| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: parking.supernova-advertising Weiterleitung Firefox+Internet ExplorerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2013, 12:39
| #1 |
 |  parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Hallo, habe gestern (18.03.2013) meinen PC neuinstalliert und heute noch ein paar Programme nachinstalliert (z.B. icloud, Office, Steam, Treiber,...) Seitdem werde ich im Firefox + IE bei z.B. www.alternate.de immer mit dieser URL (hxxp://parking.supernova-advertising.com/?PHPSESSID=008e258c011c4b18011c4b18ff71da73) zur Seite weitergeleitet. Teilweise stürzt der Fiefox auch einfach nur ab. Wenn ich über www.google.de eine Suche starte, wird mir nur ein weißer Bildschirm angeziegt Da der PC gerade erst neuinstalliert bietet es natürlich das ganze nochmal zu machen, jedoch weiss ich dann noch nicht woher ich diese tolle Weiterleitung habe. Deswegen würde ich schon gerne das ganze mit eurer Hilfe ermitteln. Anbei habe ich mal die TXT's eingebunden. OTL-TXT Code:
ATTFilter OTL logfile created on: 19.03.2013 11:48:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\187jackie\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 11,99 Gb Total Physical Memory | 8,74 Gb Available Physical Memory | 72,92% Memory free 23,98 Gb Paging File | 20,67 Gb Available in Paging File | 86,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,47 Gb Total Space | 171,75 Gb Free Space | 76,85% Space Free | Partition Type: NTFS Drive D: | 279,46 Gb Total Space | 122,54 Gb Free Space | 43,85% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 754,92 Gb Free Space | 81,04% Space Free | Partition Type: NTFS Computer Name: 187JACKIE-PC | User Name: 187jackie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.19 11:47:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\187jackie\Downloads\OTL.exe PRC - [2013.03.11 12:40:42 | 001,433,600 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\dexpot.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.12.29 13:58:22 | 000,177,152 | ---- | M] (Dexpot GbR) -- C:\Program Files (x86)\Dexpot\plugins\DexControl.exe PRC - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 18:32:06 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2012.12.18 18:25:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2012.12.17 17:14:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.12.17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe PRC - [2012.12.17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.11.28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.11.28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL ========== Services (SafeList) ========== SRV:64bit: - [2013.03.18 18:30:13 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\osvninst.exe -- (RmDlient) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (WSS_ComputerBackupProviderSvc) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (SqmProviderSvc) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (providers_system) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (NotificationsProviderSvc) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (initMonitor) SRV:64bit: - [2011.03.02 15:46:40 | 000,030,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Server\Bin\SharedServiceHost.exe -- (HealthAlertsSvc) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.19 07:06:09 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013.03.18 19:12:11 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.23 20:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS) SRV - [2012.11.02 22:15:46 | 000,112,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Server\Bin\WhsMcClient.exe -- (WhsMcClient) SRV - [2012.11.02 21:07:28 | 000,080,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc) SRV - [2012.11.02 21:07:28 | 000,041,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Server\Bin\ProviderRegistryService.exe -- (ServiceProviderRegistry) SRV - [2012.04.23 15:51:36 | 000,015,872 | ---- | M] (AxoNet Software GmbH) [Auto | Running] -- C:\Programme\Windows Server\Bin\LightsOutClientService.exe -- (LoClntService) SRV - [2011.03.02 15:46:44 | 000,027,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Server\Bin\LANConfigSvc.exe -- (LANConfig) SRV - [2011.03.02 15:46:34 | 000,228,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Server\Bin\WSConnectorUpdate.exe -- (WSConnectorUpdate) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.18 18:15:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.01.30 20:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.30 20:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2013.01.28 18:45:20 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.28 18:45:20 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.21 19:15:34 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys -- (SymDS) DRV:64bit: - [2013.01.10 06:46:28 | 000,132,096 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum) DRV:64bit: - [2013.01.10 06:46:26 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid) DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.12.18 20:36:46 | 001,617,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k) DRV:64bit: - [2012.12.18 20:36:34 | 001,572,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2012.12.18 20:36:22 | 000,120,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2012.12.18 20:36:12 | 000,215,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2012.12.18 20:36:00 | 000,018,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2012.12.18 20:35:50 | 000,181,680 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2012.12.18 20:35:38 | 000,703,152 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2012.12.18 20:35:26 | 000,583,088 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2012.12.18 20:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2012.12.18 20:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2012.12.18 20:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2012.12.18 20:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2012.12.18 20:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2012.12.18 20:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2012.11.15 19:22:02 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.15 19:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.02 13:33:12 | 000,063,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2013.03.17 01:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130318.025\ex64.sys -- (NAVEX15) DRV - [2013.03.17 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.03.17 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.03.17 01:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130318.025\eng64.sys -- (NAVENG) DRV - [2013.03.13 15:57:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130316.002\IDSviA64.sys -- (IDSVia64) DRV - [2013.01.16 03:57:37 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 35 E1 7C 8B 24 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=sb&qsrc=2869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://foxtab/content/homepage.html" FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.7 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.7 FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.03.18 18:15:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.03.19 09:56:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.18 18:29:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 18:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\187jackie\AppData\Roaming\mozilla\Extensions [2013.03.19 10:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\187jackie\AppData\Roaming\mozilla\Firefox\Profiles\fpwqwxvh.default\extensions [2013.03.19 10:51:47 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\187jackie\AppData\Roaming\mozilla\Firefox\Profiles\fpwqwxvh.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2013.03.18 18:39:16 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\187jackie\AppData\Roaming\mozilla\Firefox\Profiles\fpwqwxvh.default\extensions\anttoolbar@ant.com [2013.03.18 18:47:10 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\187jackie\AppData\Roaming\mozilla\Firefox\Profiles\fpwqwxvh.default\extensions\ich@maltegoetz.de [2013.03.18 18:46:22 | 000,485,811 | ---- | M] () (No name found) -- C:\Users\187jackie\AppData\Roaming\mozilla\firefox\profiles\fpwqwxvh.default\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.03.18 18:43:31 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\187jackie\AppData\Roaming\mozilla\firefox\profiles\fpwqwxvh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.18 18:47:10 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\187jackie\AppData\Roaming\mozilla\firefox\profiles\fpwqwxvh.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.03.19 11:00:17 | 000,002,482 | ---- | M] () -- C:\Users\187jackie\AppData\Roaming\mozilla\firefox\profiles\fpwqwxvh.default\searchplugins\safesearch.xml [2013.03.18 18:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.18 18:31:34 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.18 18:31:34 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.18 18:31:34 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.18 18:31:34 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.18 18:30:11 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.18 18:31:34 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launchpad] C:\Program Files\Windows Server\Bin\Launchpad.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.) O4 - HKCU..\Run: [Dexpot] C:\Program Files (x86)\Dexpot\dexpot.exe (Dexpot GbR) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SteelSeries ApS) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{954D7180-680E-4DC9-A2C8-0FE537E0335A}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 11:12:40 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Malwarebytes [2013.03.19 11:12:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.19 11:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.19 11:12:19 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Programs [2013.03.19 10:53:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.19 10:51:52 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\QuickScan [2013.03.19 10:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.03.19 10:23:54 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\392F3BC6-F43C-4CCB-99DB-6DB9266D92D9.aplzod [2013.03.19 10:21:50 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Apple Computer [2013.03.19 10:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2013.03.19 10:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.03.19 10:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.19 10:10:42 | 000,000,000 | ---D | C] -- C:\Users\187jackie\Documents\WISO Mein Geld [2013.03.19 10:10:18 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Buhl Data Service [2013.03.19 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Buhl Data Service GmbH [2013.03.19 10:10:09 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Buhl Data Service [2013.03.19 10:07:16 | 000,000,000 | ---D | C] -- C:\Users\187jackie\Documents\my games [2013.03.19 10:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.03.19 09:47:46 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\FreeCommander [2013.03.19 09:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCommander [2013.03.19 09:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\LightsOut [2013.03.19 09:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Mein Geld 2013 [2013.03.19 09:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Buhl Data Service GmbH [2013.03.19 09:41:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buhl [2013.03.19 09:25:05 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\vlc [2013.03.19 09:23:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.19 09:09:34 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\PackageAware [2013.03.19 08:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.03.19 08:52:55 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Apple [2013.03.19 08:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.03.19 08:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.03.19 08:52:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.03.19 08:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.19 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.19 08:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.19 08:27:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.03.19 08:27:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.19 08:16:17 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.03.19 08:16:14 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.03.19 07:55:15 | 000,000,000 | ---D | C] -- C:\Users\187jackie\Documents\Outlook-Dateien [2013.03.19 07:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2013.03.19 07:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.19 07:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.03.19 07:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.19 07:28:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.19 07:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2013.03.19 07:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.03.19 07:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.03.19 07:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.03.19 07:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.19 07:25:21 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Microsoft Help [2013.03.19 07:25:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.03.19 07:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.03.19 07:25:14 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.19 07:22:46 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Microsoft_Corporation [2013.03.19 07:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Server [2013.03.19 07:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Home Server 2011 [2013.03.19 07:13:28 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\SteelSeries_ApS [2013.03.19 07:13:20 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\SteelSeries [2013.03.19 07:13:11 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SteelSeries [2013.03.19 07:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SteelSeries [2013.03.19 06:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.19 06:49:27 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Logitech [2013.03.19 06:49:26 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\NVIDIA [2013.03.18 19:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.18 19:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.18 19:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.18 19:13:20 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Opera [2013.03.18 19:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2013.03.18 19:12:16 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information [2013.03.18 19:12:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative [2013.03.18 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.03.18 19:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2013.03.18 19:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2013.03.18 19:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.03.18 19:12:00 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.18 19:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.18 19:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2013.03.18 19:11:45 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.18 19:11:44 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.18 19:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL [2013.03.18 19:11:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\data [2013.03.18 19:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\data [2013.03.18 19:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\SteelSeries [2013.03.18 19:02:37 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Logitech [2013.03.18 19:02:37 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Logishrd [2013.03.18 18:57:21 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Dexpot [2013.03.18 18:57:14 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dexpot [2013.03.18 18:57:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dexpot [2013.03.18 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Macromedia [2013.03.18 18:41:51 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Adobe [2013.03.18 18:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.18 18:41:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.18 18:39:16 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Macromedia [2013.03.18 18:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.18 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Mozilla [2013.03.18 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Mozilla [2013.03.18 18:31:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.03.18 18:30:12 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Opera [2013.03.18 18:30:11 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\OCS [2013.03.18 18:30:09 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\DesktopIconForAmazon [2013.03.18 18:29:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.18 18:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.18 18:24:13 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.18 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.03.18 18:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.03.18 18:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.03.18 18:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.03.18 18:15:41 | 000,000,000 | ---D | C] -- C:\Users\187jackie\Documents\Symantec [2013.03.18 18:15:07 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.18 18:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.03.18 18:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.03.18 18:15:05 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys [2013.03.18 18:15:05 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys [2013.03.18 18:15:05 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys [2013.03.18 18:15:05 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys [2013.03.18 18:15:05 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys [2013.03.18 18:15:05 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys [2013.03.18 18:15:05 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys [2013.03.18 18:15:05 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys [2013.03.18 18:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.03.18 18:15:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024 [2013.03.18 18:14:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.03.18 18:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.03.18 18:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.03.18 18:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.18 18:14:06 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.03.18 18:14:06 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.03.18 18:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.03.18 18:13:40 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.03.18 18:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.18 18:13:04 | 000,000,000 | ---D | C] -- C:\Temp [2013.03.18 18:09:24 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2013.03.18 18:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.18 18:05:37 | 000,000,000 | R--D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.18 18:05:37 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Searches [2013.03.18 18:05:37 | 000,000,000 | R--D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.18 18:05:31 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Identities [2013.03.18 18:05:30 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Contacts [2013.03.18 18:05:29 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\VirtualStore [2013.03.18 18:05:27 | 000,000,000 | --SD | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Videos [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Saved Games [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Pictures [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Music [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Links [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Favorites [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Downloads [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Documents [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\Desktop [2013.03.18 18:05:27 | 000,000,000 | R--D | C] -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Vorlagen [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\AppData\Local\Verlauf [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\AppData\Local\Temporary Internet Files [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Startmenü [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\SendTo [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Recent [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Netzwerkumgebung [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Lokale Einstellungen [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Documents\Eigene Videos [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Documents\Eigene Musik [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Eigene Dateien [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Documents\Eigene Bilder [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Druckumgebung [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Cookies [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\AppData\Local\Anwendungsdaten [2013.03.18 18:05:27 | 000,000,000 | -HSD | C] -- C:\Users\187jackie\Anwendungsdaten [2013.03.18 18:05:27 | 000,000,000 | -H-D | C] -- C:\Users\187jackie\AppData [2013.03.18 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Temp [2013.03.18 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Local\Microsoft [2013.03.18 18:05:27 | 000,000,000 | ---D | C] -- C:\Users\187jackie\AppData\Roaming\Media Center Programs [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.18 18:05:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.18 18:05:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.18 17:59:04 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.18 17:58:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.18 17:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2013.03.19 11:47:32 | 000,000,000 | ---- | M] () -- C:\Users\187jackie\defogger_reenable [2013.03.19 11:27:41 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 11:27:41 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 09:59:32 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.19 09:59:32 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.19 09:59:32 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.19 09:59:32 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.19 09:59:32 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.19 09:55:22 | 000,418,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.19 09:55:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 09:55:06 | 1066,749,950 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 09:54:25 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.19 09:54:25 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.19 09:54:25 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.19 09:45:42 | 000,002,021 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lights-Out Client.lnk [2013.03.19 09:07:27 | 001,997,756 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.03.19 08:42:50 | 001,588,762 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.19 07:13:36 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.03.19 07:13:36 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2013.03.19 07:07:58 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.19 07:07:58 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.19 07:07:58 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.03.18 18:39:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.18 18:39:30 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.18 18:30:13 | 000,114,688 | ---- | M] () -- C:\Windows\SysNative\osvninst.exe [2013.03.18 18:15:07 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.18 18:15:07 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.18 18:15:07 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.18 18:01:59 | 000,053,911 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.18 18:01:59 | 000,053,911 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.03.18 17:59:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.20 14:35:36 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini ========== Files Created - No Company Name ========== [2013.03.19 11:47:32 | 000,000,000 | ---- | C] () -- C:\Users\187jackie\defogger_reenable [2013.03.19 09:45:42 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lights-Out Client.lnk [2013.03.19 08:52:55 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.19 08:16:34 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe [2013.03.19 08:16:29 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.03.19 08:16:11 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.03.19 08:16:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.03.19 08:16:09 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.03.19 08:16:05 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2013.03.19 08:16:05 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.03.19 07:16:50 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.19 07:13:36 | 000,061,948 | ---- | C] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.19 07:13:36 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.03.19 07:13:36 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2013.03.19 07:13:36 | 000,000,820 | ---- | C] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.19 07:07:35 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2013.03.19 07:07:35 | 000,002,560 | ---- | C] () -- C:\Windows\SysNative\CTXFIGER.DLL [2013.03.19 07:06:22 | 000,006,130 | ---- | C] () -- C:\Windows\SysNative\CTOPT352.cat [2013.03.19 07:06:22 | 000,006,010 | ---- | C] () -- C:\Windows\SysWow64\CTOPT352.cat [2013.03.18 19:25:25 | 000,061,948 | ---- | C] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00431102}.rfx [2013.03.18 19:12:40 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd [2013.03.18 19:11:44 | 000,212,992 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.03.18 19:11:44 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.03.18 19:11:44 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.03.18 19:11:44 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.03.18 19:11:44 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.03.18 18:49:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.18 18:39:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.18 18:39:30 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.18 