| |
| |||||||
Log-Analyse und Auswertung: Feed.Helperbar Redirect SuchmaschineWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.02.2013, 12:51
| #1 |
| |  Feed.Helperbar Redirect Suchmaschine Guten Tag, vor kurzem ist mir aufgefallen, das mein Browser mich auf eine Yahoosuchseite umleitet, habe leider die konkrete URL nicht mehr da ich das redirecting schon behoben habe. Trotzdem bin ich mir ziemlich sicher das mein System noch nicht ganz sauber ist. Habe bereits mit Malwarebytes und etlichen anderen Antiviren/Rootkit/ - Scannern mein System checken lassen und es wurde soweit nicht mehr gefunden. Ich würde trotzdem gerne die Logfiles posten um zu gucken ob letzen endes doch noch etwas übrig geblieben ist und ob ich eventuell einfach formatieren sollte oder obs so noch zu retten ist. In den Logfiles habe ich bereits Einträge zur Feed.Helper Bar gefunden. //Der Code der Gmer.txt hat leider nicht mehr gepasst und befindet sich im Anhang. mit freundlichen Grüßen OTL: Code:
ATTFilter OTL logfile created on: 14.02.2013 11:54:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mustermann\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,76% Memory free 8,00 Gb Paging File | 5,24 Gb Available in Paging File | 65,49% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297,99 Gb Total Space | 213,16 Gb Free Space | 71,53% Space Free | Partition Type: NTFS Computer Name: Mustermann| User Name: Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.14 11:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe PRC - [2013.02.11 14:35:12 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.03 20:49:08 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.09.19 11:29:46 | 000,076,128 | ---- | M] (TuneUp Software) -- C:\Users\Mustermann\AppData\Local\Temp\TUUUninstallHelper.exe PRC - [2011.04.13 10:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe PRC - [2011.03.21 20:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe PRC - [2011.03.10 12:04:08 | 000,231,936 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe PRC - [2011.03.10 10:25:06 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Abyssus\razerofa.exe PRC - [2011.03.10 10:24:32 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe PRC - [2011.03.01 13:34:30 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\vdDaemon.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.11.27 11:04:44 | 000,278,528 | ---- | M] () -- C:\ProgrammeLuki\WNA\WifiSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.02.12 20:20:34 | 012,638,576 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll MOD - [2013.02.11 14:35:24 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll MOD - [2013.02.11 14:35:09 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.02.11 14:35:02 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2013.02.11 14:35:02 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.02.11 14:35:02 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2013.02.11 14:35:02 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2011.04.13 10:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe MOD - [2011.03.10 12:04:08 | 000,231,936 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe MOD - [2011.03.10 10:24:32 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe MOD - [2011.03.01 13:34:30 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\vdDaemon.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.11 14:35:12 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.11.02 22:45:58 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.27 11:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\ProgrammeLuki\WNA\WifiSvc.exe -- (WSWNA1100) SRV - [2009.11.05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\ProgrammeLuki\WNA\jswpsapi.exe -- (jswpsapi) SRV - [2009.09.08 10:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.10.14 11:56:43 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms) DRV:64bit: - [2010.09.08 10:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.11.10 14:50:18 | 000,014,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd) DRV:64bit: - [2009.11.10 02:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.10.30 09:53:50 | 000,010,880 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Abyssus.sys -- (Abyssus) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.11 03:15:22 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008.05.15 01:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011.09.27 13:20:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 65 89 16 16 D3 CD 01 [binary data] IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=ds&fr=linkury-tb&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) [2011.10.07 20:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions [2011.06.27 09:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.10.07 20:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org [2013.02.11 20:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\mctkyjev.default\extensions [2013.02.11 14:22:12 | 000,002,428 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\mozilla\firefox\profiles\mctkyjev.default\searchplugins\Web Search.xml ========== Chrome ========== CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=hp&fr=linkury-tb CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=hp&fr=linkury-tb CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Adblock Plus = C:\Users\MustermannAppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: AdBlock = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\ CHR - Extension: avast! WebRep = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ O1 HOSTS File: ([2013.02.11 21:08:48 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F03EE1-F9F6-4D87-BA10-7DC50F7083FB}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.14 11:44:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{85652147-5110-11e2-a566-00241d5c206d}\Shell - "" = AutoRun O33 - MountPoints2\{85652147-5110-11e2-a566-00241d5c206d}\Shell\AutoRun\command - "" = E:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 11:51:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2013.02.13 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2013.02.13 15:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.02.13 15:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.02.13 15:42:39 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.02.13 15:42:39 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.02.13 15:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.02.13 15:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.02.13 15:42:36 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.02.13 15:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.02.13 15:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.02.13 15:41:57 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.13 15:41:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013.02.13 15:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.02.13 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.02.13 12:32:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 12:32:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 12:32:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 12:32:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 12:32:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 12:32:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 12:32:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 12:32:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 12:32:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 12:32:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 12:32:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 12:32:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 12:32:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 12:32:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 12:32:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Adobe [2013.02.13 10:32:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 10:32:51 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 10:32:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 10:32:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 10:32:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 10:32:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 10:32:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 10:32:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 10:32:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 10:32:31 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.11 21:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Macromedia [2013.02.11 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\ATI [2013.02.11 21:28:16 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\VirtualStore [2013.02.11 21:19:43 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes [2013.02.11 21:18:19 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Programs [2013.02.11 21:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2013.02.11 20:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.02.11 20:53:49 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.02.11 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.11 14:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.11 14:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.11 14:37:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.11 14:30:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.11 14:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.11 14:30:27 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.02.11 14:30:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.11 14:30:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.11 14:30:26 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.11 14:30:26 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.11 14:30:23 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.02.11 14:30:23 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.02.11 14:30:23 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.02.11 14:30:22 | 003,671,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.02.11 14:30:22 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.02.11 