok 16:25:39.0644 1944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:25:39.0690 1944 WudfPf - ok 16:25:39.0737 1944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:25:39.0768 1944 WUDFRd - ok 16:25:39.0784 1944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:25:39.0815 1944 wudfsvc - ok 16:25:39.0909 1944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 16:25:39.0924 1944 WwanSvc - ok 16:25:39.0971 1944 ================ Scan global =============================== 16:25:39.0987 1944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 16:25:40.0034 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 16:25:40.0080 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 16:25:40.0096 1944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 16:25:40.0127 1944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 16:25:40.0158 1944 [Global] - ok 16:25:40.0158 1944 ================ Scan MBR ================================== 16:25:40.0174 1944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:25:40.0626 1944 \Device\Harddisk0\DR0 - ok 16:25:40.0626 1944 ================ Scan VBR ================================== 16:25:40.0626 1944 [ 9A41F03AA6B58A12EBB379785219C37A ] \Device\Harddisk0\DR0\Partition1 16:25:40.0642 1944 \Device\Harddisk0\DR0\Partition1 - ok 16:25:40.0658 1944 [ 50DAAD8F7B8CEA706BBFDFA2B6097FBB ] \Device\Harddisk0\DR0\Partition2 16:25:40.0658 1944 \Device\Harddisk0\DR0\Partition2 - ok 16:25:40.0658 1944 ============================================================ 16:25:40.0658 1944 Scan finished 16:25:40.0658 1944 ============================================================ 16:25:40.0658 1220 Detected object count: 4 16:25:40.0658 1220 Actual detected object count: 4 16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user 16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip Ich hoffe es passt alles so. |
|
12.02.2013, 11:43
| #7 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2013, 16:28
| #8 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Combofix Logfile: Code:
ATTFilter ComboFix 13-02-12.01 - Daniel 12.02.2013 16:19:01.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2941 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-12 bis 2013-02-12 ))))))))))))))))))))))))))))))
.
.
2013-02-12 15:22 . 2013-02-12 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-09 12:37 . 2013-02-09 12:37 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-02-09 12:37 . 2013-02-09 12:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-09 12:37 . 2013-02-09 12:37 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 12:37 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-09 12:37 . 2013-02-09 12:37 -------- d-----w- c:\users\Daniel\AppData\Local\Programs
2013-02-09 12:31 . 2013-02-09 12:32 -------- d-----w- c:\windows\system32\appmgmt
2013-02-08 19:25 . 2013-02-08 19:25 -------- d-----w- c:\windows\SysWow64\Extensions
2013-02-08 19:25 . 2013-02-08 19:25 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-02-08 19:25 . 2013-02-08 19:25 -------- d-----w- c:\users\Daniel\AppData\Roaming\Babylon
2013-02-08 19:25 . 2013-02-08 19:25 -------- d-----w- c:\programdata\Babylon
2013-02-08 19:24 . 2013-02-08 19:24 -------- d-----w- c:\program files (x86)\Movie2KDownloader.com
2013-02-08 19:24 . 2013-02-08 19:24 -------- d-----w- c:\program files (x86)\hdvidcodec.com
2013-01-28 18:39 . 2013-01-28 18:39 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-28 18:39 . 2013-01-28 18:39 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 13:07 . 2012-09-10 15:11 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 13:07 . 2012-08-28 12:17 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 23:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 23:09 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:09 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:09 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 23:01 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 23:01 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 23:01 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 23:01 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 23:01 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 23:01 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 23:01 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 23:01 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 23:01 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 23:01 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 23:01 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 23:01 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 23:01 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 23:01 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 23:01 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 23:01 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 23:01 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 23:01 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 23:01 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 23:01 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 23:01 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 23:01 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 23:01 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 23:01 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 23:01 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 23:01 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 23:01 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 23:01 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 23:01 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 23:01 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 23:01 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 23:01 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 23:01 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 23:01 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 23:01 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 23:01 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 23:01 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 23:01 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 23:01 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 23:01 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 23:01 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 23:01 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 23:01 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-07-08 35840]
R3 csr_a2dp;Bluetooth-AV-Profil;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-07 1255736]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-09 333864]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 12:39]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 12:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-12 16:24:31
ComboFix-quarantined-files.txt 2013-02-12 15:24
.
Vor Suchlauf: 11 Verzeichnis(se), 23.494.766.592 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.121.864.192 Bytes frei
.