18:33:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.18 18:30:13 | 000,114,688 | ---- | C] () -- C:\Windows\SysNative\osvninst.exe [2013.03.18 18:24:07 | 003,035,306 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.03.18 18:16:59 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021 [2013.03.18 18:15:07 | 001,997,756 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB [2013.03.18 18:15:07 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.18 18:15:07 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.18 18:15:00 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat [2013.03.18 18:15:00 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat [2013.03.18 18:15:00 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat [2013.03.18 18:15:00 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat [2013.03.18 18:15:00 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat [2013.03.18 18:15:00 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat [2013.03.18 18:15:00 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat [2013.03.18 18:15:00 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat [2013.03.18 18:15:00 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat [2013.03.18 18:15:00 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf [2013.03.18 18:15:00 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf [2013.03.18 18:15:00 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf [2013.03.18 18:15:00 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf [2013.03.18 18:15:00 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf [2013.03.18 18:15:00 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf [2013.03.18 18:15:00 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf [2013.03.18 18:15:00 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf [2013.03.18 18:15:00 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini [2013.03.18 18:13:52 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.18 18:05:39 | 000,001,409 | ---- | C] () -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.03.18 18:05:38 | 000,001,443 | ---- | C] () -- C:\Users\187jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.18 18:01:51 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.18 18:01:50 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.03.18 17:59:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.18 17:58:56 | 1066,749,950 | -HS- | C] () -- C:\hiberfil.sys [2012.12.18 19:35:42 | 000,017,979 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2012.12.18 18:34:34 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2012.12.18 18:32:14 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2012.12.18 18:16:06 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2012.12.18 18:16:06 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2012.12.18 18:00:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2012.12.18 17:59:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.19 10:10:18 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\Buhl Data Service [2013.03.19 10:10:09 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\Buhl Data Service GmbH [2013.03.18 18:31:22 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\DesktopIconForAmazon [2013.03.18 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\Dexpot [2013.03.19 09:47:46 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\FreeCommander [2013.03.18 18:30:11 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\OCS [2013.03.18 18:30:12 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\Opera [2013.03.19 10:52:13 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\QuickScan [2013.03.19 07:13:20 | 000,000,000 | ---D | M] -- C:\Users\187jackie\AppData\Roaming\SteelSeries ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 11:48:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\187jackie\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
11,99 Gb Total Physical Memory | 8,74 Gb Available Physical Memory | 72,92% Memory free
23,98 Gb Paging File | 20,67 Gb Available in Paging File | 86,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,47 Gb Total Space | 171,75 Gb Free Space | 76,85% Space Free | Partition Type: NTFS
Drive D: | 279,46 Gb Total Space | 122,54 Gb Free Space | 43,85% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 754,92 Gb Free Space | 81,04% Space Free | Partition Type: NTFS
Computer Name: 187JACKIE-PC | User Name: 187jackie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D57158-8A59-4FB8-800E-D7BF8E475DA1}" = lport=138 | protocol=17 | dir=in | app=system |
"{053E1BD7-0A39-4C32-9495-262A253969FC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A20830D-6A9B-44E5-89AF-24D8DBA21068}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12B237BF-AA74-47F0-AF36-E5CF316FE416}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A8A2DB0-982B-46AF-891B-9207288DAD0B}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EBFD3B7-29A8-4D83-A79F-CD6D7426EA14}" = rport=137 | protocol=17 | dir=out | app=system |
"{34662F64-6747-44A7-BA48-A4BCDF08CC13}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5E4284F7-BA22-4773-8764-EC048EF4596C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B1B558C-7CCB-4B01-A8B2-D38442276723}" = lport=139 | protocol=6 | dir=in | app=system |
"{72F9D513-0D74-4E3A-99F0-34FBA1FB8F3B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{965196CD-08B8-424F-851C-FA792DA0F0C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1D31E82-0B7A-4E5F-BD22-F70B7AABE8C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A37759EA-D9C3-4ADB-91FB-F2C4AE3BC097}" = lport=445 | protocol=6 | dir=in | app=system |
"{A4D7AB9C-97E1-4C91-A0F6-FB7956AD3FB8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AAF2667F-18AD-48CC-BC7C-69D924DAFFCB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8F273CE-0742-427E-889B-E536F8402D8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9E7FCEB-2187-42D6-9BFC-0F754DE2E6D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5C42338-851C-4624-B8A2-7B70CF1BA14F}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9F1197B-3CB0-4467-856E-69E86757A109}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9E257AB-2B4F-418D-AC7D-C9471E8B2783}" = lport=137 | protocol=17 | dir=in | app=system |
"{DC6EFBA9-2F76-40A6-B1D5-929F4C55285F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{E042706B-3C53-424D-AC73-DCE398DFED17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{071CB270-AD4B-4D61-8521-925FE1CADFAF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis\bin32\crysis.exe |
"{0B73CFC3-1704-45D3-A636-B99886988FD2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{10845695-BACA-43AC-AA54-538F83B78888}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{22B55476-5F8E-48D5-BB6E-FD5898F316D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{25303252-F752-4018-AB3F-92DAAA08553F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{28415C80-BA9B-439C-93A0-A582203836B5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{2E0292B9-84F4-4C8B-8283-10619A25E353}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{37FC83FE-6D2E-4FFB-B582-DB1155E48805}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A9FB8F7-BB81-4E6D-858F-C6EC20B290CE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{40B0A016-2025-40BF-A0C1-2C55362251B9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{494D5ED0-84EA-4EF4-9B98-D54D1CC4B014}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{4AC1A226-8B94-4ACE-8202-CEF2AA2EA0AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4C948CC4-EF4B-4DD5-BC67-6691347A8610}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{505C6C59-62E3-4DE6-A974-873C436132BC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\anno 2070\anno5.exe |
"{51712BB0-3351-4474-A841-384051F743D2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{552BD3E0-6131-4EDE-B1E4-DF5BC6119B07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5711C4D1-2D64-4798-93AD-1049E1696F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B5B7061-2C0F-41B5-A314-37C2A3EAD20B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{5B74B0D7-6897-4E6D-BC7D-3BE1D262E134}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{635C1C1B-F5CE-4A58-B51F-96D278BA257B}" = protocol=6 | dir=out | app=system |
"{63BB61E5-4C24-4952-B859-3DF340045B12}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{65667B9B-0AFE-418F-8AF0-9525DC7F257A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis\bin32\crysis.exe |
"{67E488EA-8BB5-43BA-B06E-B370B1FE05AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C5362A2-6740-44AE-B551-080E19EA560B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{708235A4-7484-4AC1-9632-DD8A09BC9F17}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{72A220BE-6A84-4381-A71E-1DE1A68D5AAE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79339CF9-5E98-4A14-9D4C-3803F65A679B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{7D7662D2-6F9E-4A30-8101-D08636E9B5E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{852DFD11-330B-4D1C-9497-BB24A62E43E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{894EA970-6282-4930-A9DE-154DC2D663CC}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{90F33344-43CE-4647-B805-A6F498F77477}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93CCF1DC-EDD3-404D-9E69-C8DF2DE65F42}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9400C931-2F74-47DD-98E4-7891AE514EBF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{977F11B5-E7D0-4C6E-B6D0-6243B4FC5876}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9945735E-C34F-47C1-9316-C0809B06B683}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9AC80846-55D0-433E-B516-03547AE3F2E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A201AF6B-2019-475D-8CAB-90C9710D2621}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AFEE16F0-4315-41B3-837D-AC3A0CC8BF5E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\anno 2070\anno5.exe |
"{B08F83C7-AC57-4835-977C-0C8A1BB7DF05}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\brink\brink.exe |
"{B6B04B4D-0AA9-42A5-A979-02428E11765D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{B88C7996-9F79-431A-93CE-2EA642732C3C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{D47D3FB8-280E-4FED-B577-607579BA5534}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\brink\brink.exe |
"{D7346382-C599-40D4-ACF8-673AD0B5E148}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\assassin's creed 2\assassinscreediigame.exe |
"{DB82F642-1BE3-4248-80D6-ECFB7D69826E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe |
"{E43E6823-97D2-4D33-9EEE-6A6937ABAEB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E6B6326E-A036-4BED-AB19-065477124627}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe |
"{E9A2FAF3-8919-499C-87FC-4600BDE57953}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7462D07-C356-4701-8D15-40711698F2CF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F8893C7E-5A46-41F4-89BA-A6844854513D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FBF2323A-4286-43D0-8C88-EBA8EEF1DB09}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C1E4D639-4A33-4314-809E-89BD0EF48522}" = Windows Home Server 2011 Connector
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{DA0D6B4B-EED6-4EE8-9ECF-0F7D83F5E0CE}" = Lights-Out Client x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SteelSeries Engine" = SteelSeries Engine
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DAC580DB-6629-43B9-98DD-8BABA515B958}" = WISO Mein Geld 2013 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DTS Connect Pack" = DTS Connect Pack
"FreeCommander_is1" = FreeCommander 2009.02b
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"NIS" = Norton Internet Security
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"VLC media player" = VLC media player 2.0.5
"WISO Mein Geld 2013 Professional" = WISO Mein Geld 2013 Professional
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
"Opera 12.14.1738" = Opera 12.14
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.03.2013 02:27:41 | Computer Name = 187jackie-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".
Die
abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 19.03.2013 03:47:48 | Computer Name = 187jackie-PC | Source = Application Hang | ID = 1002
Description = Programm OUTLOOK.EXE, Version 14.0.6117.5001 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 16e8 Startzeit: 01ce24723df1ab6d Endzeit: 19 Anwendungspfad:
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE Berichts-ID: 451a9a28-9069-11e2-b2ca-00248ca450a8
Error - 19.03.2013 03:52:48 | Computer Name = 187jackie-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 19.03.2013 03:52:48 | Computer Name = 187jackie-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 19.03.2013 03:53:14 | Computer Name = 187jackie-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 19.03.2013 04:06:25 | Computer Name = 187jackie-PC | Source = ESENT | ID = 215
Description = WinMail (3592) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 19.03.2013 04:06:27 | Computer Name = 187jackie-PC | Source = ESENT | ID = 215
Description = WinMail (2052) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 19.03.2013 04:41:26 | Computer Name = 187jackie-PC | Source = VSS | ID = 8194
Description =
Error - 19.03.2013 04:54:17 | Computer Name = 187jackie-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 19.03.2013 05:53:18 | Computer Name = 187jackie-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "Sophos Virus Removal Tool" konnte nicht
neu gestartet werden.