14:30:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.02.11 14:30:22 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.02.11 14:30:21 | 001,269,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.02.11 14:30:21 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.11 14:30:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.11 14:30:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.11 14:30:21 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.11 14:30:21 | 000,116,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.02.11 14:30:21 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.11 14:30:21 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.11 14:30:16 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.02.11 14:30:16 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.02.11 14:30:16 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.02.11 14:30:16 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll [2013.02.11 14:30:16 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll [2013.02.11 14:30:15 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.02.11 14:30:15 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.11 14:30:14 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.11 14:30:12 | 002,703,456 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.11 14:30:11 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.02.11 14:30:10 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.02.11 14:30:10 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.02.11 14:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.11 14:30:08 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.02.11 14:23:46 | 000,000,000 | ---D | C] -- C:\Intel [2013.02.11 14:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW [2013.02.11 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\OpenCandy [2013.02.11 14:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 11:52:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.14 11:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe [2013.02.14 11:50:50 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 11:50:50 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 11:44:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.14 11:42:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 11:42:45 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.02.14 01:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1276361010-833485166-2124046245-1000UA.job [2013.02.13 15:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.02.13 13:30:43 | 000,542,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.13 12:06:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1276361010-833485166-2124046245-1000Core.job [2013.02.11 21:26:02 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2013.02.11 21:08:48 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.11 20:53:57 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.11 20:53:57 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.02.11 20:53:57 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.02.11 14:19:20 | 000,002,361 | ---- | M] () -- C:\Users\Mustermann\Desktop\Google Chrome.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 15:42:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.13 15:42:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.13 15:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.02.12 11:47:29 | 000,542,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 21:26:02 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job [2013.02.11 20:53:57 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.11 20:53:57 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013.02.11 20:53:57 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013.02.11 20:53:53 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.02.11 14:30:21 | 000,369,117 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2012.12.12 20:36:55 | 000,006,148 | -H-- | C] () -- C:\Users\Mustermann\.DS_Store [2012.09.13 22:25:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2012.07.03 12:19:56 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.10.20 17:37:46 | 000,170,062 | ---- | C] () -- C:\Windows\hpwins26.dat [2011.10.20 17:37:46 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.07 11:01:01 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.27 06:53:23 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp [2011.06.26 12:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 60 bytes -> C:\Users\Mustermann\.DS_Store:AFP_AfpInfo < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 11:54:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\
Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,76% Memory free
8,00 Gb Paging File | 5,24 Gb Available in Paging File | 65,49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 213,16 Gb Free Space | 71,53% Space Free | Partition Type: NTFS
Computer Name: Mustermann | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0734D9B2-7323-40BE-A238-58B9FAAC9A93}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{087DCDCE-B7F2-409E-AEEF-6F9E7E9DCBB4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{104FB648-0968-40D4-95EE-BBC01A2B6230}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{135C2016-8C61-4694-8A5A-82C2F1A54C65}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1365A46A-5567-4DBC-A73C-7EF81F2AB77D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29C558F7-F383-4DF6-AE1F-7FAC0DF46E78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2E208AB2-A9A3-4F7B-856E-A5508234B5A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{3558A83E-FF55-426B-892C-DCD177BAACAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{379D902F-EDC2-4168-B62E-C59ACEF3DC5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4461ECF3-7431-4FA7-81B3-A3A9EBA377AC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51D821D3-C334-4B6F-9421-8EDB7887FA34}" = rport=137 | protocol=17 | dir=out | app=system |
"{56A0CB9B-CDD1-46DE-9DE9-00D8DED35A69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61D594B3-E244-4CA5-848C-A88C71A844FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{645F8232-004B-4EC5-9F4E-0AB392205BB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{65886C65-E235-4B2D-BC42-AE85185DC3BB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{6D183D23-F38D-4ED7-B7D8-B7F2113FA435}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{736EC6F9-214C-49A4-AA86-89AD5C86576A}" = lport=445 | protocol=6 | dir=in | app=system |
"{75BB7A55-4030-4FFF-AB06-6C6FB6E0002A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A95DDBC-1A8D-4AC3-B4BD-9573CC3253EF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7D980BD3-396B-4E57-A220-4DDC2702D19E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{83D10DA0-4848-4624-85E8-46BD6BF2A3A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{8504B06B-7F21-4D82-9FA2-277B20A632B1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B0212E9-06E0-4008-8E1E-9FFD1CC8FC8E}" = lport=137 | protocol=17 | dir=in | app=system |
"{90773948-B10E-4C0D-9B72-F5ADCA1AF967}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{96819F59-C7DF-4512-8F17-030D107CC2E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3E86048-2F48-4D5E-88C9-57AC871CFF3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A6FCF866-32AA-4D8D-9287-5A7B7B3F82EE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8D21E90-D308-4F5C-BEC8-CEF9B92ABC60}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA2CCEB6-2861-4EB1-BA21-EBF882E6262E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D0911305-C3FF-4602-9542-28B44AC7D5C4}" = rport=138 | protocol=17 | dir=out | app=system |
"{D6C7E75C-6611-48F4-894C-B3AFD6EBEDC2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{D918EFEE-56B4-4313-9181-FA4AF5632BAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF90FF5F-D5D6-437F-82F0-30CDAC0E0D74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EA11E8B3-F664-4773-BAD0-A0443DD8BB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1DD19B7-3DF2-411B-8718-9D20D06D6AE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB04ECF8-56DC-458E-8A8F-8173EED56C2F}" = lport=139 | protocol=6 | dir=in | app=system |
"{FF8ECA5A-B60A-43DD-97C9-1072CB87D1E1}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059F1C07-61B7-46F5-9EB8-49FB32919926}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0639D448-8CB8-4C0D-9FC0-B4ED5D17B690}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{06A2E27E-0769-4136-A3FE-4734C11BFDB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0AB99351-0644-4222-91E8-DEE6486FA388}" = dir=in | app=c:\hppackard\oj4500vg510g-m_basic_13\setup\hpznui40.exe |
