| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Viren-/Trojanercheck nach einjähriger UptdatefaulheitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.02.2013, 21:06
| #1 |
 |  Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Guten Abend! Ich habe heute bei meinem Computer festgestellt dass die automatischen Windows-updates ausgeschaltet waren und ich somit 1 Jahr lang keine Updates erhalten habe. Nun würde ich gern wissen ob ich mir irgendwelche Malware eingefangen habe und hoffe dass ihr mir bei der Suche helfen könnt. Ich bin vollkommen neu bei euch im Forum und habe keine Ahnung ob ich solche Fragen stellen kann und ob ich dafür im richtigen Forenbereich bin.... fals nein dann entschuldige ich mich jetzt schonmal  Viele Grüße Robert |
|
28.02.2013, 21:06
| #2 |
| /// Malware-holic   | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
28.02.2013, 21:48
| #3 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Hier die OTL.txt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.02.2013 21:10:32 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,95 Gb Total Physical Memory | 4,25 Gb Available Physical Memory | 71,47% Memory free 11,90 Gb Paging File | 9,86 Gb Available in Paging File | 82,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 447,59 Gb Total Space | 264,13 Gb Free Space | 59,01% Space Free | Partition Type: NTFS Drive D: | 17,87 Gb Total Space | 1,89 Gb Free Space | 10,58% Space Free | Partition Type: NTFS Computer Name: IROBERT | User Name: Robert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Robert\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccsvchst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\LOLReplay\LOLUtils.dll () MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\wincfi39.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper100) -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (MSSQL$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$SQLEXPRESS) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (mcaudrv_simple) -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys (ManyCam LLC) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ManyCam) -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys (ManyCam LLC) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.003\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130227.001\IDSviA64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys (Symantec Corporation) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=112555&tt=280812_2003_3512_2&babsrc=HP_ss&mntrId=9869b647000000000000ac8112d8259a IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=280812_2003_3512_2&babsrc=SP_ss&mntrId=9869b647000000000000ac8112d8259a IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{C0B93072-C5B9-4412-9A37-4012A29AE9D3}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@mail.ru/GameCenter: C:\Users\Robert\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Robert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.02.27 18:18:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.02.28 20:40:18 | 000,000,000 | ---D | M] [2013.01.25 10:48:18 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=280812_2003_3512_2&babsrc=HP_ss&mntrId=9869b647000000000000ac8112d8259a CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robert\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: MagicScroll eBook Reader = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\ CHR - Extension: AdBlock = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Plants vs Zombies = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: BeGone = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.7.2_0\ CHR - Extension: Google Mail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: MagicScroll eBook Reader = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\ CHR - Extension: AdBlock = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\ CHR - Extension: Plants vs Zombies = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\ CHR - Extension: BeGone = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndfpieflbjbdpgklkeolbmbdkfdiicfk\1.7.2_0\ CHR - Extension: Google Mail = C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.12.05 20:55:08 | 000,000,874 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coieplg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001..\Run: [LOLReplay Recorder] C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-14767671-2794528797-1374734048-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6BAB328-47A3-416E-AF33-974331F368BC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7924EEE-3776-4F8D-910E-7F11F1C6E198}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{af50c33f-9ff3-11e1-9b7a-082e5f818aff}\Shell - "" = AutoRun O33 - MountPoints2\{af50c33f-9ff3-11e1-9b7a-082e5f818aff}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{af50c33f-9ff3-11e1-9b7a-082e5f818aff}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{af50c33f-9ff3-11e1-9b7a-082e5f818aff}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{baceb61f-3cc1-11e2-a59d-ac8112d8259a}\Shell - "" = AutoRun O33 - MountPoints2\{baceb61f-3cc1-11e2-a59d-ac8112d8259a}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.28 21:07:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2013.02.28 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.28 20:11:13 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Enigma Item Changer [2013.02.28 19:17:24 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\ROMs [2013.02.28 17:44:31 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.sys [2013.02.28 17:44:31 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.sys [2013.02.28 17:44:31 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnets.sys [2013.02.28 17:44:31 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.sys [2013.02.28 17:44:31 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam.sys [2013.02.28 17:44:30 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.sys [2013.02.28 17:44:30 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ironx64.sys [2013.02.28 17:44:30 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.sys [2013.02.28 17:44:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1402010.016 [2013.02.28 14:09:45 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2013.02.28 14:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker [2013.02.27 18:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.02.27 18:16:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.02.27 18:16:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.02.27 18:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.02.17 11:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.17 11:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.17 11:24:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.16 19:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging [2013.02.16 19:16:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Bitdefender [2013.02.16 19:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender [2013.02.16 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\QuickScan [2013.02.16 19:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.02.16 19:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.02.08 15:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Path of Exile [2013.02.08 15:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games [2013.02.02 22:58:17 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Macromedia [2013.02.02 22:57:46 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Mozilla [2013.01.31 19:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.31 19:33:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.31 19:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.01.30 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.01.30 16:02:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Origin [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.28 21:07:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe [2013.02.28 20:47:02 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 20:47:02 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.28 20:46:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14767671-2794528797-1374734048-1001UA.job [2013.02.28 20:44:09 | 001,800,138 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.28 20:44:09 | 000,763,270 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.28 20:44:09 | 000,718,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.28 20:44:09 | 000,173,624 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.28 20:44:09 | 000,146,570 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.28 20:40:04 | 000,446,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.28 20:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.28 20:38:55 | 001,593,947 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB [2013.02.28 20:38:33 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021 [2013.02.28 20:33:19 | 001,778,032 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.28 16:46:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-14767671-2794528797-1374734048-1001Core.job [2013.02.28 14:10:06 | 000,000,905 | ---- | M] () -- C:\Users\Robert\Desktop\Unlocker.lnk [2013.02.27 19:46:39 | 000,002,551 | ---- | M] () -- C:\Users\Robert\Desktop\Norton Internet Security.lnk [2013.02.27 18:18:01 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.02.27 18:18:01 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.02.27 18:18:01 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.02.27 16:13:40 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\LOL Recorder.lnk [2013.02.25 14:49:45 | 000,002,368 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk [2013.02.23 18:04:00 | 000,001,539 | ---- | M] () -- C:\Users\Robert\Desktop\FarCry 3.lnk [2013.02.23 18:03:50 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.23 18:03:50 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.20 21:10:10 | 000,002,093 | ---- | M] () -- C:\Users\Robert\.recently-used.xbel [2013.02.20 21:04:57 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Teamspeak 3.lnk [2013.02.20 21:04:57 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2013.02.17 11:24:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.16 19:38:11 | 000,826,691 | ---- | M] () -- C:\ProgramData\1361038381.bdinstall.bin [2013.02.16 19:23:28 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01 [2013.02.16 19:23:28 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr [2013.02.16 19:23:28 