[ System Events ]
Error - 19.03.2013 03:45:45 | Computer Name = 187jackie-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 19.03.2013 03:45:45 | Computer Name = 187jackie-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 19.03.2013 03:45:46 | Computer Name = 187jackie-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 19.03.2013 03:49:54 | Computer Name = 187jackie-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 19.03.2013 04:04:38 | Computer Name = 187jackie-PC | Source = DCOM | ID = 10016
Description =
Error - 19.03.2013 04:04:40 | Computer Name = 187jackie-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.03.2013 04:04:40 | Computer Name = 187jackie-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.03.2013 04:04:40 | Computer Name = 187jackie-PC | Source = WMPNetworkSvc | ID = 866321
Description =
Error - 19.03.2013 04:04:40 | Computer Name = 187jackie-PC | Source = WMPNetworkSvc | ID = 866317
Description =
Error - 19.03.2013 05:53:18 | Computer Name = 187jackie-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sophos Virus Removal Tool" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
19.03.2013, 12:41
| #2 |
| | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Gmer-TXT
__________________Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-19 12:08:57
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 OCZ-VERTEX3 rev.2.15 223,57GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\187JAC~1\AppData\Local\Temp\uwdiquod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010048091c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100480048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001004802ee
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001004804b2
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001004809fe
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100480ae0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010003004c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010048012a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100480758
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100480676
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001004803d0
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100480594
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010048083a
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010048020c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100480f52
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100490210
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100490048
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff8a11a9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100480ca6
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001004903d8
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010049012c
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001004902f4
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100480e6e
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[820] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 00000001004904bc
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 00000001001d091c
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 00000001001d0048
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001d02ee
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001d04b2
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001d09fe
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 00000001001d0ae0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 00000001001d012a
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 00000001001d0758
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 00000001001d0676
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001d03d0
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 00000001001d0594
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 00000001001d083a
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 00000001001d020c
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 00000001001e059e
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 00000001001d0f52
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 00000001001e0210
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 00000001001e0048
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89e6a9d1}
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 00000001001d0ca6
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001e03d8
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 00000001001e012c
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001e02f4
.text C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe[136] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 00000001001d0e6e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010011091c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100110048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001102ee
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001104b2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001109fe
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100110ae0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010011012a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100110758
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100110676
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001103d0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100110594
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010011083a
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010011020c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076051465 2 bytes [05, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760514bb 2 bytes [05, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 0000000100160762
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100110f52
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100160210
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100160048
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89dea9d1}
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100110ca6
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001603d8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010016012c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001602f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1444] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100110e6e
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010023091c
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100230048
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001002302ee
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001002304b2
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001002309fe
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100230ae0
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010023012a
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100230758
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100230676
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001002303d0
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100230594
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010023083a
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010023020c
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 00000001002404bc
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100230f52
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100240210
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100240048
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89eca9d1}
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100230ca6
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001002403d8
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010024012c
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001002402f4
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100230e6e
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076051465 2 bytes [05, 76]
.text C:\Program Files (x86)\Dexpot\dexpot.exe[4868] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000760514bb 2 bytes [05, 76]
.text ... * 2
.text C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!DbgBreakPoint 0000000076eb0530 3 bytes [8B, 40, 30]
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010020091c
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100200048
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001002002ee
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001002004b2
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001002009fe
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100200ae0
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010003004c
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010020012a
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100200758
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100200676
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001002003d0
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100200594
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010020083a
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010020020c
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100200f52
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100210210
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100210048
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89e9a9d1}
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100200ca6
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001002103d8
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010021012c
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001002102f4
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100200e6e
.text C:\Windows\SysWOW64\Ctxfihlp.exe[4468] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 00000001002104bc
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010023091c
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100230048
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001002302ee
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001002304b2
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001002309fe
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100230ae0
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010023012a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100230758
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100230676
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001002303d0
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100230594
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010023083a
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010023020c
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100230f52
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100240210
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100240048
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89eca9d1}
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100230ca6
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001002403d8
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010024012c
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001002402f4
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100230e6e
.text C:\Windows\SysWOW64\CTXFISPI.EXE[852] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010024059e
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010011091c
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100110048
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001102ee
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001104b2
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001109fe
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100110ae0
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010011012a
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100110758
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100110676
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001103d0
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100110594
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010011083a
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010011020c
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010012059e
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100110f52
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100120210
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100120048
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89daa9d1}