"{0E45083B-9D53-40F9-9C86-38D64D542322}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{10A99C01-47C4-4E27-AB5E-19AB02F0114D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{117D3869-8EF6-4F72-9B10-D177055BB194}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{1A61C7A3-36F6-471F-A1AF-12A2C42037F5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F06A9F7-610C-4DE3-9E25-8A464DCA948A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{210B7E5D-5387-4377-8C03-2DB122F6B288}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{26C12997-C131-4BA9-9859-F92EA53338C6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2BA53A37-8EC5-4801-9A25-716F1E269EBE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2C1D0511-DB0B-4722-BCC3-363890C5E0CB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B06EAA4-7536-4F1F-B8BC-2E6CCC795921}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3B6729B0-7CDE-4141-877C-FCD672E24451}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3F1BC2DE-5E87-481D-943B-C53BFE4C3D0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{420AE9D9-A600-48C5-94BD-3E8C79B7237A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{445E1B8E-CCA2-4772-A5D0-9ABAF18D185D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{464B3D83-2A53-4EE6-9518-B4FEA172BEB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{471F9DCB-1CFB-4685-97BE-A912F468A1B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{4798FAF5-5E8B-406B-AB08-90B29206E1B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49BC2032-2F07-4158-A74E-F879D739A505}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{4DAB88CA-5298-4483-8C0F-AFC77A21B284}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5176ED89-398F-436F-81D2-5DA688039F10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{53826E8F-C7DE-4B1A-9298-F6FAB81B6244}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{54D16401-CB44-4439-80D8-2C270A3F19B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{62F5B9FC-3D33-4908-8D82-4449BB1F6392}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{648B0AE7-96D0-426C-A8D5-3228C229A892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{67A6D058-ED9B-48DD-962B-592124BF7E9E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6995868D-8F18-4BCE-8606-F288316B82D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{72F132BF-BE37-4F8C-B511-1F48296E7C16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74C92EDA-2C1F-4665-A9B6-CFEB0F373E97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{765035D7-A149-46B8-8208-3300013EF9EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7755759A-CE9A-4C81-809F-3ACADC3377BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{79124B9F-8204-48BC-B2D1-E92FBC7D20BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7992414B-75A9-4561-9FAC-BE96F8C8CF82}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D358173-9F5A-4A8F-BDF8-1507E889BC65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{7E89F77F-FD5D-4AE5-A9D1-2A1BF924EEB8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FC484E1-AE0D-4E34-A015-8E24740A11D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{80AF26E8-50F2-4AAF-A5E1-6A5F1753E01B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{818D5140-CFC3-4EC3-8556-0F282743A6D2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{83C71CD5-EB37-4115-B4E7-CB5FBCC3C3C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{86AB4A12-D0C6-411D-B075-EC9D08264B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{882F1DA6-7B1A-4A0B-9D58-827E2A2E1BE1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8ED3DC9C-D938-476F-8C19-74A57AFA8287}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{904B373C-964E-4B17-BA38-F1F6E29D11D3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{91C05AE1-C1DE-4C0B-BD6F-FEC2F0FD18B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{949F10A4-619F-4AEC-BE01-33C094FC7AE3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C12CBFA-9EC2-41CF-98B0-4D4D7B431F65}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A39A9733-49DB-4E04-8435-3A53262410A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA809119-6D8C-4D38-BD8D-B96D61AB4003}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB5CE35C-D891-4807-91D8-951C0EE430D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AB8EEB5D-EFD8-4390-97D6-DC3F718DF2B1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AE5DBB32-742A-4DDE-AB49-2BEE0F6295E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{AE69C922-3082-46E6-B37E-8975940561C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFD75F14-4861-4CD6-8615-8A2269665FE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B0CE2196-10A4-4786-AC68-01728C3457DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C6D4DB42-B13F-4721-9FB9-A4BCC3B995C4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D13DB6D8-2BA7-464B-958B-BCAED013AE27}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D1B841F6-39CF-4A1D-A070-789A0105F00A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D73BA8A4-3166-4F10-B2AE-22AD8A7D9882}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE672E4A-F22E-4014-AA21-3E99D25103C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DE7BC6C4-F26D-4123-BB5C-06185655C69D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E1964228-10C6-42AC-B2FD-5127EC763DA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E2C4C8BF-B18B-4AC2-B905-EE984A1DB86E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E2EE78BE-7E55-4B9C-AE50-C29441777193}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E50CB41F-DF8D-41EE-84F3-73E1E641DD6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{E64842E6-E4D0-499E-A9CB-60E237EDAD81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E66137FC-2292-4400-9160-6FC24EED982A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{EA810807-17CB-4533-913B-2AA1372302B8}" = protocol=6 | dir=out | app=system |
"{ED9F2D27-0C57-4E84-9D15-E6443ED3BECE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F13EEEA7-ABD7-469B-AA44-9145D4567EA9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F255906B-469B-41E5-9B51-510C2E7277D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8B88BE4-B80E-4F68-9BCE-FF0430A2A4E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{2927052A-2DE1-4714-8F5A-62E93AE7B137}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"TCP Query User{AFE714A1-D4E6-4D0D-B2FB-1DCA6E67081C}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{24239850-EA67-4F20-96DB-635A608DAFB6}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe |
"UDP Query User{88890581-B45F-43E3-9456-97CB632F1B90}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-8001-0407-0102-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{B38968E0-778F-47C3-8781-BAD4E497801C}" = HP Officejet 4500 G510g-m
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7E7A5A7D-1045-4075-9808-60C0DE69D38A}" = 4500G510gm_web
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help_Web
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"foobar2000" = foobar2000 v1.1.18
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"PokerStars" = PokerStars
"Steam App 570" = Dota 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 13.02.2013 10:41:45 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description =
Error - 13.02.2013 10:41:45 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description =
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = VSS | ID = 13
Description =
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description =
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description =
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = VSS | ID = 13
Description =
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description =
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description =
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = VSS | ID = 13
Description =
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description =
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 13.02.2013 16:50:32 | Computer Name = Mustermann | Source = DCOM | ID = 10010
Description =
Error - 13.02.2013 20:11:25 | Computer Name = Mustermann | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package (KB2538243)
Error - 13.02.2013 20:11:46 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 13.02.2013 20:11:46 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.02.2013 06:43:16 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.02.2013 06:43:34 | Computer Name = Mustermann | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 14.02.2013 06:43:41 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.02.2013 06:43:48 | Computer Name = Mustermann| Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.02.2013 06:43:52 | Computer Name = Mustermann| Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
Error - 14.02.2013 06:45:07 | Computer Name = Mustermann | Source = DCOM | ID = 10016
Description =
< End of report >
Danke für Ihre Mühen. |
|
14.02.2013, 13:43
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Feed.Helperbar Redirect Suchmaschine Hallo und
__________________ Zitat:
Warum AutoCAD Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
14.02.2013, 13:56
| #3 |
| | Feed.Helperbar Redirect Suchmaschine Hi Cosinus,
__________________Studiere Bauing und konstruiere viel in CAD, Student Version wird ja angeboten warum also nicht? bzw. wurd uns sogar geraten von unserem Prof. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.14.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mustermann :: MUSTERMANN [Administrator] 14.02.2013 13:48:16 mbam-log-2013-02-14 (13-48-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230924 Laufzeit: 5 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von luckyluked (14.02.2013 um 14:04 Uhr) |
|
14.02.2013, 13:58
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Feed.Helperbar Redirect SuchmaschineZitat:
aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.02.2013, 14:13
| #5 |
| | Feed.Helperbar Redirect Suchmaschine Hi Cosinus, ja das macht Sinn  .ADW: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 14/02/2013 um 13:00:11 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mustermann - MUSTERMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSTIOH2\adwcleaner0.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\Mustermann\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mustermann\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [2489 octets] - [14/02/2013 13:00:11]
########## EOF - C:\AdwCleaner[R1].txt - [2549 octets] ##########
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 14/02/2013 um 13:00:32 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mustermann - MUSTERMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSTIOH2\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\Mustermann\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mustermann\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[R1].txt - [2610 octets] - [14/02/2013 13:00:11]
AdwCleaner[S1].txt - [2229 octets] - [14/02/2013 13:00:32]
########## EOF - C:\AdwCleaner[S1].txt - [2289 octets] ##########
Code:
ATTFilter 14:09:39.0817 8280 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:09:40.0011 8280 ============================================================
14:09:40.0011 8280 Current date / time: 2013/02/14 14:09:40.0011
14:09:40.0011 8280 SystemInfo:
14:09:40.0011 8280
14:09:40.0011 8280 OS Version: 6.1.7601 ServicePack: 1.0
14:09:40.0011 8280 Product type: Workstation
14:09:40.0011 8280 ComputerName: MUSTERMANN
14:09:40.0011 8280 UserName: Mustermann
14:09:40.0011 8280 Windows directory: C:\Windows
14:09:40.0011 8280 System windows directory: C:\Windows