- - End Of File - - DCDFCF1FB56DF6D044FEA6D8F0A99494
|
|
13.02.2013, 13:00
| #9 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Hi poste bitte alle Malwarebytes logs mit Funden: http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2013, 20:49
| #10 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Hey, hier der eine mit Fund: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.09.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-PC [Administrator] 09.02.2013 13:37:47 mbam-log-2013-02-09 (13-37-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222811 Laufzeit: 5 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\$Recycle.Bin\S-1-5-21-1413935850-3561404073-4138151363-1000\$R5RUWQT.exe (PUP.Offerware) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Danke  |
|
13.02.2013, 20:51
| #11 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 03:13
| #12 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.16.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-PC [Administrator] 16.02.2013 20:23:49 mbam-log-2013-02-16 (20-23-49).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 633232 Laufzeit: 2 Stunde(n), 6 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Wie gesagt, er findet keine. Den einen wo er was gefunden hatte, habe ich gepostet. |
|
17.02.2013, 16:16
| #13 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 17:11
| #14 |
| | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.02.2013 6,00MB 11.5.502.149 NOTWENDIG Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.12.2012 6,00MB 11.5.502.135 NOTWENDIG Avira Free Antivirus Avira 14.11.2012 111MB 12.1.9.1236 NOTWENDIG CCleaner Piriform 23.01.2013 3.27 NOTWENDIG Counter-Strike 1.6 05.01.2013 1.00.0000 NOTWENDIG Dropbox Dropbox, Inc. 28.01.2013 1.6.16 NOTWENDIG Dungeon Siege 04.01.2013 UNNÖTIG Google Chrome Google Inc. 09.02.2013 24.0.1312.57 NOTWENDIG GUILD WARS 25.09.2012 NOTWENDIG HDVidCodec hdvidcodec.com 08.02.2013 2.1 Build 26473 UNNÖTIG Java 7 Update 7 (64-bit) Oracle 21.10.2012 127MB 7.0.70 NOTWENDIG Java 7 Update 9 Oracle 03.09.2012 128MB 7.0.90 NOTWENDIG Java SE Development Kit 7 Update 7 (64-bit) Oracle 21.10.2012 188MB 1.7.0.70 NOTWENDIG Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.02.2013 18,4MB 1.70.0.1100 NOTWENDIG Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.08.2012 38,8MB 4.0.30319 UNBEKANNT Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.08.2012 2,93MB 4.0.30319 UNBEKANNT Microsoft Office Enterprise 2007 Microsoft Corporation 26.10.2012 12.0.6612.1000 NOTWENDIG Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.08.2012 300KB 8.0.56336 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 13.12.2012 788KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.12.2012 788KB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 28.08.2012 2,06MB 9.0.21022 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.01.2013 232KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 29.08.2012 600KB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.08.2012 12,2MB 10.0.40219 UNBEKANNT Mozilla Maintenance Service Mozilla 11.01.2013 330KB 17.0.2 UNBEKANNT Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 11.01.2013 41,9MB 17.0.2 NOTWENDIG NETGEAR WNDA3200 wireless adapter Setup NETGEAR 07.09.2012 1.0.0.9 NOTWENDIG PDF-Viewer Tracker Software Products Ltd 28.08.2012 40,2MB 2.5.205.0 NOTWENDIG Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.08.2012 6.0.1.6662 NOTWENDIG Sid Meier's Civilization V 2K Games, Inc. 06.01.2013 NOTWENDIG Skype™ 6.1 Skype Technologies S.A. 28.01.2013 21,1MB 6.1.129 NOTWENDIG Steam Valve Corporation 28.08.2012 35,4MB 1.0.0.0 NOTWENDIG TeamSpeak 3 Client TeamSpeak Systems GmbH 13.12.2012 3.0.6 UNNÖTIG Tunngle beta Tunngle.net GmbH 01.09.2012 8,90MB UNNÖTIG WebCam WebCam 09.09.2012 6.32.0.06a NOTWENDIG Windows Media Encoder 9 Series 01.09.2012 UNBEKANNT Zipeg Zipeg - free app to open ZIP and RAR for Mac and Windows 24.09.2012 2.9.3.1316 NOTWENDIG Danke nochmal |
|
17.02.2013, 17:34
| #15 |
| /// Malware-holic | Browser hat immer script akamaihd.net, Google Suche wird umgeleitet deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. deinstaliere: Dungeon HDVidCodec Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: TeamSpeak Tunngle Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Browser hat immer script akamaihd.net, Google Suche wird umgeleitet |
| angebliche, browser, dumme, einfach, fehler, gefunde, gelöscht, gestern, google, installier, installiert, laufen, malewarebytes, melde, nicht mehr, problem, schonmal, script, suche, system, tagen, troja, trojaner-board, umgeleitet, würde, würdet |
WARNUNG an die MITLESER: 
Linear-Darstellung