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100110ca6
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001203d8
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010012012c
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001202f4
.text C:\Program Files (x86)\Dexpot\plugins\DexControl.exe[5668] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100110e6e
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89d9a9d1}
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe[6364] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010011059e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89d9a9d1}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010011059e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076051465 2 bytes [05, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[4640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760514bb 2 bytes [05, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89d9a9d1}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[4584] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010011059e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 000000010011091c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 0000000100110048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001001102ee
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001001104b2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001001109fe
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 0000000100110ae0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 000000010011012a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 0000000100110758
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 0000000100110676
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001001103d0
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 0000000100110594
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 000000010011083a
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 000000010011020c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 0000000100110f52
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100120210
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100120048
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff89daa9d1}
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 0000000100110ca6
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001001203d8
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010012012c
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001001202f4
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 0000000100110e6e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 000000010012059e
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076051465 2 bytes [05, 76]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760514bb 2 bytes [05, 76]
.text ... * 2
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007705fc90 5 bytes JMP 00000001004f091c
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007705fdf4 5 bytes JMP 00000001004f0048
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007705fe88 5 bytes JMP 00000001004f02ee
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007705ffe4 5 bytes JMP 00000001004f04b2
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077060018 5 bytes JMP 00000001004f09fe
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077060048 5 bytes JMP 00000001004f0ae0
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077060064 5 bytes JMP 000000010002004c
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007706077c 5 bytes JMP 00000001004f012a
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007706086c 5 bytes JMP 00000001004f0758
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077060884 5 bytes JMP 00000001004f0676
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077060dd4 5 bytes JMP 00000001004f03d0
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077061900 5 bytes JMP 00000001004f0594
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077061bc4 5 bytes JMP 00000001004f083a
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077061d50 5 bytes JMP 00000001004f020c
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007637524f 7 bytes JMP 00000001004f0f52
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000763753d0 7 bytes JMP 0000000100500210
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076375677 1 byte JMP 0000000100500048
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076375679 5 bytes {JMP 0xffffffff8a18a9d1}
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007637589a 7 bytes JMP 00000001004f0ca6
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076375a1d 7 bytes JMP 00000001005003d8
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076375c9b 7 bytes JMP 000000010050012c
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076375d87 7 bytes JMP 00000001005002f4
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076377240 7 bytes JMP 00000001004f0e6e
.text C:\Users\187jackie\Desktop\gmer_2.1.19155.exe[4544] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000074c61492 7 bytes JMP 00000001005004bc
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:4020] 0000000076377587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:1976] 000000006c890cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:4028] 0000000077092e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:4580] 0000000077093e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:6136] 0000000077093e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4008:10040] 0000000077093e45
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1464:1528] 000007fefb822a7c
---- EOF - GMER 2.1 ----
|
|
19.03.2013, 15:13
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.03.2013, 19:39
| #4 | ||
| | parking.supernova-advertising Weiterleitung Firefox+Internet ExplorerZitat:
Zitat:
Ich hatte erst was im Netz gelesen und dann einmal Malwarebytes ausgeführt, der hat aber kein Logfile gespeichert und auch nichts gefunden. Danach hab ich es dann wieder deinstalliert. Dann bin ich auf dieses Forum gestoßen und wollte nur noch das durchlaufen lassen, was hier vorgeschlagen wird. Somit kann ich leider das Logfile von Malewarebytes nicht uploaden. |
|
20.03.2013, 11:17
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.03.2013, 13:51
| #6 |
| | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer so, Danke schonmal für die Hilfe. habe die Anleitung jetzt Schritt für Schritt durchgearbeitet und die folgenden Ergebnisse erhalten. MBAR (Malwarebytes Anti-Rootkit) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
187jackie :: 187JACKIE-PC [administrator]
20.03.2013 12:41:24
mbar-log-2013-03-20 (12-41-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29234
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Habe das Programm 3x ausgeführt und auch den Rechner neugestartet, aber das Programm stürzt immer an der selben Stelle ab.  TDSS-Killer Code:
ATTFilter 13:35:59.0953 6956 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:36:00.0426 6956 ============================================================
13:36:00.0427 6956 Current date / time: 2013/03/20 13:36:00.0426
13:36:00.0427 6956 SystemInfo:
13:36:00.0427 6956
13:36:00.0427 6956 OS Version: 6.1.7601 ServicePack: 1.0
13:36:00.0427 6956 Product type: Workstation
13:36:00.0427 6956 ComputerName: 187JACKIE-PC
13:36:00.0427 6956 UserName: 187jackie
13:36:00.0427 6956 Windows directory: C:\Windows
13:36:00.0427 6956 System windows directory: C:\Windows
13:36:00.0427 6956 Running under WOW64
13:36:00.0427 6956 Processor architecture: Intel x64
13:36:00.0427 6956 Number of processors: 8
13:36:00.0427 6956 Page size: 0x1000
13:36:00.0427 6956 Boot type: Normal boot
13:36:00.0427 6956 ============================================================
13:36:00.0640 6956 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:36:00.0641 6956 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:36:00.0657 6956 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:36:00.0671 6956 ============================================================
13:36:00.0671 6956 \Device\Harddisk0\DR0:
13:36:00.0671 6956 MBR partitions:
13:36:00.0671 6956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:36:00.0671 6956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000
13:36:00.0671 6956 \Device\Harddisk1\DR1:
13:36:00.0671 6956 MBR partitions:
13:36:00.0671 6956 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
13:36:00.0671 6956 \Device\Harddisk2\DR2:
13:36:00.0671 6956 MBR partitions:
13:36:00.0671 6956 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:36:00.0671 6956 ============================================================
13:36:00.0672 6956 C: <-> \Device\Harddisk0\DR0\Partition2
13:36:00.0677 6956 D: <-> \Device\Harddisk1\DR1\Partition1
13:36:00.0719 6956 E: <-> \Device\Harddisk2\DR2\Partition1
13:36:00.0719 6956 ============================================================
13:36:00.0719 6956 Initialize success
13:36:00.0719 6956 ============================================================
13:36:09.0595 7032 ============================================================
13:36:09.0595 7032 Scan started
13:36:09.0595 7032 Mode: Manual;
13:36:09.0595 7032 ============================================================
13:36:09.0814 7032 ================ Scan system memory ========================
13:36:09.0814 7032 System memory - ok
13:36:09.0814 7032 ================ Scan services =============================
13:36:09.0853 7032 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:36:09.0855 7032 1394ohci - ok
13:36:09.0860 7032 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:36:09.0863 7032 ACPI - ok
13:36:09.0866 7032 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:36:09.0867 7032 AcpiPmi - ok
13:36:09.0871 7032 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:36:09.0871 7032 AdobeARMservice - ok
13:36:09.0878 7032 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:36:09.0882 7032 adp94xx - ok
13:36:09.0887 7032 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:36:09.0890 7032 adpahci - ok
13:36:09.0894 7032 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:36:09.0895 7032 adpu320 - ok
13:36:09.0900 7032 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:36:09.0900 7032 AeLookupSvc - ok
13:36:09.0907 7032 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:36:09.0911 7032 AFD - ok
13:36:09.0914 7032 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:36:09.0914 7032 agp440 - ok
13:36:09.0917 7032 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:36:09.0918 7032 ALG - ok
13:36:09.0920 7032 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:36:09.0921 7032 aliide - ok
13:36:09.0923 7032 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:36:09.0924 7032 amdide - ok
13:36:09.0927 7032 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:36:09.0927 7032 AmdK8 - ok
13:36:09.0930 7032 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:36:09.0930 7032 AmdPPM - ok
13:36:09.0934 7032 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:36:09.0934 7032 amdsata - ok
13:36:09.0938 7032 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:36:09.0940 7032 amdsbs - ok
13:36:09.0942 7032 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:36:09.0942 7032 amdxata - ok
13:36:09.0945 7032 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:36:09.0945 7032 AppID - ok
13:36:09.0948 7032 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:36:09.0948 7032 AppIDSvc - ok
13:36:09.0951 7032 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:36:09.0951 7032 Appinfo - ok
13:36:09.0956 7032 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
13:36:09.0957 7032 AppMgmt - ok
13:36:09.0960 7032 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:36:09.0960 7032 arc - ok
13:36:09.0963 7032 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:36:09.0964 7032 arcsas - ok
13:36:09.0969 7032 [ 1E00D45122C5417F3110A69FCB1B7751 ] arXfrSvc C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
13:36:09.0970 7032 arXfrSvc - ok
13:36:09.0980 7032 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:36:09.0983 7032 aspnet_state - ok
13:36:09.0985 7032 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:09.0986 7032 AsyncMac - ok
13:36:09.0988 7032 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:36:09.0988 7032 atapi - ok