14:09:40.0012 8280 Running under WOW64
14:09:40.0012 8280 Processor architecture: Intel x64
14:09:40.0012 8280 Number of processors: 2
14:09:40.0012 8280 Page size: 0x1000
14:09:40.0012 8280 Boot type: Normal boot
14:09:40.0012 8280 ============================================================
14:09:41.0306 8280 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:09:41.0316 8280 ============================================================
14:09:41.0316 8280 \Device\Harddisk0\DR0:
14:09:41.0316 8280 MBR partitions:
14:09:41.0316 8280 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:41.0316 8280 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB000
14:09:41.0316 8280 ============================================================
14:09:41.0339 8280 C: <-> \Device\Harddisk0\DR0\Partition2
14:09:41.0339 8280 ============================================================
14:09:41.0339 8280 Initialize success
14:09:41.0339 8280 ============================================================
14:09:42.0383 8372 ============================================================
14:09:42.0383 8372 Scan started
14:09:42.0383 8372 Mode: Manual;
14:09:42.0383 8372 ============================================================
14:09:43.0334 8372 ================ Scan system memory ========================
14:09:43.0334 8372 System memory - ok
14:09:43.0335 8372 ================ Scan services =============================
14:09:43.0552 8372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:09:43.0630 8372 1394ohci - ok
14:09:43.0666 8372 [ CDF91E688D456B9702B2EA72C85F840C ] Abyssus C:\Windows\system32\drivers\Abyssus.sys
14:09:43.0667 8372 Abyssus - ok
14:09:43.0697 8372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:09:43.0700 8372 ACPI - ok
14:09:43.0712 8372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:09:43.0713 8372 AcpiPmi - ok
14:09:43.0800 8372 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:43.0802 8372 AdobeARMservice - ok
14:09:43.0833 8372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:43.0839 8372 adp94xx - ok
14:09:43.0853 8372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:09:43.0858 8372 adpahci - ok
14:09:43.0874 8372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:09:43.0876 8372 adpu320 - ok
14:09:43.0892 8372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:09:43.0893 8372 AeLookupSvc - ok
14:09:43.0929 8372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:09:43.0938 8372 AFD - ok
14:09:43.0959 8372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:09:43.0961 8372 agp440 - ok
14:09:43.0970 8372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:09:43.0971 8372 ALG - ok
14:09:43.0981 8372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:09:43.0982 8372 aliide - ok
14:09:44.0017 8372 [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:09:44.0020 8372 AMD External Events Utility - ok
14:09:44.0038 8372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:09:44.0039 8372 amdide - ok
14:09:44.0059 8372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:09:44.0061 8372 AmdK8 - ok
14:09:44.0741 8372 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:44.0905 8372 amdkmdag - ok
14:09:44.0925 8372 [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:09:44.0928 8372 amdkmdap - ok
14:09:44.0949 8372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:09:44.0951 8372 AmdPPM - ok
14:09:44.0980 8372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:09:44.0982 8372 amdsata - ok
14:09:45.0034 8372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:45.0036 8372 amdsbs - ok
14:09:45.0049 8372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:09:45.0051 8372 amdxata - ok
14:09:45.0081 8372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:09:45.0082 8372 AppID - ok
14:09:45.0098 8372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:09:45.0100 8372 AppIDSvc - ok
14:09:45.0116 8372 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:09:45.0118 8372 Appinfo - ok
14:09:45.0164 8372 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:09:45.0190 8372 AppMgmt - ok
14:09:45.0244 8372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:09:45.0265 8372 arc - ok
14:09:45.0269 8372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:09:45.0271 8372 arcsas - ok
14:09:45.0374 8372 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:45.0375 8372 aspnet_state - ok
14:09:45.0412 8372 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:09:45.0413 8372 aswFsBlk - ok
14:09:45.0490 8372 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:09:45.0492 8372 aswMonFlt - ok
14:09:45.0517 8372 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:09:45.0518 8372 aswRdr - ok
14:09:45.0572 8372 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:09:45.0587 8372 aswSnx - ok
14:09:45.0616 8372 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:09:45.0620 8372 aswSP - ok
14:09:45.0641 8372 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:09:45.0643 8372 aswTdi - ok
14:09:45.0687 8372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:45.0688 8372 AsyncMac - ok
14:09:45.0705 8372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:09:45.0705 8372 atapi - ok
14:09:45.0778 8372 [ C579174DAF19E9330C31C95DF1471380 ] athur C:\Windows\system32\DRIVERS\athurx.sys
14:09:45.0794 8372 athur - ok
14:09:46.0026 8372 [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:46.0074 8372 atikmdag - ok
14:09:46.0132 8372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:46.0139 8372 AudioEndpointBuilder - ok
14:09:46.0147 8372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:09:46.0150 8372 AudioSrv - ok
14:09:46.0277 8372 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:09:46.0278 8372 avast! Antivirus - ok
14:09:46.0329 8372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:09:46.0331 8372 AxInstSV - ok
14:09:46.0367 8372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:46.0377 8372 b06bdrv - ok
14:09:46.0406 8372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:46.0410 8372 b57nd60a - ok
14:09:46.0484 8372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:09:46.0486 8372 BDESVC - ok
14:09:46.0499 8372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:09:46.0500 8372 Beep - ok
14:09:46.0557 8372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:09:46.0565 8372 BFE - ok
14:09:46.0618 8372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:09:46.0638 8372 BITS - ok
14:09:46.0651 8372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:46.0652 8372 blbdrive - ok
14:09:46.0697 8372 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:09:46.0702 8372 Bonjour Service - ok
14:09:46.0726 8372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:09:46.0728 8372 bowser - ok
14:09:46.0754 8372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:46.0756 8372 BrFiltLo - ok
14:09:46.0791 8372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:46.0792 8372 BrFiltUp - ok
14:09:46.0817 8372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:09:46.0819 8372 BridgeMP - ok
14:09:46.0838 8372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:09:46.0840 8372 Browser - ok
14:09:46.0851 8372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:09:46.0855 8372 Brserid - ok
14:09:46.0877 8372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:46.0879 8372 BrSerWdm - ok
14:09:46.0887 8372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:46.0888 8372 BrUsbMdm - ok
14:09:46.0905 8372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:46.0907 8372 BrUsbSer - ok
14:09:46.0931 8372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:46.0933 8372 BTHMODEM - ok
14:09:46.0966 8372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:09:46.0968 8372 bthserv - ok
14:09:46.0984 8372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:09:46.0986 8372 cdfs - ok
14:09:47.0038 8372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:09:47.0041 8372 cdrom - ok
14:09:47.0081 8372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:09:47.0082 8372 CertPropSvc - ok
14:09:47.0096 8372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:09:47.0098 8372 circlass - ok
14:09:47.0125 8372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:09:47.0129 8372 CLFS - ok
14:09:47.0199 8372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:47.0201 8372 clr_optimization_v2.0.50727_32 - ok
14:09:47.0243 8372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:47.0246 8372 clr_optimization_v2.0.50727_64 - ok
14:09:47.0330 8372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:47.0332 8372 clr_optimization_v4.0.30319_32 - ok
14:09:47.0346 8372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:47.0376 8372 clr_optimization_v4.0.30319_64 - ok
14:09:47.0400 8372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:47.0401 8372 CmBatt - ok
14:09:47.0419 8372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:09:47.0420 8372 cmdide - ok
14:09:47.0467 8372 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
14:09:47.0469 8372 cmnsusbser - ok
14:09:47.0502 8372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:09:47.0508 8372 CNG - ok
14:09:47.0522 8372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:09:47.0524 8372 Compbatt - ok
14:09:47.0568 8372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:09:47.0569 8372 CompositeBus - ok
14:09:47.0587 8372 COMSysApp - ok
14:09:47.0613 8372 [ 44622785D2D2DD8B13E6DC969B6E34A4 ] copperhd C:\Windows\system32\drivers\copperhd.sys
14:09:47.0622 8372 copperhd - ok
14:09:47.0630 8372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:47.0632 8372 crcdisk - ok
14:09:47.0676 8372 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:09:47.0679 8372 CryptSvc - ok
14:09:47.0747 8372 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:09:47.0752 8372 CSC - ok
14:09:47.0769 8372 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:09:47.0776 8372 CscService - ok
14:09:47.0792 8372 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
14:09:47.0793 8372 CVirtA - ok
14:09:47.0850 8372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:09:47.0857 8372 DcomLaunch - ok
14:09:47.0876 8372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:09:47.0880 8372 defragsvc - ok