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01 [2013.02.16 19:11:21 | 000,000,502 | ---- | M] () -- C:\ProgramData\1361038279.bdinstall.bin [2013.02.16 19:11:02 | 000,000,502 | ---- | M] () -- C:\ProgramData\1361038261.bdinstall.bin [2013.02.16 19:06:28 | 000,000,502 | ---- | M] () -- C:\ProgramData\1361037987.bdinstall.bin [2013.02.16 19:06:09 | 000,000,502 | ---- | M] () -- C:\ProgramData\1361037969.bdinstall.bin [2013.02.08 15:10:39 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.02.05 14:25:31 | 000,002,861 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.02.05 14:25:31 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013.02.02 15:07:43 | 000,000,683 | ---- | M] () -- C:\Users\Robert\Desktop\League of Legends.lnk [2013.01.30 16:00:21 | 000,000,134 | ---- | M] () -- C:\Windows\wininit.ini [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.28 20:38:33 | 001,593,947 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\Cat.DB [2013.02.28 20:38:33 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\VT20130115.021 [2013.02.28 20:20:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.28 20:01:50 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.28 17:44:31 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam64.cat [2013.02.28 17:44:31 | 000,007,603 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa64.cat [2013.02.28 17:44:31 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnet64.cat [2013.02.28 17:44:31 | 000,007,597 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds64.cat [2013.02.28 17:44:31 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symefa.inf [2013.02.28 17:44:31 | 000,002,851 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symds.inf [2013.02.28 17:44:31 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symnet.inf [2013.02.28 17:44:31 | 000,001,418 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.inf [2013.02.28 17:44:31 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symelam.inf [2013.02.28 17:44:30 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.cat [2013.02.28 17:44:30 | 000,007,605 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtspx64.cat [2013.02.28 17:44:30 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.cat [2013.02.28 17:44:30 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\iron.cat [2013.02.28 17:44:30 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\srtsp64.inf [2013.02.28 17:44:30 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\ccsetx64.inf [2013.02.28 17:44:30 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\iron.inf [2013.02.28 17:44:24 | 000,009,103 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\symvtcer.dat [2013.02.28 17:44:24 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1402010.016\isolate.ini [2013.02.28 14:10:06 | 000,000,905 | ---- | C] () -- C:\Users\Robert\Desktop\Unlocker.lnk [2013.02.27 19:46:39 | 000,002,551 | ---- | C] () -- C:\Users\Robert\Desktop\Norton Internet Security.lnk [2013.02.23 18:04:00 | 000,001,539 | ---- | C] () -- C:\Users\Robert\Desktop\FarCry 3.lnk [2013.02.20 21:10:10 | 000,002,093 | ---- | C] () -- C:\Users\Robert\.recently-used.xbel [2013.02.16 19:38:11 | 000,826,691 | ---- | C] () -- C:\ProgramData\1361038381.bdinstall.bin [2013.02.16 19:23:28 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01 [2013.02.16 19:16:16 | 037,133,532 | -H-- | C] () -- C:\bdr-im01.gz [2013.02.16 19:16:16 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01 [2013.02.16 19:16:16 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01 [2013.02.16 19:16:16 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr [2013.02.16 19:11:21 | 000,000,502 | ---- | C] () -- C:\ProgramData\1361038279.bdinstall.bin [2013.02.16 19:11:02 | 000,000,502 | ---- | C] () -- C:\ProgramData\1361038261.bdinstall.bin [2013.02.16 19:06:28 | 000,000,502 | ---- | C] () -- C:\ProgramData\1361037987.bdinstall.bin [2013.02.16 19:06:09 | 000,000,502 | ---- | C] () -- C:\ProgramData\1361037969.bdinstall.bin [2013.02.08 15:10:39 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Path of Exile.lnk [2013.02.05 14:23:23 | 000,002,861 | ---- | C] () -- C:\Windows\diagwrn.xml [2013.02.05 14:23:23 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2013.02.02 15:07:43 | 000,000,683 | ---- | C] () -- C:\Users\Robert\Desktop\League of Legends.lnk [2013.01.29 20:26:31 | 000,000,134 | ---- | C] () -- C:\Windows\wininit.ini [2012.05.18 18:59:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.05.18 18:40:59 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.05.18 18:40:59 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.05.18 18:40:59 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.03.11 10:31:28 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.03.11 10:31:21 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.08 16:54:21 | 000,000,484 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\burnaware.ini [2012.02.26 12:59:43 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.01.18 20:23:17 | 000,000,858 | ---- | C] () -- C:\Windows\client.config.ini [2012.01.10 22:10:42 | 001,778,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.01.10 16:56:00 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.12.10 05:11:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.10 05:03:09 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.12.10 05:02:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.10 05:02:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.10 04:57:50 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.02 00:43:05 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.08.09 08:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.09 08:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.08.09 07:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.03.03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.28 18:40:37 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\.minecraft [2012.11.29 18:14:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Audacity [2012.02.23 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Auslogics [2012.08.29 09:01:07 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Babylon [2013.02.16 19:16:19 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Bitdefender [2012.08.20 08:19:41 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DAEMON Tools Lite [2012.07.11 18:33:25 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\DVDVideoSoft [2013.02.20 21:10:10 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\gtk-2.0 [2012.04.19 19:20:34 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\IDT [2012.11.03 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Leadertech [2012.01.29 00:55:52 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\LolClient [2012.01.14 16:09:34 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\MotioninJoy [2013.02.03 11:27:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Origin [2013.02.16 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\QuickScan [2012.11.04 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SoftGrid Client [2013.02.27 19:04:24 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Spotify [2012.01.09 18:09:26 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Synaptics [2012.12.05 21:05:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TechSmith [2012.11.02 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\The Creative Assembly [2012.02.22 18:10:47 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Tific [2012.01.10 22:11:23 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TP [2012.01.10 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Trine2 [2012.10.09 19:10:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TuneUp Software [2012.05.16 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Unity [2012.09.29 03:23:16 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\uTorrent [2012.08.29 09:01:04 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\YourFileDownloader [2012.01.12 14:24:17 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\_MDLogs ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.04.19 18:21:57 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.09.02 10:58:44 | 000,000,000 | -HSD | M] -- C:\boot [2013.02.28 20:38:41 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.08.28 15:47:34 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.01.09 18:05:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.09.28 21:02:18 | 000,000,000 | ---D | M] -- C:\Games [2011.12.10 05:20:03 | 000,000,000 | -H-D | M] -- C:\HP [2012.01.14 18:08:52 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.28 14:09:45 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.28 20:19:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.02.28 14:24:02 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.01.09 18:05:36 | 000,000,000 | -HSD | M] -- C:\Programme [2012.01.09 18:04:16 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.10.10 17:17:24 | 000,000,000 | ---D | M] -- C:\Riot Games [2012.01.09 19:50:45 | 000,000,000 | ---D | M] -- C:\SWSetup [2013.02.28 21:11:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.01.09 18:04:22 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2012.01.09 18:05:52 | 000,000,000 | R--D | M] -- C:\Users [2013.02.28 20:36:39 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,764 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.01.09 18:13:10 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14767671-2794528797-1374734048-1001Core.job [2012.01.09 18:13:10 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-14767671-2794528797-1374734048-1001UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.09.02 09:56:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.09.02 09:56:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.09.02 09:56:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.09.02 09:56:02 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.09.02 09:56:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.09.02 09:56:02 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.09.02 10:00:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.09.02 10:00:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.09.02 10:00:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.09.02 10:00:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.09.02 10:00:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.09.02 10:00:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.09.02 10:00:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.09.02 