13:36:09.0996 7032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:36:10.0001 7032 AudioEndpointBuilder - ok
13:36:10.0008 7032 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:36:10.0011 7032 AudioSrv - ok
13:36:10.0014 7032 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:36:10.0015 7032 AxInstSV - ok
13:36:10.0021 7032 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:36:10.0024 7032 b06bdrv - ok
13:36:10.0029 7032 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:36:10.0031 7032 b57nd60a - ok
13:36:10.0033 7032 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader C:\Windows\system32\DRIVERS\BackupReader.sys
13:36:10.0034 7032 BackupReader - ok
13:36:10.0038 7032 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:36:10.0039 7032 BDESVC - ok
13:36:10.0041 7032 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:36:10.0041 7032 Beep - ok
13:36:10.0049 7032 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:36:10.0055 7032 BFE - ok
13:36:10.0071 7032 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
13:36:10.0076 7032 BHDrvx64 - ok
13:36:10.0086 7032 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:36:10.0090 7032 BITS - ok
13:36:10.0093 7032 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:36:10.0093 7032 blbdrive - ok
13:36:10.0099 7032 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:36:10.0102 7032 Bonjour Service - ok
13:36:10.0105 7032 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:36:10.0106 7032 bowser - ok
13:36:10.0108 7032 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:10.0108 7032 BrFiltLo - ok
13:36:10.0111 7032 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:10.0111 7032 BrFiltUp - ok
13:36:10.0114 7032 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:36:10.0115 7032 Browser - ok
13:36:10.0120 7032 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
13:36:10.0122 7032 Brserid - ok
13:36:10.0124 7032 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:10.0124 7032 BrSerWdm - ok
13:36:10.0127 7032 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:10.0127 7032 BrUsbMdm - ok
13:36:10.0129 7032 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
13:36:10.0129 7032 BrUsbSer - ok
13:36:10.0132 7032 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:10.0133 7032 BTHMODEM - ok
13:36:10.0136 7032 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:36:10.0137 7032 bthserv - ok
13:36:10.0140 7032 [ 3862E463B01E20326325DDDDDFBB3372 ] busenum C:\Windows\system32\DRIVERS\SteelBus64.sys
13:36:10.0141 7032 busenum - ok
13:36:10.0145 7032 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
13:36:10.0146 7032 ccSet_NIS - ok
13:36:10.0149 7032 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:36:10.0150 7032 cdfs - ok
13:36:10.0153 7032 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:36:10.0154 7032 cdrom - ok
13:36:10.0157 7032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:36:10.0157 7032 CertPropSvc - ok
13:36:10.0160 7032 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:36:10.0160 7032 circlass - ok
13:36:10.0165 7032 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:36:10.0168 7032 CLFS - ok
13:36:10.0174 7032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:10.0175 7032 clr_optimization_v2.0.50727_32 - ok
13:36:10.0179 7032 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:36:10.0181 7032 clr_optimization_v2.0.50727_64 - ok
13:36:10.0189 7032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:10.0194 7032 clr_optimization_v4.0.30319_32 - ok
13:36:10.0198 7032 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:36:10.0200 7032 clr_optimization_v4.0.30319_64 - ok
13:36:10.0202 7032 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:10.0203 7032 CmBatt - ok
13:36:10.0205 7032 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:36:10.0205 7032 cmdide - ok
13:36:10.0211 7032 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:36:10.0216 7032 CNG - ok
13:36:10.0218 7032 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:36:10.0219 7032 Compbatt - ok
13:36:10.0221 7032 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:36:10.0221 7032 CompositeBus - ok
13:36:10.0223 7032 COMSysApp - ok
13:36:10.0226 7032 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:10.0227 7032 crcdisk - ok
13:36:10.0229 7032 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:36:10.0230 7032 Creative ALchemy AL6 Licensing Service - ok
13:36:10.0233 7032 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:36:10.0234 7032 Creative Audio Engine Licensing Service - ok
13:36:10.0239 7032 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:36:10.0240 7032 CryptSvc - ok
13:36:10.0246 7032 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
13:36:10.0250 7032 CSC - ok
13:36:10.0258 7032 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
13:36:10.0263 7032 CscService - ok
13:36:10.0267 7032 [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
13:36:10.0268 7032 CT20XUT - ok
13:36:10.0272 7032 [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
13:36:10.0273 7032 CT20XUT.SYS - ok
13:36:10.0280 7032 [ CBB7D529BEF84ACBEFF4383D2E641429 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
13:36:10.0284 7032 ctac32k - ok
13:36:10.0293 7032 [ D48821CEA87EE02E61C8087931E65214 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
13:36:10.0296 7032 ctaud2k - ok
13:36:10.0301 7032 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:36:10.0304 7032 CTAudSvcService - ok
13:36:10.0318 7032 [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
13:36:10.0324 7032 CTEXFIFX - ok
13:36:10.0338 7032 [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
13:36:10.0343 7032 CTEXFIFX.SYS - ok
13:36:10.0347 7032 [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
13:36:10.0347 7032 CTHWIUT - ok
13:36:10.0350 7032 [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
13:36:10.0351 7032 CTHWIUT.SYS - ok
13:36:10.0353 7032 [ BD442E7C6CC3C6B601E5733D70F8DE10 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
13:36:10.0354 7032 ctprxy2k - ok
13:36:10.0358 7032 [ 42E18F3D1C442137E37F0564D4AF1FE5 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
13:36:10.0359 7032 ctsfm2k - ok
13:36:10.0366 7032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:36:10.0371 7032 DcomLaunch - ok
13:36:10.0375 7032 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:36:10.0377 7032 defragsvc - ok
13:36:10.0380 7032 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:36:10.0381 7032 DfsC - ok
13:36:10.0386 7032 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:36:10.0389 7032 Dhcp - ok
13:36:10.0392 7032 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:36:10.0392 7032 discache - ok
13:36:10.0395 7032 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:36:10.0396 7032 Disk - ok
13:36:10.0399 7032 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:36:10.0401 7032 Dnscache - ok
13:36:10.0405 7032 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:36:10.0407 7032 dot3svc - ok
13:36:10.0410 7032 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:36:10.0412 7032 DPS - ok
13:36:10.0414 7032 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:36:10.0414 7032 drmkaud - ok
13:36:10.0424 7032 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:36:10.0428 7032 DXGKrnl - ok
13:36:10.0432 7032 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:36:10.0433 7032 EapHost - ok
13:36:10.0462 7032 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:36:10.0486 7032 ebdrv - ok
13:36:10.0493 7032 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
13:36:10.0495 7032 eeCtrl - ok
13:36:10.0498 7032 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:36:10.0498 7032 EFS - ok
13:36:10.0507 7032 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:36:10.0513 7032 ehRecvr - ok
13:36:10.0516 7032 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:36:10.0517 7032 ehSched - ok
13:36:10.0524 7032 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:36:10.0528 7032 elxstor - ok
13:36:10.0531 7032 [ A3A0790511C8303DEE122917835E2502 ] emupia C:\Windows\system32\drivers\emupia2k.sys
13:36:10.0532 7032 emupia - ok
13:36:10.0535 7032 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:36:10.0535 7032 EraserUtilRebootDrv - ok
13:36:10.0537 7032 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:36:10.0538 7032 ErrDev - ok
13:36:10.0546 7032 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:36:10.0549 7032 EventSystem - ok
13:36:10.0552 7032 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:36:10.0554 7032 exfat - ok
13:36:10.0558 7032 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:36:10.0559 7032 fastfat - ok
13:36:10.0567 7032 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:36:10.0572 7032 Fax - ok
13:36:10.0575 7032 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:36:10.0575 7032 fdc - ok
13:36:10.0577 7032 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:36:10.0578 7032 fdPHost - ok
13:36:10.0580 7032 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:36:10.0581 7032 FDResPub - ok
13:36:10.0583 7032 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:36:10.0584 7032 FileInfo - ok
13:36:10.0586 7032 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:36:10.0587 7032 Filetrace - ok
13:36:10.0589 7032 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:10.0589 7032 flpydisk - ok
13:36:10.0594 7032 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:36:10.0596 7032 FltMgr - ok
13:36:10.0607 7032 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:36:10.0613 7032 FontCache - ok
13:36:10.0616 7032 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:36:10.0617 7032 FontCache3.0.0.0 - ok
13:36:10.0619 7032 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:36:10.0620 7032 FsDepends - ok
13:36:10.0622 7032 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:36:10.0623 7032 Fs_Rec - ok
13:36:10.0627 7032 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:36:10.0628 7032 fvevol - ok
13:36:10.0631 7032 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:10.0632 7032 gagp30kx - ok
13:36:10.0640 7032 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:36:10.0646 7032 gpsvc - ok
13:36:10.0661 7032 [ 012895BB7AF4B86DE4BBE1212D9CA568 ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
13:36:10.0668 7032 ha20x22k - ok
13:36:10.0683 7032 [ F016406FF3A8B6419D805BFFAC454518 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
13:36:10.0695 7032 ha20x2k - ok
13:36:10.0698 7032 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:36:10.0698 7032 hcw85cir - ok
13:36:10.0703 7032 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:36:10.0706 7032 HdAudAddService - ok
13:36:10.0709 7032 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:36:10.0710 7032 HDAudBus - ok
13:36:10.0712 7032 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:10.0713 7032 HealthAlertsSvc - ok
13:36:10.0715 7032 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:10.0716 7032 HidBatt - ok
13:36:10.0718 7032 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:36:10.0719 7032 HidBth - ok
13:36:10.0722 7032 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:36:10.0722 7032 HidIr - ok
13:36:10.0724 7032 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:36:10.0725 7032 hidserv - ok
13:36:10.0727 7032 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:36:10.0728 7032 HidUsb - ok
13:36:10.0731 7032 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:36:10.0732 7032 hkmsvc - ok
13:36:10.0736 7032 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:36:10.0738 7032 HomeGroupListener - ok
13:36:10.0742 7032 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:36:10.0744 7032 HomeGroupProvider - ok
13:36:10.0747 7032 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:36:10.0747 7032 HpSAMD - ok
13:36:10.0755 7032 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:36:10.0761 7032 HTTP - ok
13:36:10.0764 7032 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:36:10.0764 7032 hwpolicy - ok
13:36:10.0767 7032 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:36:10.0768 7032 i8042prt - ok
13:36:10.0773 7032 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:36:10.0776 7032 iaStorV - ok
13:36:10.0786 7032 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:36:10.0793 7032 idsvc - ok