14:09:47.0893 8372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:09:47.0895 8372 DfsC - ok
14:09:47.0994 8372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:09:47.0998 8372 Dhcp - ok
14:09:48.0003 8372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:09:48.0005 8372 discache - ok
14:09:48.0021 8372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:09:48.0023 8372 Disk - ok
14:09:48.0062 8372 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
14:09:48.0064 8372 DNE - ok
14:09:48.0114 8372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:09:48.0117 8372 Dnscache - ok
14:09:48.0148 8372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:09:48.0152 8372 dot3svc - ok
14:09:48.0185 8372 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:09:48.0187 8372 Dot4 - ok
14:09:48.0222 8372 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
14:09:48.0223 8372 Dot4Print - ok
14:09:48.0239 8372 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:09:48.0241 8372 dot4usb - ok
14:09:48.0264 8372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:09:48.0266 8372 DPS - ok
14:09:48.0317 8372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:09:48.0318 8372 drmkaud - ok
14:09:48.0361 8372 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:09:48.0371 8372 DXGKrnl - ok
14:09:48.0399 8372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:09:48.0402 8372 EapHost - ok
14:09:48.0535 8372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:09:48.0566 8372 ebdrv - ok
14:09:48.0604 8372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:09:48.0606 8372 EFS - ok
14:09:48.0651 8372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:09:48.0659 8372 ehRecvr - ok
14:09:48.0676 8372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:09:48.0678 8372 ehSched - ok
14:09:48.0798 8372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:09:48.0804 8372 elxstor - ok
14:09:48.0870 8372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:09:48.0872 8372 ErrDev - ok
14:09:48.0901 8372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:09:48.0906 8372 EventSystem - ok
14:09:48.0923 8372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:09:48.0926 8372 exfat - ok
14:09:48.0949 8372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:09:48.0951 8372 fastfat - ok
14:09:48.0994 8372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:09:49.0002 8372 Fax - ok
14:09:49.0012 8372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:09:49.0014 8372 fdc - ok
14:09:49.0036 8372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:09:49.0037 8372 fdPHost - ok
14:09:49.0049 8372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:09:49.0051 8372 FDResPub - ok
14:09:49.0060 8372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:09:49.0061 8372 FileInfo - ok
14:09:49.0080 8372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:09:49.0081 8372 Filetrace - ok
14:09:49.0150 8372 [ 259DC094E2D3F08654C8FB73D8ECC0F5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:09:49.0160 8372 FLEXnet Licensing Service 64 - ok
14:09:49.0172 8372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:49.0173 8372 flpydisk - ok
14:09:49.0183 8372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:09:49.0189 8372 FltMgr - ok
14:09:49.0292 8372 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:09:49.0303 8372 FontCache - ok
14:09:49.0342 8372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:49.0343 8372 FontCache3.0.0.0 - ok
14:09:49.0353 8372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:09:49.0355 8372 FsDepends - ok
14:09:49.0376 8372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:09:49.0378 8372 Fs_Rec - ok
14:09:49.0398 8372 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:09:49.0401 8372 fvevol - ok
14:09:49.0409 8372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:49.0411 8372 gagp30kx - ok
14:09:49.0457 8372 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
14:09:49.0458 8372 gdrv - ok
14:09:49.0496 8372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:09:49.0504 8372 gpsvc - ok
14:09:49.0572 8372 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:49.0574 8372 gupdate - ok
14:09:49.0582 8372 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:49.0582 8372 gupdatem - ok
14:09:49.0598 8372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:09:49.0600 8372 hcw85cir - ok
14:09:49.0633 8372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:49.0647 8372 HdAudAddService - ok
14:09:49.0695 8372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:09:49.0696 8372 HDAudBus - ok
14:09:49.0713 8372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:49.0715 8372 HidBatt - ok
14:09:49.0728 8372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:09:49.0730 8372 HidBth - ok
14:09:49.0740 8372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:09:49.0742 8372 HidIr - ok
14:09:49.0759 8372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:09:49.0761 8372 hidserv - ok
14:09:49.0786 8372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:09:49.0787 8372 HidUsb - ok
14:09:49.0841 8372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:09:49.0844 8372 hkmsvc - ok
14:09:49.0922 8372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:49.0926 8372 HomeGroupListener - ok
14:09:49.0950 8372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:49.0954 8372 HomeGroupProvider - ok
14:09:49.0966 8372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:09:49.0968 8372 HpSAMD - ok
14:09:50.0090 8372 [ 4F6C514B6149E380B8C1EDEAC3D7AEC5 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:09:50.0101 8372 HPSLPSVC - ok
14:09:50.0130 8372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:09:50.0139 8372 HTTP - ok
14:09:50.0149 8372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:09:50.0151 8372 hwpolicy - ok
14:09:50.0174 8372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:09:50.0176 8372 i8042prt - ok
14:09:50.0210 8372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:09:50.0215 8372 iaStorV - ok
14:09:50.0254 8372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:50.0263 8372 idsvc - ok
14:09:50.0717 8372 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:50.0773 8372 igfx - ok
14:09:50.0815 8372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:09:50.0817 8372 iirsp - ok
14:09:50.0851 8372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:09:50.0860 8372 IKEEXT - ok
14:09:50.0976 8372 [ 7A93DBF7DD86A28C0B941F4D39B85A0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:51.0033 8372 IntcAzAudAddService - ok
14:09:51.0054 8372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:09:51.0055 8372 intelide - ok
14:09:51.0114 8372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:09:51.0115 8372 intelppm - ok
14:09:51.0146 8372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:09:51.0149 8372 IPBusEnum - ok
14:09:51.0168 8372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:51.0170 8372 IpFilterDriver - ok
14:09:51.0198 8372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:09:51.0204 8372 iphlpsvc - ok
14:09:51.0286 8372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:09:51.0288 8372 IPMIDRV - ok
14:09:51.0302 8372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:09:51.0304 8372 IPNAT - ok
14:09:51.0319 8372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:09:51.0320 8372 IRENUM - ok
14:09:51.0329 8372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:09:51.0330 8372 isapnp - ok
14:09:51.0361 8372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:09:51.0365 8372 iScsiPrt - ok
14:09:51.0464 8372 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\ProgrammeLuki\WNA\jswpsapi.exe
14:09:51.0476 8372 jswpsapi - ok
14:09:51.0494 8372 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
14:09:51.0495 8372 JSWPSLWF - ok
14:09:51.0514 8372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:09:51.0516 8372 kbdclass - ok
14:09:51.0527 8372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:09:51.0529 8372 kbdhid - ok
14:09:51.0539 8372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:09:51.0541 8372 KeyIso - ok
14:09:51.0566 8372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:09:51.0568 8372 KSecDD - ok
14:09:51.0604 8372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:09:51.0607 8372 KSecPkg - ok
14:09:51.0625 8372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:09:51.0627 8372 ksthunk - ok
14:09:51.0705 8372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:09:51.0711 8372 KtmRm - ok
14:09:51.0763 8372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:09:51.0768 8372 LanmanServer - ok
14:09:51.0799 8372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:51.0804 8372 LanmanWorkstation - ok
14:09:51.0873 8372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:09:51.0874 8372 lltdio - ok
14:09:51.0889 8372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:09:51.0894 8372 lltdsvc - ok
14:09:51.0909 8372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:09:51.0911 8372 lmhosts - ok
14:09:51.0933 8372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:51.0935 8372 LSI_FC - ok
14:09:51.0947 8372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:51.0949 8372 LSI_SAS - ok
14:09:51.0964 8372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:51.0965 8372 LSI_SAS2 - ok
14:09:51.0982 8372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:51.0984 8372 LSI_SCSI - ok
14:09:51.0997 8372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:09:51.0998 8372 luafv - ok
14:09:52.0027 8372 [ BEB897CE49F7C991845D3AEA0D298E53 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
14:09:52.0029 8372 Lycosa - ok
14:09:52.0051 8372 massfilter - ok
14:09:52.0055 8372 massfilter_hs - ok
14:09:52.0097 8372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:09:52.0099 8372 Mcx2Svc - ok
14:09:52.0111 8372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:09:52.0112 8372 megasas - ok
14:09:52.0128 8372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:52.0132 8372 MegaSR - ok
14:09:52.0145 8372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:09:52.0148 8372 MMCSS - ok