10:00:37 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.20 21:10:10 | 000,002,093 | ---- | M] () -- C:\Users\Robert\.recently-used.xbel [2013.02.28 21:38:09 | 003,932,160 | -HS- | M] () -- C:\Users\Robert\ntuser.dat [2013.02.28 21:38:09 | 000,262,144 | -HS- | M] () -- C:\Users\Robert\ntuser.dat.LOG1 [2012.01.09 18:05:57 | 000,000,000 | -HS- | M] () -- C:\Users\Robert\ntuser.dat.LOG2 [2012.01.09 19:57:30 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.01.09 19:57:30 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.01.09 19:57:30 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.01.31 19:44:42 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{12f83abb-6bd5-11e2-a4b1-082e5f818aff}.TM.blf [2013.01.31 19:44:42 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{12f83abb-6bd5-11e2-a4b1-082e5f818aff}.TMContainer00000000000000000001.regtrans-ms [2013.01.31 19:44:42 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{12f83abb-6bd5-11e2-a4b1-082e5f818aff}.TMContainer00000000000000000002.regtrans-ms [2012.11.03 23:00:44 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{15f884ba-2600-11e2-a7ba-082e5f818aff}.TM.blf [2012.11.03 23:00:44 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{15f884ba-2600-11e2-a7ba-082e5f818aff}.TMContainer00000000000000000001.regtrans-ms [2012.11.03 23:00:44 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{15f884ba-2600-11e2-a7ba-082e5f818aff}.TMContainer00000000000000000002.regtrans-ms [2013.02.16 20:17:01 | 000,065,536 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{f6fac726-786b-11e2-b98c-082e5f818aff}.TM.blf [2013.02.16 20:17:01 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{f6fac726-786b-11e2-b98c-082e5f818aff}.TMContainer00000000000000000001.regtrans-ms [2013.02.16 20:17:01 | 000,524,288 | -HS- | M] () -- C:\Users\Robert\ntuser.dat{f6fac726-786b-11e2-b98c-082e5f818aff}.TMContainer00000000000000000002.regtrans-ms [2012.01.09 18:06:05 | 000,000,020 | -HS- | M] () -- C:\Users\Robert\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:07BF512B < End of report > Ich habe leider keine Ahnung wo sich die Extra.txt befindet... |
|
28.02.2013, 21:52
| #4 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.02.2013, 21:57
| #5 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Das Programm hat nichts verdächtiges gefunden. So, hier jetzt das Logfile: Code:
ATTFilter 14:22:18.0540 5832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:22:18.0730 5832 ============================================================
14:22:18.0730 5832 Current date / time: 2013/03/01 14:22:18.0730
14:22:18.0730 5832 SystemInfo:
14:22:18.0730 5832
14:22:18.0730 5832 OS Version: 6.1.7601 ServicePack: 1.0
14:22:18.0730 5832 Product type: Workstation
14:22:18.0730 5832 ComputerName: IROBERT
14:22:18.0730 5832 UserName: Robert
14:22:18.0730 5832 Windows directory: C:\Windows
14:22:18.0730 5832 System windows directory: C:\Windows
14:22:18.0730 5832 Running under WOW64
14:22:18.0730 5832 Processor architecture: Intel x64
14:22:18.0730 5832 Number of processors: 8
14:22:18.0730 5832 Page size: 0x1000
14:22:18.0730 5832 Boot type: Normal boot
14:22:18.0730 5832 ============================================================
14:22:22.0026 5832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:22:22.0031 5832 ============================================================
14:22:22.0031 5832 \Device\Harddisk0\DR0:
14:22:22.0032 5832 MBR partitions:
14:22:22.0032 5832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:22:22.0032 5832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37F2F800
14:22:22.0032 5832 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37F93800, BlocksNum 0x23BE800
14:22:22.0032 5832 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
14:22:22.0032 5832 ============================================================
14:22:22.0063 5832 C: <-> \Device\Harddisk0\DR0\Partition2
14:22:22.0123 5832 D: <-> \Device\Harddisk0\DR0\Partition3
14:22:22.0124 5832 ============================================================
14:22:22.0124 5832 Initialize success
14:22:22.0124 5832 ============================================================
14:22:32.0131 5912 ============================================================
14:22:32.0131 5912 Scan started
14:22:32.0131 5912 Mode: Manual; SigCheck; TDLFS;
14:22:32.0131 5912 ============================================================
14:22:34.0569 5912 ================ Scan system memory ========================
14:22:34.0569 5912 System memory - ok
14:22:34.0570 5912 ================ Scan services =============================
14:22:35.0165 5912 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:22:35.0710 5912 1394ohci - ok
14:22:35.0797 5912 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
14:22:35.0824 5912 Accelerometer - ok
14:22:35.0892 5912 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:22:35.0914 5912 ACPI - ok
14:22:35.0942 5912 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:22:36.0087 5912 AcpiPmi - ok
14:22:36.0334 5912 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:36.0342 5912 AdobeARMservice - ok
14:22:36.0464 5912 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:22:36.0482 5912 adp94xx - ok
14:22:36.0549 5912 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:22:36.0569 5912 adpahci - ok
14:22:36.0611 5912 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:22:36.0624 5912 adpu320 - ok
14:22:36.0801 5912 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
14:22:37.0023 5912 AESTFilters - ok
14:22:37.0071 5912 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:22:37.0163 5912 AFD - ok
14:22:37.0223 5912 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:22:37.0239 5912 agp440 - ok
14:22:37.0266 5912 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:22:37.0395 5912 ALG - ok
14:22:37.0470 5912 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:22:37.0481 5912 aliide - ok
14:22:37.0558 5912 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:22:37.0771 5912 AMD External Events Utility - ok
14:22:37.0827 5912 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:22:37.0845 5912 amdide - ok
14:22:37.0876 5912 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:22:37.0924 5912 AmdK8 - ok
14:22:38.0610 5912 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:38.0892 5912 amdkmdag - ok
14:22:38.0956 5912 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:22:38.0991 5912 amdkmdap - ok
14:22:39.0020 5912 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:22:39.0089 5912 AmdPPM - ok
14:22:39.0179 5912 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:22:39.0191 5912 amdsata - ok
14:22:39.0294 5912 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:22:39.0306 5912 amdsbs - ok
14:22:39.0337 5912 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:22:39.0346 5912 amdxata - ok
14:22:39.0404 5912 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:22:40.0259 5912 AppID - ok
14:22:40.0304 5912 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:22:40.0937 5912 AppIDSvc - ok
14:22:41.0081 5912 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:22:41.0144 5912 Appinfo - ok
14:22:41.0395 5912 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:41.0403 5912 Apple Mobile Device - ok
14:22:41.0472 5912 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:22:41.0489 5912 arc - ok
14:22:41.0510 5912 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:22:41.0523 5912 arcsas - ok
14:22:41.0894 5912 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:42.0027 5912 aspnet_state - ok
14:22:42.0110 5912 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:42.0177 5912 AsyncMac - ok
14:22:42.0210 5912 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:22:42.0218 5912 atapi - ok
14:22:42.0307 5912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:42.0449 5912 AudioEndpointBuilder - ok
14:22:42.0560 5912 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:22:42.0591 5912 AudioSrv - ok
14:22:42.0653 5912 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:22:42.0786 5912 AxInstSV - ok
14:22:42.0901 5912 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:22:42.0973 5912 b06bdrv - ok
14:22:43.0033 5912 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:43.0085 5912 b57nd60a - ok
14:22:43.0307 5912 [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:22:43.0348 5912 BCM43XX - ok
14:22:43.0395 5912 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:22:43.0466 5912 BDESVC - ok
14:22:43.0525 5912 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:22:43.0602 5912 Beep - ok
14:22:43.0824 5912 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:22:43.0920 5912 BFE - ok
14:22:44.0138 5912 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys
14:22:44.0162 5912 BHDrvx64 - ok
14:22:44.0197 5912 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:22:44.0418 5912 BITS - ok
14:22:44.0442 5912 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:22:44.0470 5912 blbdrive - ok
14:22:44.0564 5912 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:22:44.0579 5912 Bonjour Service - ok
14:22:44.0601 5912 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:22:44.0655 5912 bowser - ok
14:22:44.0678 5912 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:22:44.0711 5912 BrFiltLo - ok
14:22:44.0746 5912 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:22:44.0759 5912 BrFiltUp - ok
14:22:44.0783 5912 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:22:44.0840 5912 Browser - ok
14:22:44.0858 5912 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:22:44.0930 5912 Brserid - ok
14:22:44.0943 5912 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:44.0981 5912 BrSerWdm - ok
14:22:44.0999 5912 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:45.0032 5912 BrUsbMdm - ok
14:22:45.0051 5912 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:22:45.0084 5912 BrUsbSer - ok
14:22:45.0106 5912 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:22:45.0144 5912 BTHMODEM - ok
14:22:45.0193 5912 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:22:45.0222 5912 bthserv - ok
14:22:45.0310 5912 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys
14:22:45.0318 5912 ccSet_NIS - ok
14:22:45.0356 5912 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:22:45.0401 5912 cdfs - ok
14:22:45.0448 5912 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:22:45.0482 5912 cdrom - ok
14:22:45.0528 5912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:22:45.0582 5912 CertPropSvc - ok