13:36:10.0800 7032 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130319.002\IDSvia64.sys
13:36:10.0803 7032 IDSVia64 - ok
13:36:10.0805 7032 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:36:10.0806 7032 iirsp - ok
13:36:10.0815 7032 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:36:10.0822 7032 IKEEXT - ok
13:36:10.0825 7032 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:10.0826 7032 initMonitor - ok
13:36:10.0828 7032 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:36:10.0829 7032 intelide - ok
13:36:10.0831 7032 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:36:10.0832 7032 intelppm - ok
13:36:10.0835 7032 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:36:10.0836 7032 IPBusEnum - ok
13:36:10.0839 7032 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:10.0839 7032 IpFilterDriver - ok
13:36:10.0846 7032 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:36:10.0850 7032 iphlpsvc - ok
13:36:10.0853 7032 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:36:10.0854 7032 IPMIDRV - ok
13:36:10.0857 7032 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:36:10.0857 7032 IPNAT - ok
13:36:10.0860 7032 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:36:10.0860 7032 IRENUM - ok
13:36:10.0862 7032 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:36:10.0863 7032 isapnp - ok
13:36:10.0867 7032 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:36:10.0869 7032 iScsiPrt - ok
13:36:10.0871 7032 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:36:10.0872 7032 kbdclass - ok
13:36:10.0874 7032 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:36:10.0875 7032 kbdhid - ok
13:36:10.0877 7032 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:36:10.0878 7032 KeyIso - ok
13:36:10.0881 7032 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:36:10.0881 7032 KSecDD - ok
13:36:10.0885 7032 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:36:10.0886 7032 KSecPkg - ok
13:36:10.0889 7032 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:36:10.0889 7032 ksthunk - ok
13:36:10.0894 7032 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:36:10.0897 7032 KtmRm - ok
13:36:10.0899 7032 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
13:36:10.0900 7032 LANConfig - ok
13:36:10.0904 7032 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:36:10.0907 7032 LanmanServer - ok
13:36:10.0910 7032 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:36:10.0911 7032 LanmanWorkstation - ok
13:36:10.0915 7032 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
13:36:10.0915 7032 LGBusEnum - ok
13:36:10.0918 7032 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
13:36:10.0918 7032 LGVirHid - ok
13:36:10.0920 7032 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:36:10.0921 7032 lltdio - ok
13:36:10.0926 7032 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:36:10.0928 7032 lltdsvc - ok
13:36:10.0930 7032 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:36:10.0931 7032 lmhosts - ok
13:36:10.0933 7032 [ 7B73F2695700F79335057E1262CBA766 ] LoClntService C:\Program Files\Windows Server\bin\LightsOutClientService.exe
13:36:10.0934 7032 LoClntService - ok
13:36:10.0938 7032 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:10.0939 7032 LSI_FC - ok
13:36:10.0941 7032 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:10.0942 7032 LSI_SAS - ok
13:36:10.0945 7032 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:10.0945 7032 LSI_SAS2 - ok
13:36:10.0948 7032 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:10.0948 7032 LSI_SCSI - ok
13:36:10.0951 7032 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:36:10.0952 7032 luafv - ok
13:36:10.0955 7032 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:36:10.0956 7032 Mcx2Svc - ok
13:36:10.0958 7032 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:36:10.0958 7032 megasas - ok
13:36:10.0963 7032 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:10.0965 7032 MegaSR - ok
13:36:10.0971 7032 Microsoft SharePoint Workspace Audit Service - ok
13:36:10.0973 7032 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:36:10.0974 7032 MMCSS - ok
13:36:10.0977 7032 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:36:10.0977 7032 Modem - ok
13:36:10.0980 7032 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:36:10.0980 7032 monitor - ok
13:36:10.0982 7032 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:36:10.0983 7032 mouclass - ok
13:36:10.0985 7032 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:36:10.0986 7032 mouhid - ok
13:36:10.0988 7032 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:36:10.0989 7032 mountmgr - ok
13:36:10.0993 7032 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:36:10.0994 7032 mpio - ok
13:36:10.0996 7032 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:36:10.0997 7032 mpsdrv - ok
13:36:11.0006 7032 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:36:11.0012 7032 MpsSvc - ok
13:36:11.0016 7032 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:36:11.0017 7032 MRxDAV - ok
13:36:11.0020 7032 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:11.0021 7032 mrxsmb - ok
13:36:11.0026 7032 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:11.0028 7032 mrxsmb10 - ok
13:36:11.0031 7032 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:11.0032 7032 mrxsmb20 - ok
13:36:11.0034 7032 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:36:11.0035 7032 msahci - ok
13:36:11.0038 7032 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:36:11.0039 7032 msdsm - ok
13:36:11.0042 7032 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:36:11.0044 7032 MSDTC - ok
13:36:11.0048 7032 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:36:11.0049 7032 Msfs - ok
13:36:11.0051 7032 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:36:11.0051 7032 mshidkmdf - ok
13:36:11.0054 7032 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:36:11.0054 7032 msisadrv - ok
13:36:11.0057 7032 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:36:11.0059 7032 MSiSCSI - ok
13:36:11.0061 7032 msiserver - ok
13:36:11.0063 7032 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:36:11.0064 7032 MSKSSRV - ok
13:36:11.0068 7032 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:11.0068 7032 MSPCLOCK - ok
13:36:11.0070 7032 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:36:11.0071 7032 MSPQM - ok
13:36:11.0076 7032 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:36:11.0079 7032 MsRPC - ok
13:36:11.0083 7032 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:36:11.0083 7032 mssmbios - ok
13:36:11.0085 7032 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:36:11.0086 7032 MSTEE - ok
13:36:11.0088 7032 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:11.0088 7032 MTConfig - ok
13:36:11.0090 7032 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:36:11.0091 7032 MTsensor - ok
13:36:11.0093 7032 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:36:11.0094 7032 Mup - ok
13:36:11.0100 7032 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:36:11.0105 7032 napagent - ok
13:36:11.0110 7032 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:36:11.0112 7032 NativeWifiP - ok
13:36:11.0116 7032 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130319.005\ENG64.SYS
13:36:11.0116 7032 NAVENG - ok
13:36:11.0135 7032 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130319.005\EX64.SYS
13:36:11.0143 7032 NAVEX15 - ok
13:36:11.0154 7032 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:36:11.0161 7032 NDIS - ok
13:36:11.0163 7032 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:11.0164 7032 NdisCap - ok
13:36:11.0166 7032 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:11.0166 7032 NdisTapi - ok
13:36:11.0169 7032 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:11.0170 7032 Ndisuio - ok
13:36:11.0173 7032 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:11.0175 7032 NdisWan - ok
13:36:11.0177 7032 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:36:11.0178 7032 NDProxy - ok
13:36:11.0180 7032 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:36:11.0181 7032 NetBIOS - ok
13:36:11.0185 7032 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:36:11.0187 7032 NetBT - ok
13:36:11.0189 7032 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:36:11.0190 7032 Netlogon - ok
13:36:11.0195 7032 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:36:11.0198 7032 Netman - ok
13:36:11.0201 7032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:11.0203 7032 NetMsmqActivator - ok
13:36:11.0205 7032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:11.0206 7032 NetPipeActivator - ok
13:36:11.0212 7032 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:36:11.0216 7032 netprofm - ok
13:36:11.0219 7032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:11.0219 7032 NetTcpActivator - ok
13:36:11.0222 7032 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:36:11.0223 7032 NetTcpPortSharing - ok
13:36:11.0225 7032 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:11.0226 7032 nfrd960 - ok
13:36:11.0231 7032 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
13:36:11.0232 7032 NIS - ok
13:36:11.0237 7032 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:36:11.0240 7032 NlaSvc - ok
13:36:11.0242 7032 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:11.0242 7032 NotificationsProviderSvc - ok
13:36:11.0245 7032 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:36:11.0245 7032 Npfs - ok
13:36:11.0248 7032 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:36:11.0248 7032 nsi - ok
13:36:11.0250 7032 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:36:11.0251 7032 nsiproxy - ok
13:36:11.0268 7032 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:36:11.0280 7032 Ntfs - ok
13:36:11.0283 7032 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:36:11.0283 7032 Null - ok
13:36:11.0287 7032 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
13:36:11.0288 7032 NVHDA - ok
13:36:11.0393 7032 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:36:11.0436 7032 nvlddmkm - ok
13:36:11.0441 7032 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:36:11.0442 7032 nvraid - ok
13:36:11.0446 7032 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:36:11.0447 7032 nvstor - ok
13:36:11.0456 7032 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
13:36:11.0464 7032 nvsvc - ok
13:36:11.0476 7032 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:36:11.0486 7032 nvUpdatusService - ok
13:36:11.0490 7032 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:36:11.0491 7032 nv_agp - ok
13:36:11.0494 7032 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:36:11.0494 7032 ohci1394 - ok
13:36:11.0498 7032 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:11.0499 7032 ose - ok
13:36:11.0542 7032 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:36:11.0579 7032 osppsvc - ok
13:36:11.0584 7032 [ 3395A2F150EC0F9F0A2E1ADDDECB867B ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
13:36:11.0585 7032 ossrv - ok
13:36:11.0592 7032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:36:11.0595 7032 p2pimsvc - ok
13:36:11.0601 7032 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:36:11.0605 7032 p2psvc - ok
13:36:11.0608 7032 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:36:11.0609 7032 Parport - ok
13:36:11.0612 7032 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:36:11.0612 7032 partmgr - ok
13:36:11.0616 7032 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:36:11.0618 7032 PcaSvc - ok
13:36:11.0622 7032 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:36:11.0623 7032 pci - ok
13:36:11.0626 7032 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:36:11.0626 7032 pciide - ok
13:36:11.0630 7032 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:11.0631 7032 pcmcia - ok
13:36:11.0634 7032 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:36:11.0634 7032 pcw - ok
13:36:11.0641 7032 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:36:11.0646 7032 PEAUTH - ok
13:36:11.0659 7032 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
13:36:11.0670 7032 PeerDistSvc - ok
13:36:11.0693 7032 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:36:11.0694 7032 PerfHost - ok
13:36:11.0712 7032 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:36:11.0723 7032 pla - ok