14:09:52.0156 8372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:09:52.0157 8372 Modem - ok
14:09:52.0184 8372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:09:52.0185 8372 monitor - ok
14:09:52.0328 8372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:09:52.0340 8372 mouclass - ok
14:09:52.0398 8372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:09:52.0426 8372 mouhid - ok
14:09:52.0592 8372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:09:52.0610 8372 mountmgr - ok
14:09:52.0876 8372 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:09:52.0880 8372 MpFilter - ok
14:09:52.0942 8372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:09:52.0945 8372 mpio - ok
14:09:52.0998 8372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:09:53.0006 8372 mpsdrv - ok
14:09:53.0210 8372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:09:53.0226 8372 MpsSvc - ok
14:09:53.0290 8372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:09:53.0308 8372 MRxDAV - ok
14:09:53.0352 8372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:53.0355 8372 mrxsmb - ok
14:09:53.0433 8372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:53.0447 8372 mrxsmb10 - ok
14:09:53.0467 8372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:53.0469 8372 mrxsmb20 - ok
14:09:53.0494 8372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:09:53.0495 8372 msahci - ok
14:09:53.0513 8372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:09:53.0515 8372 msdsm - ok
14:09:53.0536 8372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:09:53.0540 8372 MSDTC - ok
14:09:53.0554 8372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:09:53.0555 8372 Msfs - ok
14:09:53.0571 8372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:09:53.0572 8372 mshidkmdf - ok
14:09:53.0576 8372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:09:53.0577 8372 msisadrv - ok
14:09:53.0628 8372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:09:53.0650 8372 MSiSCSI - ok
14:09:53.0653 8372 msiserver - ok
14:09:53.0701 8372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:09:53.0721 8372 MSKSSRV - ok
14:09:53.0959 8372 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:09:53.0960 8372 MsMpSvc - ok
14:09:53.0997 8372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:53.0998 8372 MSPCLOCK - ok
14:09:54.0001 8372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:09:54.0003 8372 MSPQM - ok
14:09:54.0027 8372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:09:54.0032 8372 MsRPC - ok
14:09:54.0093 8372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:09:54.0093 8372 mssmbios - ok
14:09:54.0117 8372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:09:54.0129 8372 MSTEE - ok
14:09:54.0152 8372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:54.0163 8372 MTConfig - ok
14:09:54.0219 8372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:09:54.0222 8372 Mup - ok
14:09:54.0363 8372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:09:54.0397 8372 napagent - ok
14:09:54.0663 8372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:09:54.0702 8372 NativeWifiP - ok
14:09:55.0092 8372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:09:55.0101 8372 NDIS - ok
14:09:55.0130 8372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:55.0131 8372 NdisCap - ok
14:09:55.0151 8372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:55.0153 8372 NdisTapi - ok
14:09:55.0176 8372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:55.0178 8372 Ndisuio - ok
14:09:55.0192 8372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:55.0195 8372 NdisWan - ok
14:09:55.0210 8372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:09:55.0211 8372 NDProxy - ok
14:09:55.0247 8372 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:09:55.0274 8372 Net Driver HPZ12 - ok
14:09:55.0278 8372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:09:55.0280 8372 NetBIOS - ok
14:09:55.0300 8372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:09:55.0304 8372 NetBT - ok
14:09:55.0314 8372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:09:55.0316 8372 Netlogon - ok
14:09:55.0374 8372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:09:55.0380 8372 Netman - ok
14:09:55.0454 8372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0466 8372 NetMsmqActivator - ok
14:09:55.0470 8372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0472 8372 NetPipeActivator - ok
14:09:55.0494 8372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:09:55.0500 8372 netprofm - ok
14:09:55.0505 8372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0506 8372 NetTcpActivator - ok
14:09:55.0510 8372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0511 8372 NetTcpPortSharing - ok
14:09:55.0528 8372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:55.0530 8372 nfrd960 - ok
14:09:55.0602 8372 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:09:55.0604 8372 NisDrv - ok
14:09:55.0641 8372 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:09:55.0644 8372 NisSrv - ok
14:09:55.0712 8372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:09:55.0744 8372 NlaSvc - ok
14:09:55.0753 8372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:09:55.0773 8372 Npfs - ok
14:09:55.0819 8372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:09:55.0831 8372 nsi - ok
14:09:55.0917 8372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:09:55.0938 8372 nsiproxy - ok
14:09:56.0010 8372 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:09:56.0026 8372 Ntfs - ok
14:09:56.0037 8372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:09:56.0038 8372 Null - ok
14:09:56.0060 8372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:09:56.0063 8372 nvraid - ok
14:09:56.0090 8372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:09:56.0093 8372 nvstor - ok
14:09:56.0140 8372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:09:56.0142 8372 nv_agp - ok
14:09:56.0152 8372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:09:56.0154 8372 ohci1394 - ok
14:09:56.0219 8372 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:56.0222 8372 ose64 - ok
14:09:56.0378 8372 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:09:56.0423 8372 osppsvc - ok
14:09:56.0445 8372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:09:56.0450 8372 p2pimsvc - ok
14:09:56.0466 8372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:09:56.0473 8372 p2psvc - ok
14:09:56.0581 8372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:09:56.0583 8372 Parport - ok
14:09:56.0604 8372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:09:56.0606 8372 partmgr - ok
14:09:56.0618 8372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:09:56.0623 8372 PcaSvc - ok
14:09:56.0638 8372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:09:56.0641 8372 pci - ok
14:09:56.0660 8372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:09:56.0662 8372 pciide - ok
14:09:56.0690 8372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:09:56.0693 8372 pcmcia - ok
14:09:56.0697 8372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:09:56.0699 8372 pcw - ok
14:09:56.0747 8372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:09:56.0753 8372 PEAUTH - ok
14:09:56.0782 8372 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:09:56.0796 8372 PeerDistSvc - ok
14:09:56.0870 8372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:09:56.0872 8372 PerfHost - ok
14:09:56.0914 8372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:09:56.0931 8372 pla - ok
14:09:57.0106 8372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:09:57.0133 8372 PlugPlay - ok
14:09:57.0227 8372 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:09:57.0235 8372 Pml Driver HPZ12 - ok
14:09:57.0248 8372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:09:57.0255 8372 PNRPAutoReg - ok
14:09:57.0290 8372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:09:57.0294 8372 PNRPsvc - ok
14:09:57.0364 8372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:09:57.0372 8372 PolicyAgent - ok
14:09:57.0394 8372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:09:57.0400 8372 Power - ok
14:09:57.0468 8372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:09:57.0470 8372 PptpMiniport - ok
14:09:57.0527 8372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:09:57.0529 8372 Processor - ok
14:09:57.0655 8372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:09:57.0661 8372 ProfSvc - ok
14:09:57.0677 8372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:57.0680 8372 ProtectedStorage - ok
14:09:57.0706 8372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:09:57.0708 8372 Psched - ok
14:09:57.0745 8372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:09:57.0759 8372 ql2300 - ok
14:09:57.0773 8372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:09:57.0776 8372 ql40xx - ok
14:09:57.0797 8372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:09:57.0802 8372 QWAVE - ok
14:09:57.0809 8372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:09:57.0810 8372 QWAVEdrv - ok
14:09:57.0867 8372 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
14:09:57.0870 8372 RapiMgr - ok
14:09:57.0886 8372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:09:57.0888 8372 RasAcd - ok
14:09:57.0952 8372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:57.0954 8372 RasAgileVpn - ok
14:09:57.0970 8372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:09:57.0974 8372 RasAuto - ok
14:09:57.0990 8372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:57.0993 8372 Rasl2tp - ok
14:09:58.0017 8372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:09:58.0024 8372 RasMan - ok
14:09:58.0030 8372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:58.0032 8372 RasPppoe - ok
14:09:58.0057 8372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:09:58.0060 8372 RasSstp - ok
14:09:58.0081 8372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:09:58.0085 8372 rdbss - ok
14:09:58.0090 8372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:58.0092 8372 rdpbus - ok
14:09:58.0103 8372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:58.0105 8372 RDPCDD - ok