14:22:45.0620 5912 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:22:45.0660 5912 circlass - ok
14:22:45.0685 5912 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:22:45.0700 5912 CLFS - ok
14:22:45.0770 5912 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:45.0780 5912 clr_optimization_v2.0.50727_32 - ok
14:22:45.0836 5912 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:45.0869 5912 clr_optimization_v2.0.50727_64 - ok
14:22:45.0929 5912 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:46.0046 5912 clr_optimization_v4.0.30319_32 - ok
14:22:46.0105 5912 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:46.0130 5912 clr_optimization_v4.0.30319_64 - ok
14:22:46.0157 5912 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
14:22:46.0163 5912 clwvd - ok
14:22:46.0192 5912 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:22:46.0229 5912 CmBatt - ok
14:22:46.0249 5912 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:22:46.0258 5912 cmdide - ok
14:22:46.0310 5912 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:22:46.0360 5912 CNG - ok
14:22:46.0389 5912 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:22:46.0397 5912 Compbatt - ok
14:22:46.0436 5912 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:22:46.0483 5912 CompositeBus - ok
14:22:46.0504 5912 COMSysApp - ok
14:22:46.0523 5912 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:22:46.0532 5912 crcdisk - ok
14:22:46.0582 5912 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:22:46.0640 5912 CryptSvc - ok
14:22:46.0670 5912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:22:46.0738 5912 DcomLaunch - ok
14:22:46.0783 5912 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:22:46.0843 5912 defragsvc - ok
14:22:46.0876 5912 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:22:46.0926 5912 DfsC - ok
14:22:46.0964 5912 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:22:47.0028 5912 Dhcp - ok
14:22:47.0050 5912 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:22:47.0097 5912 discache - ok
14:22:47.0146 5912 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:22:47.0156 5912 Disk - ok
14:22:47.0168 5912 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:22:47.0219 5912 Dnscache - ok
14:22:47.0235 5912 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:22:47.0290 5912 dot3svc - ok
14:22:47.0316 5912 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:22:47.0436 5912 DPS - ok
14:22:47.0470 5912 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:22:47.0506 5912 drmkaud - ok
14:22:47.0611 5912 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:22:47.0620 5912 dtsoftbus01 - ok
14:22:47.0693 5912 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:22:47.0711 5912 DXGKrnl - ok
14:22:47.0761 5912 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:22:47.0818 5912 EapHost - ok
14:22:48.0464 5912 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:22:48.0595 5912 ebdrv - ok
14:22:48.0668 5912 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:22:48.0679 5912 eeCtrl - ok
14:22:48.0710 5912 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:22:48.0778 5912 EFS - ok
14:22:48.0878 5912 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:22:48.0968 5912 ehRecvr - ok
14:22:48.0988 5912 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:22:49.0058 5912 ehSched - ok
14:22:49.0202 5912 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:22:49.0254 5912 elxstor - ok
14:22:49.0482 5912 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:22:49.0489 5912 EraserUtilRebootDrv - ok
14:22:49.0538 5912 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:22:49.0577 5912 ErrDev - ok
14:22:49.0710 5912 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:22:49.0757 5912 EventSystem - ok
14:22:49.0855 5912 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:22:49.0893 5912 exfat - ok
14:22:49.0917 5912 ezSharedSvc - ok
14:22:50.0014 5912 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:22:50.0107 5912 fastfat - ok
14:22:50.0278 5912 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:22:51.0189 5912 Fax - ok
14:22:51.0257 5912 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:22:51.0294 5912 fdc - ok
14:22:51.0339 5912 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:22:51.0367 5912 fdPHost - ok
14:22:51.0382 5912 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:22:51.0430 5912 FDResPub - ok
14:22:51.0478 5912 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:22:51.0487 5912 FileInfo - ok
14:22:51.0516 5912 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:22:51.0568 5912 Filetrace - ok
14:22:51.0594 5912 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:22:51.0605 5912 flpydisk - ok
14:22:51.0624 5912 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:22:51.0638 5912 FltMgr - ok
14:22:51.0694 5912 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:22:51.0773 5912 FontCache - ok
14:22:51.0823 5912 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:51.0829 5912 FontCache3.0.0.0 - ok
14:22:51.0909 5912 [ 2074A85A6B8F84A5A9C60B915B465FAF ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
14:22:51.0918 5912 FPLService - ok
14:22:51.0953 5912 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:22:51.0963 5912 FsDepends - ok
14:22:51.0999 5912 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:22:52.0007 5912 Fs_Rec - ok
14:22:52.0045 5912 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:22:52.0059 5912 fvevol - ok
14:22:52.0072 5912 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:22:52.0088 5912 gagp30kx - ok
14:22:52.0181 5912 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:22:52.0188 5912 GEARAspiWDM - ok
14:22:52.0253 5912 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:22:52.0288 5912 gpsvc - ok
14:22:52.0333 5912 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:22:52.0342 5912 hamachi - ok
14:22:52.0536 5912 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:22:52.0651 5912 hcw85cir - ok
14:22:52.0728 5912 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:22:52.0832 5912 HdAudAddService - ok
14:22:52.0871 5912 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:52.0918 5912 HDAudBus - ok
14:22:52.0971 5912 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:22:53.0025 5912 HidBatt - ok
14:22:53.0070 5912 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:22:53.0113 5912 HidBth - ok
14:22:53.0171 5912 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:22:53.0192 5912 HidIr - ok
14:22:53.0217 5912 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:22:53.0273 5912 hidserv - ok
14:22:53.0305 5912 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:22:53.0316 5912 HidUsb - ok
14:22:53.0404 5912 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:22:53.0497 5912 hkmsvc - ok
14:22:53.0533 5912 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:53.0783 5912 HomeGroupListener - ok
14:22:53.0810 5912 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:53.0847 5912 HomeGroupProvider - ok
14:22:53.0903 5912 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:22:53.0916 5912 HPClientSvc - ok
14:22:53.0948 5912 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
14:22:53.0955 5912 hpdskflt - ok
14:22:54.0053 5912 [ 7B1637E5E0476CE22E8D76AC1203205E ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:22:54.0087 5912 hpqwmiex - ok
14:22:54.0113 5912 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:22:54.0124 5912 HpSAMD - ok
14:22:54.0147 5912 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
14:22:54.0156 5912 hpsrv - ok
14:22:54.0186 5912 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
14:22:54.0192 5912 HPWMISVC - ok
14:22:54.0234 5912 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:22:54.0299 5912 HTTP - ok
14:22:54.0323 5912 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:22:54.0330 5912 hwpolicy - ok
14:22:54.0390 5912 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:22:54.0453 5912 i8042prt - ok
14:22:54.0524 5912 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:22:54.0535 5912 iaStor - ok
14:22:54.0670 5912 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:22:54.0676 5912 IAStorDataMgrSvc - ok
14:22:54.0710 5912 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:22:54.0726 5912 iaStorV - ok
14:22:54.0764 5912 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:54.0797 5912 idsvc - ok
14:22:54.0889 5912 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130227.001\IDSvia64.sys
14:22:54.0901 5912 IDSVia64 - ok
14:22:54.0929 5912 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:22:54.0938 5912 iirsp - ok
14:22:54.0997 5912 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:22:55.0067 5912 IKEEXT - ok
14:22:55.0135 5912 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
14:22:55.0160 5912 IntcDAud - ok
14:22:55.0190 5912 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:22:55.0199 5912 intelide - ok
14:22:55.0740 5912 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
14:22:56.0139 5912 intelkmd - ok
14:22:56.0154 5912 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:22:56.0187 5912 intelppm - ok
14:22:56.0222 5912 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:22:56.0270 5912 IPBusEnum - ok
14:22:56.0305 5912 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:56.0358 5912 IpFilterDriver - ok
14:22:56.0432 5912 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:22:56.0477 5912 iphlpsvc - ok
14:22:56.0503 5912 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:22:56.0540 5912 IPMIDRV - ok
14:22:56.0578 5912 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:22:56.0642 5912 IPNAT - ok
14:22:56.0847 5912 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:22:56.0881 5912 iPod Service - ok
14:22:56.0915 5912 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:22:56.0929 5912 IRENUM - ok
14:22:56.0962 5912 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:22:56.0971 5912 isapnp - ok
14:22:56.0987 5912 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:22:57.0000 5912 iScsiPrt - ok
14:22:57.0022 5912 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:57.0030 5912 kbdclass - ok
14:22:57.0051 5912 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:22:57.0082 5912 kbdhid - ok
14:22:57.0119 5912 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:22:57.0129 5912 KeyIso - ok
14:22:57.0164 5912 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:22:57.0174 5912 KSecDD - ok