14:09:58.0132 8372 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:09:58.0135 8372 RDPDR - ok
14:09:58.0152 8372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:09:58.0153 8372 RDPENCDD - ok
14:09:58.0160 8372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:09:58.0162 8372 RDPREFMP - ok
14:09:58.0185 8372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:09:58.0189 8372 RDPWD - ok
14:09:58.0208 8372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:09:58.0212 8372 rdyboost - ok
14:09:58.0244 8372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:09:58.0248 8372 RemoteAccess - ok
14:09:58.0275 8372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:09:58.0280 8372 RemoteRegistry - ok
14:09:58.0316 8372 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:09:58.0318 8372 RimUsb - ok
14:09:58.0356 8372 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:09:58.0359 8372 RimVSerPort - ok
14:09:58.0373 8372 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
14:09:58.0375 8372 ROOTMODEM - ok
14:09:58.0398 8372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:09:58.0402 8372 RpcEptMapper - ok
14:09:58.0409 8372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:09:58.0412 8372 RpcLocator - ok
14:09:58.0441 8372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:09:58.0448 8372 RpcSs - ok
14:09:58.0505 8372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:09:58.0508 8372 rspndr - ok
14:09:58.0519 8372 RTHDMIAzAudService - ok
14:09:58.0604 8372 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:09:58.0646 8372 RTL8167 - ok
14:09:58.0726 8372 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:09:58.0742 8372 s3cap - ok
14:09:58.0765 8372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:09:58.0767 8372 SamSs - ok
14:09:58.0815 8372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:09:58.0832 8372 sbp2port - ok
14:09:58.0903 8372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:09:58.0926 8372 SCardSvr - ok
14:09:58.0979 8372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:09:58.0986 8372 scfilter - ok
14:09:59.0040 8372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:09:59.0053 8372 Schedule - ok
14:09:59.0087 8372 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
14:09:59.0095 8372 SCMNdisP - ok
14:09:59.0114 8372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:09:59.0116 8372 SCPolicySvc - ok
14:09:59.0125 8372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:09:59.0129 8372 SDRSVC - ok
14:09:59.0348 8372 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
14:09:59.0361 8372 SDScannerService - ok
14:09:59.0425 8372 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:09:59.0440 8372 SDUpdateService - ok
14:09:59.0465 8372 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:09:59.0468 8372 SDWSCService - ok
14:09:59.0500 8372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:09:59.0502 8372 secdrv - ok
14:09:59.0530 8372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:09:59.0538 8372 seclogon - ok
14:09:59.0562 8372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:09:59.0567 8372 SENS - ok
14:09:59.0580 8372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:09:59.0588 8372 SensrSvc - ok
14:09:59.0618 8372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:09:59.0620 8372 Serenum - ok
14:09:59.0631 8372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:09:59.0633 8372 Serial - ok
14:09:59.0666 8372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:09:59.0668 8372 sermouse - ok
14:09:59.0704 8372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:09:59.0708 8372 SessionEnv - ok
14:09:59.0752 8372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:09:59.0753 8372 sffdisk - ok
14:09:59.0764 8372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:09:59.0766 8372 sffp_mmc - ok
14:09:59.0770 8372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:09:59.0772 8372 sffp_sd - ok
14:09:59.0780 8372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:09:59.0782 8372 sfloppy - ok
14:09:59.0804 8372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:09:59.0809 8372 SharedAccess - ok
14:09:59.0837 8372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:59.0843 8372 ShellHWDetection - ok
14:09:59.0853 8372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:09:59.0854 8372 SiSRaid2 - ok
14:09:59.0862 8372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:09:59.0864 8372 SiSRaid4 - ok
14:09:59.0920 8372 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:09:59.0923 8372 SkypeUpdate - ok
14:09:59.0951 8372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:09:59.0959 8372 Smb - ok
14:10:00.0054 8372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:10:00.0057 8372 SNMPTRAP - ok
14:10:00.0082 8372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:10:00.0196 8372 spldr - ok
14:10:00.0341 8372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:10:00.0376 8372 Spooler - ok
14:10:00.0571 8372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:10:00.0639 8372 sppsvc - ok
14:10:00.0755 8372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:10:00.0823 8372 sppuinotify - ok
14:10:01.0033 8372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:10:01.0076 8372 srv - ok
14:10:01.0130 8372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:10:01.0150 8372 srv2 - ok
14:10:01.0160 8372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:10:01.0166 8372 srvnet - ok
14:10:01.0338 8372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:10:01.0394 8372 SSDPSRV - ok
14:10:01.0569 8372 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
14:10:01.0601 8372 SSPORT - ok
14:10:01.0622 8372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:10:01.0632 8372 SstpSvc - ok
14:10:01.0677 8372 Steam Client Service - ok
14:10:01.0728 8372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:10:01.0730 8372 stexstor - ok
14:10:01.0766 8372 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:10:01.0767 8372 StillCam - ok
14:10:01.0805 8372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:10:01.0816 8372 stisvc - ok
14:10:01.0833 8372 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:10:01.0835 8372 storflt - ok
14:10:01.0853 8372 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:10:01.0858 8372 StorSvc - ok
14:10:01.0882 8372 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:10:01.0884 8372 storvsc - ok
14:10:01.0898 8372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:10:01.0900 8372 swenum - ok
14:10:01.0918 8372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:10:01.0928 8372 swprv - ok
14:10:02.0027 8372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:10:02.0049 8372 SysMain - ok
14:10:02.0157 8372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:10:02.0190 8372 TabletInputService - ok
14:10:02.0323 8372 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
14:10:02.0384 8372 taphss - ok
14:10:02.0565 8372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:10:02.0587 8372 TapiSrv - ok
14:10:02.0617 8372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:10:02.0624 8372 TBS - ok
14:10:02.0686 8372 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:10:02.0705 8372 Tcpip - ok
14:10:02.0727 8372 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:10:02.0736 8372 TCPIP6 - ok
14:10:02.0768 8372 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:10:02.0770 8372 tcpipreg - ok
14:10:02.0828 8372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:10:02.0830 8372 TDPIPE - ok
14:10:02.0858 8372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:10:02.0860 8372 TDTCP - ok
14:10:02.0898 8372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:10:02.0900 8372 tdx - ok
14:10:02.0960 8372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:10:02.0962 8372 TermDD - ok
14:10:03.0077 8372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:10:03.0086 8372 TermService - ok
14:10:03.0101 8372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:10:03.0105 8372 Themes - ok
14:10:03.0126 8372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:10:03.0128 8372 THREADORDER - ok
14:10:03.0162 8372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:10:03.0166 8372 TrkWks - ok
14:10:03.0212 8372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:03.0214 8372 TrustedInstaller - ok
14:10:03.0284 8372 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:03.0286 8372 tssecsrv - ok
14:10:03.0314 8372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:10:03.0316 8372 TsUsbFlt - ok
14:10:03.0402 8372 [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
14:10:03.0428 8372 TuneUp.UtilitiesSvc - ok
14:10:03.0452 8372 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
14:10:03.0453 8372 TuneUpUtilitiesDrv - ok
14:10:03.0487 8372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:10:03.0489 8372 tunnel - ok
14:10:03.0571 8372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:10:03.0573 8372 uagp35 - ok
14:10:03.0644 8372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:10:03.0655 8372 udfs - ok
14:10:03.0677 8372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:10:03.0684 8372 UI0Detect - ok
14:10:03.0716 8372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:10:03.0718 8372 uliagpkx - ok
14:10:03.0775 8372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:10:03.0777 8372 umbus - ok
14:10:03.0791 8372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:10:03.0793 8372 UmPass - ok
14:10:03.0834 8372 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:10:03.0845 8372 UmRdpService - ok
14:10:03.0861 8372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:10:03.0869 8372 upnphost - ok
14:10:03.0896 8372 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:10:03.0899 8372 USBAAPL64 - ok
14:10:03.0920 8372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:03.0932 8372 usbccgp - ok
14:10:03.0947 8372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:10:03.0950 8372 usbcir - ok
14:10:03.0963 8372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:10:03.0965 8372 usbehci - ok
14:10:03.0998 8372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:10:04.0003 8372 usbhub - ok