14:22:57.0206 5912 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:22:57.0217 5912 KSecPkg - ok
14:22:57.0249 5912 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:22:57.0302 5912 ksthunk - ok
14:22:57.0373 5912 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:22:57.0453 5912 KtmRm - ok
14:22:57.0518 5912 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:22:57.0569 5912 LanmanServer - ok
14:22:57.0609 5912 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:22:57.0655 5912 LanmanWorkstation - ok
14:22:57.0696 5912 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:22:57.0743 5912 lltdio - ok
14:22:57.0787 5912 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:22:57.0850 5912 lltdsvc - ok
14:22:57.0887 5912 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:22:57.0938 5912 lmhosts - ok
14:22:58.0011 5912 [ D7E0BED3EA21D7BDDD410ADE51708D90 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:22:58.0024 5912 LMS - ok
14:22:58.0074 5912 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:22:58.0085 5912 LSI_FC - ok
14:22:58.0126 5912 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:22:58.0141 5912 LSI_SAS - ok
14:22:58.0168 5912 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:22:58.0178 5912 LSI_SAS2 - ok
14:22:58.0221 5912 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:22:58.0240 5912 LSI_SCSI - ok
14:22:58.0284 5912 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:22:58.0339 5912 luafv - ok
14:22:58.0446 5912 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
14:22:58.0507 5912 ManyCam - ok
14:22:58.0537 5912 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
14:22:58.0638 5912 mcaudrv_simple - ok
14:22:58.0753 5912 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:22:58.0792 5912 Mcx2Svc - ok
14:22:58.0832 5912 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:22:58.0850 5912 megasas - ok
14:22:58.0888 5912 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:22:58.0902 5912 MegaSR - ok
14:22:58.0911 5912 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:22:58.0918 5912 MEIx64 - ok
14:22:59.0019 5912 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:22:59.0189 5912 MMCSS - ok
14:22:59.0239 5912 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:22:59.0293 5912 Modem - ok
14:22:59.0323 5912 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:22:59.0351 5912 monitor - ok
14:22:59.0404 5912 [ 5FEC1FF5BB9A1FA5C9CF4544D19D6D5D ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
14:22:59.0414 5912 MotioninJoyXFilter - ok
14:22:59.0464 5912 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:22:59.0473 5912 mouclass - ok
14:22:59.0477 5912 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:22:59.0508 5912 mouhid - ok
14:22:59.0550 5912 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:22:59.0560 5912 mountmgr - ok
14:22:59.0574 5912 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:22:59.0586 5912 mpio - ok
14:22:59.0606 5912 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:22:59.0634 5912 mpsdrv - ok
14:22:59.0740 5912 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:22:59.0828 5912 MpsSvc - ok
14:22:59.0849 5912 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:22:59.0888 5912 MRxDAV - ok
14:22:59.0927 5912 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:59.0986 5912 mrxsmb - ok
14:23:00.0020 5912 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:23:00.0045 5912 mrxsmb10 - ok
14:23:00.0048 5912 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:23:00.0059 5912 mrxsmb20 - ok
14:23:00.0072 5912 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:23:00.0080 5912 msahci - ok
14:23:00.0121 5912 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:23:00.0132 5912 msdsm - ok
14:23:00.0145 5912 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:23:00.0182 5912 MSDTC - ok
14:23:00.0209 5912 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:23:00.0236 5912 Msfs - ok
14:23:00.0258 5912 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:23:00.0312 5912 mshidkmdf - ok
14:23:00.0314 5912 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:23:00.0322 5912 msisadrv - ok
14:23:00.0341 5912 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:23:00.0396 5912 MSiSCSI - ok
14:23:00.0398 5912 msiserver - ok
14:23:00.0433 5912 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:23:00.0482 5912 MSKSSRV - ok
14:23:00.0510 5912 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:23:00.0566 5912 MSPCLOCK - ok
14:23:00.0605 5912 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:23:00.0651 5912 MSPQM - ok
14:23:00.0694 5912 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:23:00.0715 5912 MsRPC - ok
14:23:00.0732 5912 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:23:00.0740 5912 mssmbios - ok
14:23:00.0803 5912 MSSQL$SQLEXPRESS - ok
14:23:00.0834 5912 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:23:00.0843 5912 MSSQLServerADHelper100 - ok
14:23:00.0863 5912 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:23:00.0909 5912 MSTEE - ok
14:23:00.0955 5912 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:23:00.0974 5912 MTConfig - ok
14:23:00.0985 5912 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:23:00.0994 5912 Mup - ok
14:23:01.0027 5912 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:23:01.0081 5912 napagent - ok
14:23:01.0159 5912 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:23:01.0200 5912 NativeWifiP - ok
14:23:01.0438 5912 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.003\ENG64.SYS
14:23:01.0538 5912 NAVENG - ok
14:23:01.0627 5912 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130228.003\EX64.SYS
14:23:01.0713 5912 NAVEX15 - ok
14:23:01.0817 5912 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:23:01.0918 5912 NDIS - ok
14:23:01.0951 5912 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:23:02.0000 5912 NdisCap - ok
14:23:02.0043 5912 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:23:02.0095 5912 NdisTapi - ok
14:23:02.0120 5912 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:23:02.0147 5912 Ndisuio - ok
14:23:02.0156 5912 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:23:02.0210 5912 NdisWan - ok
14:23:02.0241 5912 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:23:02.0269 5912 NDProxy - ok
14:23:02.0286 5912 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:23:02.0332 5912 NetBIOS - ok
14:23:02.0358 5912 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:23:02.0389 5912 NetBT - ok
14:23:02.0412 5912 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:23:02.0423 5912 Netlogon - ok
14:23:02.0462 5912 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:23:02.0516 5912 Netman - ok
14:23:02.0553 5912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:02.0568 5912 NetMsmqActivator - ok
14:23:02.0572 5912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:02.0580 5912 NetPipeActivator - ok
14:23:02.0603 5912 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:23:02.0653 5912 netprofm - ok
14:23:02.0685 5912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:02.0693 5912 NetTcpActivator - ok
14:23:02.0697 5912 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:23:02.0705 5912 NetTcpPortSharing - ok
14:23:02.0726 5912 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:23:02.0736 5912 nfrd960 - ok
14:23:03.0006 5912 [ 4BA84C832E0741A294C4444556DFE993 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
14:23:03.0015 5912 NIS - ok
14:23:03.0048 5912 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:23:03.0086 5912 NlaSvc - ok
14:23:03.0123 5912 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:23:03.0152 5912 Npfs - ok
14:23:03.0183 5912 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:23:03.0227 5912 nsi - ok
14:23:03.0254 5912 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:23:03.0298 5912 nsiproxy - ok
14:23:03.0366 5912 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:23:03.0418 5912 Ntfs - ok
14:23:03.0444 5912 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:23:03.0479 5912 Null - ok
14:23:03.0526 5912 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
14:23:03.0548 5912 nusb3hub - ok
14:23:03.0561 5912 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
14:23:03.0616 5912 nusb3xhc - ok
14:23:03.0645 5912 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:23:03.0668 5912 NVENETFD - ok
14:23:03.0712 5912 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:23:03.0725 5912 nvraid - ok
14:23:03.0750 5912 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:23:03.0762 5912 nvstor - ok
14:23:03.0800 5912 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:23:03.0812 5912 nv_agp - ok
14:23:03.0841 5912 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:23:03.0855 5912 ohci1394 - ok
14:23:03.0929 5912 [ B9C125314A025127FE562C116D614AA3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:23:03.0945 5912 ose64 - ok
14:23:04.0209 5912 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:23:04.0345 5912 osppsvc - ok
14:23:04.0386 5912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:23:04.0442 5912 p2pimsvc - ok
14:23:04.0466 5912 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:23:04.0481 5912 p2psvc - ok
14:23:04.0494 5912 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:23:04.0521 5912 Parport - ok
14:23:04.0553 5912 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:23:04.0563 5912 partmgr - ok
14:23:04.0615 5912 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:23:04.0661 5912 PcaSvc - ok
14:23:04.0699 5912 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:23:04.0711 5912 pci - ok
14:23:04.0731 5912 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:23:04.0741 5912 pciide - ok
14:23:04.0759 5912 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:23:04.0772 5912 pcmcia - ok
14:23:04.0775 5912 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:23:04.0783 5912 pcw - ok
14:23:04.0819 5912 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:23:04.0896 5912 PEAUTH - ok
14:23:05.0065 5912 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:23:05.0098 5912 PerfHost - ok
14:23:05.0160 5912 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:23:05.0245 5912 pla - ok
14:23:05.0303 5912 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:23:05.0357 5912 PlugPlay - ok
14:23:05.0385 5912 PnkBstrA - ok
14:23:05.0400 5912 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:23:05.0434 5912 PNRPAutoReg - ok
14:23:05.0486 5912 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:23:05.0499 5912 PNRPsvc - ok