14:10:04.0015 8372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:10:04.0017 8372 usbohci - ok
14:10:04.0033 8372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:10:04.0035 8372 usbprint - ok
14:10:04.0052 8372 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:10:04.0054 8372 usbscan - ok
14:10:04.0084 8372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:04.0086 8372 USBSTOR - ok
14:10:04.0118 8372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:10:04.0119 8372 usbuhci - ok
14:10:04.0144 8372 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
14:10:04.0146 8372 usb_rndisx - ok
14:10:04.0180 8372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:10:04.0185 8372 UxSms - ok
14:10:04.0195 8372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:10:04.0198 8372 VaultSvc - ok
14:10:04.0230 8372 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
14:10:04.0232 8372 VClone - ok
14:10:04.0258 8372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:10:04.0260 8372 vdrvroot - ok
14:10:04.0294 8372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:10:04.0305 8372 vds - ok
14:10:04.0317 8372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:04.0320 8372 vga - ok
14:10:04.0330 8372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:10:04.0332 8372 VgaSave - ok
14:10:04.0350 8372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:10:04.0378 8372 vhdmp - ok
14:10:04.0414 8372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:10:04.0435 8372 viaide - ok
14:10:04.0459 8372 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
14:10:04.0461 8372 VKbms - ok
14:10:04.0467 8372 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:10:04.0471 8372 vmbus - ok
14:10:04.0484 8372 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:10:04.0486 8372 VMBusHID - ok
14:10:04.0492 8372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:10:04.0494 8372 volmgr - ok
14:10:04.0521 8372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:10:04.0525 8372 volmgrx - ok
14:10:04.0532 8372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:10:04.0536 8372 volsnap - ok
14:10:04.0559 8372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:04.0561 8372 vsmraid - ok
14:10:04.0616 8372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:10:04.0637 8372 VSS - ok
14:10:04.0652 8372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:10:04.0654 8372 vwifibus - ok
14:10:04.0672 8372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:10:04.0674 8372 vwififlt - ok
14:10:04.0686 8372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:10:04.0688 8372 vwifimp - ok
14:10:04.0750 8372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:10:04.0756 8372 W32Time - ok
14:10:04.0770 8372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:10:04.0772 8372 WacomPen - ok
14:10:04.0788 8372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:10:04.0790 8372 WANARP - ok
14:10:04.0793 8372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:10:04.0795 8372 Wanarpv6 - ok
14:10:04.0846 8372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:10:04.0863 8372 wbengine - ok
14:10:04.0881 8372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:10:04.0886 8372 WbioSrvc - ok
14:10:04.0923 8372 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
14:10:04.0928 8372 WcesComm - ok
14:10:04.0977 8372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:10:04.0985 8372 wcncsvc - ok
14:10:05.0003 8372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:05.0009 8372 WcsPlugInService - ok
14:10:05.0057 8372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:10:05.0059 8372 Wd - ok
14:10:05.0088 8372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:10:05.0097 8372 Wdf01000 - ok
14:10:05.0114 8372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:10:05.0119 8372 WdiServiceHost - ok
14:10:05.0124 8372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:10:05.0129 8372 WdiSystemHost - ok
14:10:05.0155 8372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:10:05.0163 8372 WebClient - ok
14:10:05.0178 8372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:10:05.0186 8372 Wecsvc - ok
14:10:05.0204 8372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:10:05.0210 8372 wercplsupport - ok
14:10:05.0235 8372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:10:05.0241 8372 WerSvc - ok
14:10:05.0293 8372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:05.0294 8372 WfpLwf - ok
14:10:05.0315 8372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:10:05.0316 8372 WIMMount - ok
14:10:05.0330 8372 WinDefend - ok
14:10:05.0338 8372 WinHttpAutoProxySvc - ok
14:10:05.0375 8372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:10:05.0378 8372 Winmgmt - ok
14:10:05.0427 8372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:10:05.0455 8372 WinRM - ok
14:10:05.0495 8372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS
14:10:05.0496 8372 WinUsb - ok
14:10:05.0548 8372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:10:05.0561 8372 Wlansvc - ok
14:10:05.0587 8372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:10:05.0589 8372 WmiAcpi - ok
14:10:05.0640 8372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:10:05.0643 8372 wmiApSrv - ok
14:10:05.0669 8372 WMPNetworkSvc - ok
14:10:05.0711 8372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:10:05.0719 8372 WPCSvc - ok
14:10:05.0742 8372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:10:05.0751 8372 WPDBusEnum - ok
14:10:05.0767 8372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:10:05.0768 8372 ws2ifsl - ok
14:10:05.0790 8372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:10:05.0794 8372 wscsvc - ok
14:10:05.0860 8372 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:10:05.0862 8372 WSDPrintDevice - ok
14:10:05.0866 8372 WSearch - ok
14:10:05.0933 8372 [ 3E366F57CBB540C965BAB1F2BE6D7998 ] WSWNA1100 C:\ProgrammeLuki\WNA\WifiSvc.exe
14:10:05.0936 8372 WSWNA1100 - ok
14:10:05.0999 8372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:10:06.0030 8372 wuauserv - ok
14:10:06.0064 8372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:10:06.0067 8372 WudfPf - ok
14:10:06.0113 8372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:06.0117 8372 WUDFRd - ok
14:10:06.0138 8372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:10:06.0144 8372 wudfsvc - ok
14:10:06.0183 8372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:10:06.0191 8372 WwanSvc - ok
14:10:06.0206 8372 ZTEusbmdm6k - ok
14:10:06.0225 8372 ZTEusbnmea - ok
14:10:06.0231 8372 ZTEusbser6k - ok
14:10:06.0255 8372 ================ Scan global ===============================
14:10:06.0271 8372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:10:06.0293 8372 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0325 8372 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0355 8372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:10:06.0370 8372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:10:06.0375 8372 [Global] - ok
14:10:06.0376 8372 ================ Scan MBR ==================================
14:10:06.0384 8372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:06.0556 8372 \Device\Harddisk0\DR0 - ok
14:10:06.0557 8372 ================ Scan VBR ==================================
14:10:06.0559 8372 [ E76E11EDAACA7A4E87A32E29DB39DBAA ] \Device\Harddisk0\DR0\Partition1
14:10:06.0561 8372 \Device\Harddisk0\DR0\Partition1 - ok
14:10:06.0573 8372 [ BA7F3D314F97567F524D556EB1B08484 ] \Device\Harddisk0\DR0\Partition2
14:10:06.0575 8372 \Device\Harddisk0\DR0\Partition2 - ok
14:10:06.0575 8372 ============================================================
14:10:06.0575 8372 Scan finished
14:10:06.0575 8372 ============================================================
14:10:06.0586 8364 Detected object count: 0
14:10:06.0586 8364 Actual detected object count: 0
14:11:07.0906 8276 Deinitialize success
|
|
14.02.2013, 14:30
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Feed.Helperbar Redirect Suchmaschine Wieso denn adwCleaner, den hatte ich doch garnicht angewiesen 
__________________ --> Feed.Helperbar Redirect Suchmaschine |
|
14.02.2013, 18:46
| #7 |
| | Feed.Helperbar Redirect SuchmaschineCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 18:43:18
-----------------------------
18:43:18.081 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:18.081 Number of processors: 2 586 0x170A
18:43:18.081 ComputerName: MUSTERMANN UserName: Mustermann
18:43:19.141 Initialize success
18:43:24.711 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:43:24.711 Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305244MB BusType: 3
18:43:24.711 Disk 0 MBR read successfully
18:43:24.726 Disk 0 MBR scan
18:43:24.726 Disk 0 Windows 7 default MBR code
18:43:24.726 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:43:24.726 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305142 MB offset 206848
18:43:24.757 Disk 0 scanning C:\Windows\system32\drivers
18:43:30.935 Service scanning
18:43:43.212 Modules scanning
18:43:43.212 Disk 0 trace - called modules:
18:43:43.228 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
18:43:43.228 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048c6060]
18:43:43.228 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003958d20]
18:43:43.243 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80039e0060]
18:43:43.243 Scan finished successfully
18:44:01.417 Disk 0 MBR has been saved successfully to "C:\Users\lsdsm\Desktop\MBR.dat"
18:44:01.417 The log file has been saved successfully to "C:\Users\lsdsm\Desktop\aswMBR.txt"
|
|
15.02.2013, 10:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Feed.Helperbar Redirect Suchmaschine Ok, anscheinend nichts tieferes drin, ein letzter Check Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Feed.Helperbar Redirect Suchmaschine |
| 7-zip, adblock, antivirus, battle.net, bho, bonjour, browser, error, excel, firefox, flash player, google, install.exe, netgear, object, officejet, realtek, refresh, registry, rundll, safer networking, scan, security, server, software, suchmaschine, svchost.exe, system, teamspeak, total commander, trojan, updates, windows |
Linear-Darstellung