14:23:05.0596 5912 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:23:05.0644 5912 PolicyAgent - ok
14:23:05.0694 5912 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:23:05.0745 5912 Power - ok
14:23:05.0791 5912 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:23:05.0841 5912 PptpMiniport - ok
14:23:05.0878 5912 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:23:05.0919 5912 Processor - ok
14:23:05.0957 5912 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:23:06.0018 5912 ProfSvc - ok
14:23:06.0033 5912 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:23:06.0043 5912 ProtectedStorage - ok
14:23:06.0069 5912 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:23:06.0114 5912 Psched - ok
14:23:06.0211 5912 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:23:06.0263 5912 ql2300 - ok
14:23:06.0278 5912 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:23:06.0288 5912 ql40xx - ok
14:23:06.0308 5912 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:23:06.0326 5912 QWAVE - ok
14:23:06.0333 5912 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:23:06.0374 5912 QWAVEdrv - ok
14:23:06.0377 5912 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:23:06.0443 5912 RasAcd - ok
14:23:06.0488 5912 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:23:06.0516 5912 RasAgileVpn - ok
14:23:06.0544 5912 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:23:06.0599 5912 RasAuto - ok
14:23:06.0621 5912 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:23:06.0666 5912 Rasl2tp - ok
14:23:06.0703 5912 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:23:06.0735 5912 RasMan - ok
14:23:06.0745 5912 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:23:06.0791 5912 RasPppoe - ok
14:23:06.0826 5912 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:23:06.0877 5912 RasSstp - ok
14:23:06.0951 5912 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:23:07.0028 5912 rdbss - ok
14:23:07.0048 5912 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:23:07.0084 5912 rdpbus - ok
14:23:07.0122 5912 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:23:07.0175 5912 RDPCDD - ok
14:23:07.0208 5912 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:23:07.0256 5912 RDPENCDD - ok
14:23:07.0276 5912 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:23:07.0303 5912 RDPREFMP - ok
14:23:07.0355 5912 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:23:07.0418 5912 RDPWD - ok
14:23:07.0443 5912 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:23:07.0456 5912 rdyboost - ok
14:23:07.0473 5912 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:23:07.0530 5912 RemoteAccess - ok
14:23:07.0575 5912 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:23:07.0605 5912 RemoteRegistry - ok
14:23:07.0624 5912 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:23:07.0678 5912 RpcEptMapper - ok
14:23:07.0712 5912 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:23:07.0749 5912 RpcLocator - ok
14:23:07.0811 5912 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:23:07.0842 5912 RpcSs - ok
14:23:07.0918 5912 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
14:23:07.0939 5912 RsFx0103 - ok
14:23:07.0972 5912 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
14:23:07.0983 5912 RSPCIESTOR - ok
14:23:08.0024 5912 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:23:08.0077 5912 rspndr - ok
14:23:08.0124 5912 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
14:23:08.0135 5912 RTL8167 - ok
14:23:08.0157 5912 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:23:08.0166 5912 SamSs - ok
14:23:08.0199 5912 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:23:08.0214 5912 sbp2port - ok
14:23:08.0301 5912 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:23:08.0332 5912 SCardSvr - ok
14:23:08.0350 5912 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:23:08.0410 5912 scfilter - ok
14:23:08.0455 5912 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:23:08.0533 5912 Schedule - ok
14:23:08.0562 5912 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:23:08.0588 5912 SCPolicySvc - ok
14:23:08.0616 5912 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:23:08.0648 5912 sdbus - ok
14:23:08.0692 5912 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:23:08.0759 5912 SDRSVC - ok
14:23:08.0790 5912 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:23:08.0838 5912 secdrv - ok
14:23:08.0878 5912 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:23:08.0939 5912 seclogon - ok
14:23:08.0981 5912 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:23:09.0034 5912 SENS - ok
14:23:09.0062 5912 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:23:09.0110 5912 SensrSvc - ok
14:23:09.0140 5912 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:23:09.0175 5912 Serenum - ok
14:23:09.0210 5912 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:23:09.0248 5912 Serial - ok
14:23:09.0270 5912 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:23:09.0307 5912 sermouse - ok
14:23:09.0349 5912 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:23:09.0399 5912 SessionEnv - ok
14:23:09.0452 5912 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:23:09.0466 5912 sffdisk - ok
14:23:09.0504 5912 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:23:09.0533 5912 sffp_mmc - ok
14:23:09.0560 5912 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:23:09.0594 5912 sffp_sd - ok
14:23:09.0631 5912 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:23:09.0664 5912 sfloppy - ok
14:23:09.0703 5912 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:23:09.0735 5912 SharedAccess - ok
14:23:09.0792 5912 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:23:09.0855 5912 ShellHWDetection - ok
14:23:09.0900 5912 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:23:09.0910 5912 SiSRaid2 - ok
14:23:09.0918 5912 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:23:09.0928 5912 SiSRaid4 - ok
14:23:09.0967 5912 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:23:09.0977 5912 SkypeUpdate - ok
14:23:09.0994 5912 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:23:10.0049 5912 Smb - ok
14:23:10.0092 5912 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:23:10.0123 5912 SNMPTRAP - ok
14:23:10.0150 5912 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:23:10.0158 5912 spldr - ok
14:23:10.0198 5912 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:23:10.0229 5912 Spooler - ok
14:23:10.0457 5912 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:23:10.0580 5912 sppsvc - ok
14:23:10.0618 5912 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:23:10.0647 5912 sppuinotify - ok
14:23:10.0721 5912 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:23:10.0749 5912 SQLAgent$SQLEXPRESS - ok
14:23:10.0825 5912 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:23:10.0837 5912 SQLBrowser - ok
14:23:10.0872 5912 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:23:10.0883 5912 SQLWriter - ok
14:23:10.0998 5912 [ 3510E7021D2637A67FBCB5105EAE945D ] SRTSP C:\Windows\System32\Drivers\NISx64\1402010.016\SRTSP64.SYS
14:23:11.0043 5912 SRTSP - ok
14:23:11.0079 5912 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1402010.016\SRTSPX64.SYS
14:23:11.0086 5912 SRTSPX - ok
14:23:11.0103 5912 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:23:11.0197 5912 srv - ok
14:23:11.0221 5912 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:23:11.0284 5912 srv2 - ok
14:23:11.0352 5912 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:23:11.0366 5912 SrvHsfHDA - ok
14:23:11.0613 5912 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:23:11.0738 5912 SrvHsfV92 - ok
14:23:11.0783 5912 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:23:11.0846 5912 SrvHsfWinac - ok
14:23:11.0886 5912 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:23:11.0898 5912 srvnet - ok
14:23:11.0936 5912 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:23:11.0989 5912 SSDPSRV - ok
14:23:12.0028 5912 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:23:12.0059 5912 SstpSvc - ok
14:23:12.0119 5912 [ 86678C2F5081FEA3517D78E92230B5FF ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
14:23:12.0136 5912 STacSV - ok
14:23:12.0198 5912 Steam Client Service - ok
14:23:12.0212 5912 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:23:12.0222 5912 stexstor - ok
14:23:12.0262 5912 [ 74387B34B43F94E380608888C56A5CCD ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
14:23:12.0300 5912 STHDA - ok
14:23:12.0347 5912 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:23:12.0369 5912 stisvc - ok
14:23:12.0395 5912 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:23:12.0402 5912 swenum - ok
14:23:12.0439 5912 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:23:12.0521 5912 swprv - ok
14:23:12.0645 5912 [ 777217682DA76337E8E6EC8AC4412B9B ] SymDS C:\Windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS
14:23:12.0687 5912 SymDS - ok
14:23:12.0893 5912 [ 64D1AF3D04E70A681154FFF1893848F6 ] SymEFA C:\Windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS
14:23:12.0963 5912 SymEFA - ok
14:23:13.0043 5912 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:23:13.0052 5912 SymEvent - ok
14:23:13.0095 5912 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS
14:23:13.0104 5912 SymIRON - ok
14:23:13.0184 5912 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS
14:23:13.0195 5912 SymNetS - ok
14:23:13.0254 5912 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:23:13.0265 5912 SynTP - ok
14:23:13.0310 5912 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:23:13.0388 5912 SysMain - ok
14:23:13.0418 5912 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:23:13.0434 5912 TabletInputService - ok
14:23:13.0449 5912 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:23:13.0480 5912 TapiSrv - ok
14:23:13.0503 5912 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:23:13.0532 5912 TBS - ok
14:23:13.0605 5912 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:23:13.0670 5912 Tcpip - ok
14:23:13.0726 5912 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:23:13.0754 5912 TCPIP6 - ok
14:23:13.0784 5912 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:23:13.0795 5912 tcpipreg - ok
14:23:13.0820 5912 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:23:13.0880 5912 TDPIPE - ok
14:23:13.0894 5912 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:23:13.0905 5912 TDTCP - ok
14:23:13.0915 5912 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:23:13.0943 5912 tdx - ok
14:23:13.0963 5912 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:23:13.0972 5912 TermDD - ok
14:23:13.0998 5912 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:23:14.0067 5912 TermService - ok
14:23:14.0104 5912 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:23:14.0118 5912 Themes - ok
14:23:14.0140 5912 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:23:14.0167 5912 THREADORDER - ok
14:23:14.0179 5912 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:23:14.0224 5912 TrkWks - ok
14:23:14.0296 5912 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:23:14.0325 5912 TrustedInstaller - ok
14:23:14.0337 5912 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:23:14.0381 5912 tssecsrv - ok
14:23:14.0433 5912 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:23:14.0465 5912 TsUsbFlt - ok
14:23:14.0473 5912 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:23:14.0485 5912 TsUsbGD - ok
14:23:14.0592 5912 [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
14:23:14.0658 5912 TuneUp.UtilitiesSvc - ok
14:23:14.0696 5912 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
14:23:14.0702 5912 TuneUpUtilitiesDrv - ok
14:23:14.0727 5912 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:23:14.0775 5912 tunnel - ok
14:23:14.0803 5912 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:23:14.0813 5912 uagp35 - ok
14:23:14.0845 5912 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:23:14.0899 5912 udfs - ok
14:23:14.0932 5912 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:23:14.0944 5912 UI0Detect - ok
14:23:14.0971 5912 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:23:14.0981 5912 uliagpkx - ok
14:23:15.0005 5912 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:23:15.0037 5912 umbus - ok
14:23:15.0064 5912 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:23:15.0099 5912 UmPass - ok
14:23:15.0192 5912 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
14:23:15.0200 5912 UnlockerDriver5 - ok
14:23:15.0315 5912 [ A678E5DDD974903DD71F503BDCACA218 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:23:15.0428 5912 UNS - ok
14:23:15.0460 5912 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:23:15.0515 5912 upnphost - ok
14:23:15.0601 5912 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:23:15.0638 5912 USBAAPL64 - ok
14:23:15.0647 5912 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:23:15.0662 5912 usbccgp - ok
14:23:15.0694 5912 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:23:15.0708 5912 usbcir - ok
14:23:15.0725 5912 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:23:15.0757 5912 usbehci - ok
14:23:15.0780 5912 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:23:15.0814 5912 usbhub - ok
14:23:15.0851 5912 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:23:15.0912 5912 usbohci - ok
14:23:15.0937 5912 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:23:15.0975 5912 usbprint - ok
14:23:16.0004 5912 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:23:16.0057 5912 USBSTOR - ok
14:23:16.0067 5912 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:23:16.0095 5912 usbuhci - ok
14:23:16.0131 5912 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:23:16.0146 5912 usbvideo - ok
14:23:16.0172 5912 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:23:16.0223 5912 UxSms - ok
14:23:16.0297 5912 [ B26B51165163682572F1DF0E21FA8475 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
14:23:16.0304 5912 UxTuneUp - ok
14:23:16.0312 5912 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:23:16.0322 5912 VaultSvc - ok
14:23:16.0331 5912 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:23:16.0339 5912 vdrvroot - ok
14:23:16.0372 5912 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:23:16.0428 5912 vds - ok
14:23:16.0477 5912 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:23:16.0490 5912 vga - ok
14:23:16.0508 5912 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:23:16.0552 5912 VgaSave - ok
14:23:16.0579 5912 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:23:16.0593 5912 vhdmp - ok
14:23:16.0607 5912 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:23:16.0617 5912 viaide - ok
14:23:16.0640 5912 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:23:16.0650 5912 volmgr - ok
14:23:16.0667 5912 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:23:16.0682 5912 volmgrx - ok
14:23:16.0704 5912 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:23:16.0735 5912 volsnap - ok
14:23:16.0764 5912 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:23:16.0777 5912 vsmraid - ok
14:23:16.0829 5912 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:23:16.0914 5912 VSS - ok
14:23:16.0942 5912 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:23:16.0978 5912 vwifibus - ok
14:23:16.0997 5912 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:23:17.0029 5912 vwififlt - ok
14:23:17.0070 5912 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:23:17.0104 5912 W32Time - ok
14:23:17.0116 5912 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:23:17.0152 5912 WacomPen - ok
14:23:17.0196 5912 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:23:17.0245 5912 WANARP - ok
14:23:17.0248 5912 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:23:17.0274 5912 Wanarpv6 - ok
14:23:17.0326 5912 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:23:17.0423 5912 wbengine - ok
14:23:17.0445 5912 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:23:17.0462 5912 WbioSrvc - ok
14:23:17.0484 5912 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:23:17.0524 5912 wcncsvc - ok
14:23:17.0547 5912 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:23:17.0600 5912 WcsPlugInService - ok
14:23:17.0615 5912 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:23:17.0624 5912 Wd - ok
14:23:17.0665 5912 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:23:17.0701 5912 Wdf01000 - ok
14:23:17.0730 5912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:23:17.0818 5912 WdiServiceHost - ok
14:23:17.0820 5912 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:23:17.0835 5912 WdiSystemHost - ok
14:23:17.0853 5912 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:23:17.0871 5912 WebClient - ok
14:23:17.0881 5912 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:23:17.0932 5912 Wecsvc - ok
14:23:17.0958 5912 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:23:18.0011 5912 wercplsupport - ok
14:23:18.0042 5912 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:23:18.0071 5912 WerSvc - ok
14:23:18.0106 5912 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:23:18.0134 5912 WfpLwf - ok
14:23:18.0147 5912 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:23:18.0157 5912 WIMMount - ok
14:23:18.0180 5912 WinDefend - ok
14:23:18.0184 5912 WinHttpAutoProxySvc - ok
14:23:18.0242 5912 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:23:18.0291 5912 Winmgmt - ok
14:23:18.0353 5912 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:23:18.0430 5912 WinRM - ok
14:23:18.0467 5912 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
14:23:18.0498 5912 WinUsb - ok
14:23:18.0533 5912 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:23:18.0588 5912 Wlansvc - ok
14:23:18.0662 5912 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:23:18.0671 5912 wlcrasvc - ok
14:23:18.0755 5912 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:23:18.0821 5912 wlidsvc - ok
14:23:18.0835 5912 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:23:18.0877 5912 WmiAcpi - ok
14:23:18.0902 5912 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:23:18.0935 5912 wmiApSrv - ok
14:23:18.0983 5912 WMPNetworkSvc - ok
14:23:19.0015 5912 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:23:19.0038 5912 WPCSvc - ok
14:23:19.0050 5912 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:23:19.0061 5912 WPDBusEnum - ok
14:23:19.0074 5912 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:23:19.0101 5912 ws2ifsl - ok
14:23:19.0111 5912 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:23:19.0149 5912 wscsvc - ok
14:23:19.0151 5912 WSearch - ok
14:23:19.0229 5912 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:23:19.0319 5912 wuauserv - ok
14:23:19.0350 5912 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:23:19.0397 5912 WudfPf - ok
14:23:19.0427 5912 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:23:19.0457 5912 WUDFRd - ok
14:23:19.0481 5912 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:23:19.0515 5912 wudfsvc - ok
14:23:19.0551 5912 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:23:19.0606 5912 WwanSvc - ok
14:23:19.0758 5912 X6va005 - ok
14:23:19.0830 5912 X6va007 - ok
14:23:19.0862 5912 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
14:23:19.0871 5912 xusb21 - ok
14:23:19.0906 5912 ================ Scan global ===============================
14:23:19.0925 5912 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:23:19.0955 5912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:23:19.0963 5912 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:23:19.0982 5912 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:23:20.0002 5912 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:23:20.0007 5912 [Global] - ok
14:23:20.0008 5912 ================ Scan MBR ==================================
14:23:20.0013 5912 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:23:20.0344 5912 \Device\Harddisk0\DR0 - ok
14:23:20.0344 5912 ================ Scan VBR ==================================
14:23:20.0346 5912 [ D8C3BD129F35391D9AFCD23C6F16B1F4 ] \Device\Harddisk0\DR0\Partition1
14:23:20.0347 5912 \Device\Harddisk0\DR0\Partition1 - ok
14:23:20.0377 5912 [ 803A2D5C3BC2512B0854772FEFB3EDEA ] \Device\Harddisk0\DR0\Partition2
14:23:20.0379 5912 \Device\Harddisk0\DR0\Partition2 - ok
14:23:20.0415 5912 [ 53607BA6AD6FBFE88711C1AB0475E85A ] \Device\Harddisk0\DR0\Partition3
14:23:20.0418 5912 \Device\Harddisk0\DR0\Partition3 - ok
14:23:20.0434 5912 [ 133998F7A7BFC433F8C785265778C6E4 ] \Device\Harddisk0\DR0\Partition4
14:23:20.0436 5912 \Device\Harddisk0\DR0\Partition4 - ok
14:23:20.0436 5912 ============================================================
14:23:20.0436 5912 Scan finished
14:23:20.0436 5912 ============================================================
14:23:20.0441 5904 Detected object count: 0
14:23:20.0441 5904 Actual detected object count: 0
14:23:52.0866 5824 Deinitialize success
|
|
01.03.2013, 14:32
| #6 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit wieso ist das log von 11.februar?
__________________ --> Viren-/Trojanercheck nach einjähriger Uptdatefaulheit |
|
01.03.2013, 15:03
| #7 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Müsste ein bug sein, beim explorer steht 1.März. Steht da nicht: Current date / time: 2013/03/01 14:22:18.0730 ? |
|
01.03.2013, 16:57
| #8 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit sorry, hast recht Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 17:36
| #9 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Hier das Log von Combofix: Code:
ATTFilter Combofix Logfile: |
|
01.03.2013, 17:38
| #10 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit sieht alles gut aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 19:51
| #11 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Es wurde kein infiziertes Objekt gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.01.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robert :: IROBERT [Administrator] 01.03.2013 17:45:44 mbam-log-2013-03-01 (17-45-44).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 397421 Laufzeit: 1 Stunde(n), 7 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
01.03.2013, 20:29
| #12 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit ich hoffe du bist nicht all zu entteuscht :d lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 23:33
| #13 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Warum sollte ich enttäuscht sein? Weil ich keine Malware habe?^^ Code:
ATTFilter Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 13.03.2012 6,00MB 11.1.102.63 NOTWENDIG Adobe Flash Player 11 Plugin Adobe Systems Incorporated 19.01.2013 6,00MB 11.5.502.146 NOTWENDIG Adobe Reader X (10.1.4) MUI Adobe Systems Incorporated 26.11.2012 479MB 10.1.4 NOTWENDIG Adobe Shockwave Player 11.5 Adobe Systems, Inc. 10.12.2011 11.5.9.620 UNBEKANNT AMD Catalyst Install Manager Advanced Micro Devices, Inc. 27.01.2013 26,3MB 8.0.903.0 NOTWENDIG Apple Application Support Apple Inc. 23.07.2012 61,0MB 2.1.9 UNNÖTIG Apple Mobile Device Support Apple Inc. 23.07.2012 24,9MB 5.2.0.6 UNNÖTIG Apple Software Update Apple Inc. 14.02.2012 2,38MB 2.1.3.127 UNNÖTIG Audacity 2.0 Audacity Team 11.07.2012 42,8MB NOTWENDIG Bonjour Apple Inc. 14.02.2012 2,08MB 3.0.0.10 UNNÖTIG Borderlands 2 29.09.2012 NOTWENDIG Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 16.02.2013 5.60.48.61 UNBEKANNT BurnAware Free 4.7 Burnaware Technologies 08.03.2012 22,8MB NOTWENDIG Camtasia Studio 8 TechSmith Corporation 05.12.2012 362MB 8.0.2.964 NOTWENDIG CCleaner Piriform 25.02.2013 3.28 NOTWENDIG CyberLink YouCam CyberLink Corp. 10.12.2011 124MB 3.5.1.3922 UNBEKANNT DAEMON Tools Lite DT Soft Ltd 02.12.2012 4.46.1.0327 NOTWENDIG Dead Space™ Electronic Arts 13.01.2012 7,37GB 1.0.222.0 NOTWENDIG Diablo III Blizzard Entertainment 30.12.2012 1.0.6.13644 NOTWENDIG Dota 2 31.01.2013 NOTWENDIG Empire: Total War The Creative Assembly 01.11.2012 NOTWENDIG Everything 1.2.1.371 28.04.2012 NOTWENDIG Express Burn Disc Burning Software NCH Software 18.05.2012 NOTWENDIG Far Cry 3 Ubisoft 02.12.2012 1.01 NOTWENDIG Fraps (remove only) 30.05.2012 NOTWENDIG Free WebM Video Converter version 5.0.15.706 DVDVideoSoft Ltd. 11.07.2012 81,3MB 5.0.15.706 NOTWENDIG gamelauncher-ps2-psg Sony Online Entertainment 16.01.2013 NOTWENDIG GeoGebra 4 International GeoGebra Institute 16.01.2013 NOTWENDIG GIMP 2.6.12-2 The GIMP Team 07.04.2012 113MB 2.6.12 NOTWENDIG Google Chrome Google Inc. 09.01.2012 25.0.1364.97 NOTWENDIG Gothic 3 JoWood 10.03.2012 2,99GB 1.0.0 NOTWENDIG Hex-Editor MX NEXT-Soft 29.04.2012 6.0 NOTWENDIG HP 3D DriveGuard Hewlett-Packard Company 10.12.2011 6,99MB 4.1.5.1 HP DVB-T TV Tuner 8.0.64.43 10.12.2011 8.0.64.43 HP On Screen Display Hewlett-Packard Company 02.09.2011 1,43MB 1.1.2 HP Quick Launch Hewlett-Packard Company 02.09.2011 7,14MB 2.3.6 HP Setup Hewlett-Packard Company 02.09.2011 8.6.4530.3651 ALLE HP PROGRAMME MIR UNBEKANNT HP Setup Manager Hewlett-Packard Company 10.12.2011 8,30MB 1.1.13253.3682 HP SimplePass 2011 Hewlett-Packard 10.12.2011 50,6MB 5.1.0.495 HP Software Framework Hewlett-Packard Company 02.09.2011 2,81MB 4.0.110.1 IDT Audio IDT 10.12.2011 1.0.6329.0 UNBEKANNT Intel(R) Display Audio Driver Intel Corporation 16.02.2013 6.14.00.3074 Intel(R) Management Engine Components Intel Corporation 16.02.2013 7.0.0.1144 Intel(R) Rapid Storage Technology Intel Corporation 03.11.2012 10.1.2.1004 ALLE INTEL PROGRAMME UNBEKANNT Internet Explorer Toolbar 4.6 by SweetPacks SweetIM Technologies Ltd. 11.10.2012 4,27MB 4.6.0004 UNNÖTIG, HABE ICH LETZTENS ERST DEINSTALLIERT, IST ANSCHEINEND IMMERNOCH DA iTunes Apple Inc. 23.07.2012 182MB 10.6.3.25 UNNÖTIG Java 7 Update 15 Oracle 25.02.2013 129MB 7.0.150 NOTWENDIG Java(TM) 7 Update 3 (64-bit) Oracle 27.04.2012 93,6MB 7.0.30 NOTWENDIG JavaFX 2.1.1 Oracle Corporation 11.07.2012 20,8MB 2.1.1 UNBEKANNT JDownloader 0.9 AppWork GmbH 11.10.2012 0.9 NOTWENDIG League of Legends Riot Games 14.12.2012 1.3 NOTWENDIG LOLReplay www.leaguereplays.com 27.02.2013 0.8.1.4 NOTWENDIG Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 01.03.2013 18,4MB 1.70.0.1100 NOTWENDIG Microsoft .NET Framework 4 Client Profile Microsoft Corporation 28.02.2013 38,8MB 4.0.30319 Microsoft .NET Framework 4 Extended Microsoft Corporation 28.02.2013 51,9MB 4.0.30319 Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 28.09.2012 83,4MB 4.0.30319 Microsoft Help Viewer 1.0 Microsoft Corporation 28.09.2012 3,97MB 1.0.30319 Microsoft Help Viewer 1.0 Language Pack - DEU Microsoft Corporation 28.09.2012 1,95MB 1.0.30319 Microsoft Office Professional Plus 2013 Microsoft Corporation 28.02.2013 15.0.4420.1017 Microsoft Silverlight Microsoft Corporation 11.05.2012 50,6MB 5.1.10411.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.09.2011 1,69MB 3.1.0000 Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 28.09.2012 Microsoft SQL Server 2008 Browser Microsoft Corporation 28.09.2012 8,00MB 10.1.2531.0 Microsoft SQL Server 2008 Native Client Microsoft Corporation 28.09.2012 7,07MB 10.1.2531.0 Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 28.09.2012 3,69MB 3.5.8080.0 Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 28.09.2012 4,81MB 3.5.8080.0 Microsoft SQL Server VSS Writer Microsoft Corporation 28.09.2012 3,59MB 10.1.2531.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 ALLE MICROSOFT PROGRAMME MIR UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.01.2012 300KB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.09.2011 788KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 10.12.2011 784KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 12.01.2012 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 09.01.2012 244KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.01.2012 230KB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.12.2011 592KB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.01.2012 600KB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 12.01.2012 13,7MB 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 28.02.2013 12,3MB 10.0.40219 Microsoft Visual C++ 2010 Express - DEU Microsoft Corporation 28.09.2012 10.0.30319 Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU Microsoft Corporation 28.09.2012 4,31MB 10.0.30319 Microsoft WSE 3.0 Runtime Microsoft Corp. 09.01.2012 942KB 3.0.5305.0 MotioninJoy DS3 driver version 0.6.0005 www.motioninjoy.com 14.01.2012 3,90MB 0.6.0005 NOTWENDIG MotioninJoy ds3 vibration driver version 0.100 www.motioninjoy.com 14.01.2012 NOTWENDIG Norton Internet Security Symantec Corporation 27.02.2013 20.2.1.22 NOTWENDIG NVIDIA PhysX NVIDIA Corporation 28.09.2012 111MB 9.12.0613 NOTWENDIG Path of Exile Grinding Gear Games 08.02.2013 11,5MB 0.10.0.22681 NOTWENDIG PlanetSide 2 Sony Online Entertainment 16.01.2013 1.0.3.183 NOTWENDIG Project64 1.6 Project64 24.07.2012 3,46MB 1.6 NOTWENDIG PunkBuster Services Even Balance, Inc. 02.12.2012 0.993 NOTWENDIG Realtek Ethernet Controller Driver Realtek 10.12.2011 7.41.216.2011 UNBEKANNT Realtek PCIE Card Reader Realtek Semiconductor Corp. 10.12.2011 6.1.7600.74 UNBEKANNT Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 10.12.2011 601KB 2.0.32.0 UNBEKANNT Revo Uninstaller 1.94 VS Revo Group 28.09.2012 1.94 NOTWENDIG Skype™ 6.1 Skype Technologies S.A. 17.02.2013 21,1MB 6.1.129 NOTWENDIG Source SDK Base 2007 Valve 28.07.2012 UNBEKANNT Spotify Spotify AB 10.11.2012 0.8.5.1333.g822e0de8 NOTWENDIG Steam Valve Corporation 14.05.2012 35,4MB 1.0.0.0 NOTWENDIG Synaptics TouchPad Driver Synaptics Incorporated 22.04.2012 46,4MB 15.3.29.0 NOTWENDIG Team Fortress 2 Valve 30.01.2013 NOTWENDIG TeamSpeak 3 Client TeamSpeak Systems GmbH 08.02.2012 NOTWENDIG TuneUp Utilities 2013 TuneUp Software 09.10.2012 13.0.2020.4 NOTWENDIG Unity Web Player Unity Technologies ApS 16.01.2013 12,0MB UNBEKANNT Unlocker 1.9.1-x64 Cedrick Collomb 28.02.2013 1.9.1 NOTWENDIG Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 28.09.2012 33,7MB 10.1.2731.0 UNBEKANNT Validity WBF DDK Validity Sensors, Inc. 10.12.2011 22,6MB 4.3.118.0 UNBEKANNT VLC media player 2.0.0 VideoLAN 08.03.2012 2.0.0 NOTWENDIG Winamp Nullsoft, Inc 17.01.2012 5.623 UNNÖTIG Winamp Erkennungs-Plug-in Nullsoft, Inc 17.01.2012 63,0KB 1.0.0.1 UNNÖTIG Windows Live Essentials Microsoft Corporation 02.09.2011 15.4.3508.1109 Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 02.09.2011 5,57MB 15.4.5722.2 ALLE WINDOWS LIVE PROGRAMME MIR UNBEKANNT Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 02.09.2011 5,57MB 15.4.5722.2 WinRAR 4.01 (64-Bit) win.rar GmbH 09.01.2012 4.01.0 NOTWENDIG µTorrent 24.09.2012 3.1.3 NOTWENDIG |
|
03.03.2013, 19:09
| #14 |
| /// Malware-holic | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Apple : alle Adobe Shockwave CyberLink iTunes Internet Explorer Toolbar : über rewo Java(TM) TuneUp : verzichte auf solchen unsinn, viele Funktionen bringen nichts, sind bereits in Windows integriert oder können dem PC auch schaden. Unity Winamp : beide Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 19:14
| #15 |
| | Viren-/Trojanercheck nach einjähriger Uptdatefaulheit Kurze Frage: Soll ich Java wirklich deinstallieren? Ich dachte das ist verdammt wichtig für den Computer? |
|
| Themen zu Viren-/Trojanercheck nach einjähriger Uptdatefaulheit |
| ahnung, ausgeschaltet, automatische, automatischen, bereich, computer, eingefangen, erhalte, erhalten, festgestellt, forum, frage, fragen, gefangen, guten, heute, hoffe, keine updates, malware, neu, schonmal, stelle, suche, wissen, würde |
WARNUNG an die MITLESER: 
Linear-Darstellung