13:36:11.0729 7032 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:36:11.0734 7032 PlugPlay - ok
13:36:11.0736 7032 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:36:11.0737 7032 PNRPAutoReg - ok
13:36:11.0742 7032 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:36:11.0744 7032 PNRPsvc - ok
13:36:11.0750 7032 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:36:11.0754 7032 PolicyAgent - ok
13:36:11.0759 7032 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:36:11.0761 7032 Power - ok
13:36:11.0764 7032 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:36:11.0765 7032 PptpMiniport - ok
13:36:11.0767 7032 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:36:11.0768 7032 Processor - ok
13:36:11.0772 7032 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:36:11.0774 7032 ProfSvc - ok
13:36:11.0776 7032 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:36:11.0777 7032 ProtectedStorage - ok
13:36:11.0779 7032 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:11.0779 7032 providers_system - ok
13:36:11.0783 7032 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:36:11.0784 7032 Psched - ok
13:36:11.0798 7032 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:36:11.0810 7032 ql2300 - ok
13:36:11.0813 7032 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:11.0814 7032 ql40xx - ok
13:36:11.0818 7032 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:36:11.0821 7032 QWAVE - ok
13:36:11.0823 7032 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:36:11.0823 7032 QWAVEdrv - ok
13:36:11.0826 7032 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:36:11.0826 7032 RasAcd - ok
13:36:11.0829 7032 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:11.0829 7032 RasAgileVpn - ok
13:36:11.0832 7032 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:36:11.0833 7032 RasAuto - ok
13:36:11.0836 7032 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:11.0837 7032 Rasl2tp - ok
13:36:11.0842 7032 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:36:11.0845 7032 RasMan - ok
13:36:11.0848 7032 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:11.0849 7032 RasPppoe - ok
13:36:11.0852 7032 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:36:11.0852 7032 RasSstp - ok
13:36:11.0857 7032 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:36:11.0859 7032 rdbss - ok
13:36:11.0862 7032 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:11.0862 7032 rdpbus - ok
13:36:11.0864 7032 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:11.0864 7032 RDPCDD - ok
13:36:11.0869 7032 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
13:36:11.0870 7032 RDPDR - ok
13:36:11.0872 7032 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:36:11.0873 7032 RDPENCDD - ok
13:36:11.0876 7032 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:36:11.0876 7032 RDPREFMP - ok
13:36:11.0880 7032 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:36:11.0881 7032 RdpVideoMiniport - ok
13:36:11.0884 7032 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:36:11.0886 7032 RDPWD - ok
13:36:11.0890 7032 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:36:11.0892 7032 rdyboost - ok
13:36:11.0895 7032 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:36:11.0896 7032 RemoteAccess - ok
13:36:11.0899 7032 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:36:11.0901 7032 RemoteRegistry - ok
13:36:11.0904 7032 [ A182DCFD0E03AB4F5102DCA2608C96DA ] RmDlient C:\Windows\system32\osvninst.exe
13:36:11.0905 7032 RmDlient - ok
13:36:11.0908 7032 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:36:11.0909 7032 RpcEptMapper - ok
13:36:11.0912 7032 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:36:11.0912 7032 RpcLocator - ok
13:36:11.0918 7032 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:36:11.0921 7032 RpcSs - ok
13:36:11.0924 7032 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:36:11.0925 7032 rspndr - ok
13:36:11.0927 7032 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
13:36:11.0928 7032 s3cap - ok
13:36:11.0930 7032 [ 92EEA5F44DBFD36D794660A4E1F8DAC5 ] SAlphamHid C:\Windows\system32\DRIVERS\SAlpham64.sys
13:36:11.0931 7032 SAlphamHid - ok
13:36:11.0933 7032 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:36:11.0934 7032 SamSs - ok
13:36:11.0936 7032 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:36:11.0937 7032 sbp2port - ok
13:36:11.0941 7032 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:36:11.0943 7032 SCardSvr - ok
13:36:11.0945 7032 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:36:11.0946 7032 scfilter - ok
13:36:11.0956 7032 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:36:11.0965 7032 Schedule - ok
13:36:11.0969 7032 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:36:11.0969 7032 SCPolicySvc - ok
13:36:11.0973 7032 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:36:11.0975 7032 SDRSVC - ok
13:36:11.0977 7032 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:36:11.0978 7032 secdrv - ok
13:36:11.0980 7032 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:36:11.0981 7032 seclogon - ok
13:36:11.0984 7032 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:36:11.0985 7032 SENS - ok
13:36:11.0987 7032 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:36:11.0988 7032 SensrSvc - ok
13:36:11.0991 7032 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:36:11.0991 7032 Serenum - ok
13:36:11.0994 7032 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:36:11.0994 7032 Serial - ok
13:36:11.0997 7032 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:36:11.0997 7032 sermouse - ok
13:36:12.0003 7032 [ 2E70B053A90C040F8BFC28E75C0E4153 ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
13:36:12.0003 7032 ServiceProviderRegistry - ok
13:36:12.0007 7032 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:36:12.0008 7032 SessionEnv - ok
13:36:12.0011 7032 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:36:12.0011 7032 sffdisk - ok
13:36:12.0013 7032 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:36:12.0014 7032 sffp_mmc - ok
13:36:12.0016 7032 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:36:12.0016 7032 sffp_sd - ok
13:36:12.0018 7032 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:12.0019 7032 sfloppy - ok
13:36:12.0024 7032 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:36:12.0027 7032 SharedAccess - ok
13:36:12.0032 7032 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:36:12.0036 7032 ShellHWDetection - ok
13:36:12.0038 7032 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:12.0039 7032 SiSRaid2 - ok
13:36:12.0041 7032 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:12.0042 7032 SiSRaid4 - ok
13:36:12.0045 7032 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:36:12.0045 7032 Smb - ok
13:36:12.0050 7032 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:36:12.0051 7032 SNMPTRAP - ok
13:36:12.0053 7032 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:36:12.0054 7032 spldr - ok
13:36:12.0060 7032 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:36:12.0065 7032 Spooler - ok
13:36:12.0096 7032 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:36:12.0124 7032 sppsvc - ok
13:36:12.0127 7032 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:36:12.0129 7032 sppuinotify - ok
13:36:12.0131 7032 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:12.0131 7032 SqmProviderSvc - ok
13:36:12.0140 7032 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\NISx64\1403000.024\SRTSP64.SYS
13:36:12.0144 7032 SRTSP - ok
13:36:12.0146 7032 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
13:36:12.0147 7032 SRTSPX - ok
13:36:12.0153 7032 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:36:12.0156 7032 srv - ok
13:36:12.0162 7032 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:36:12.0165 7032 srv2 - ok
13:36:12.0169 7032 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:36:12.0170 7032 srvnet - ok
13:36:12.0173 7032 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:36:12.0176 7032 SSDPSRV - ok
13:36:12.0178 7032 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:36:12.0180 7032 SstpSvc - ok
13:36:12.0182 7032 Steam Client Service - ok
13:36:12.0188 7032 [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:36:12.0192 7032 Stereo Service - ok
13:36:12.0194 7032 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:36:12.0195 7032 stexstor - ok
13:36:12.0201 7032 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:36:12.0207 7032 stisvc - ok
13:36:12.0209 7032 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
13:36:12.0210 7032 storflt - ok
13:36:12.0212 7032 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
13:36:12.0213 7032 storvsc - ok
13:36:12.0215 7032 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:36:12.0215 7032 swenum - ok
13:36:12.0221 7032 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:36:12.0226 7032 swprv - ok
13:36:12.0232 7032 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
13:36:12.0236 7032 SymDS - ok
13:36:12.0247 7032 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
13:36:12.0256 7032 SymEFA - ok
13:36:12.0260 7032 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:36:12.0261 7032 SymEvent - ok
13:36:12.0265 7032 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
13:36:12.0266 7032 SymIRON - ok
13:36:12.0272 7032 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS
13:36:12.0274 7032 SymNetS - ok
13:36:12.0276 7032 Synth3dVsc - ok
13:36:12.0293 7032 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:36:12.0307 7032 SysMain - ok
13:36:12.0310 7032 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:36:12.0312 7032 TabletInputService - ok
13:36:12.0316 7032 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:36:12.0319 7032 TapiSrv - ok
13:36:12.0322 7032 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:36:12.0324 7032 TBS - ok
13:36:12.0342 7032 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:36:12.0356 7032 Tcpip - ok
13:36:12.0374 7032 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:36:12.0381 7032 TCPIP6 - ok
13:36:12.0386 7032 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:36:12.0386 7032 tcpipreg - ok
13:36:12.0390 7032 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:36:12.0390 7032 TDPIPE - ok
13:36:12.0393 7032 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:36:12.0393 7032 TDTCP - ok
13:36:12.0396 7032 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:36:12.0397 7032 tdx - ok
13:36:12.0400 7032 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:36:12.0400 7032 TermDD - ok
13:36:12.0408 7032 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:36:12.0414 7032 TermService - ok
13:36:12.0416 7032 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:36:12.0418 7032 Themes - ok
13:36:12.0421 7032 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:36:12.0422 7032 THREADORDER - ok
13:36:12.0425 7032 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:36:12.0426 7032 TrkWks - ok
13:36:12.0430 7032 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:36:12.0431 7032 TrustedInstaller - ok
13:36:12.0435 7032 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:12.0435 7032 tssecsrv - ok
13:36:12.0438 7032 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:36:12.0438 7032 TsUsbFlt - ok
13:36:12.0440 7032 tsusbhub - ok
13:36:12.0444 7032 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:36:12.0445 7032 tunnel - ok
13:36:12.0448 7032 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:36:12.0448 7032 uagp35 - ok
13:36:12.0453 7032 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:36:12.0456 7032 udfs - ok
13:36:12.0460 7032 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:36:12.0462 7032 UI0Detect - ok
13:36:12.0464 7032 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:36:12.0465 7032 uliagpkx - ok
13:36:12.0467 7032 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:36:12.0468 7032 umbus - ok
13:36:12.0470 7032 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:36:12.0470 7032 UmPass - ok
13:36:12.0474 7032 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
13:36:12.0476 7032 UmRdpService - ok
13:36:12.0481 7032 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:36:12.0485 7032 upnphost - ok
13:36:12.0488 7032 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:12.0489 7032 usbccgp - ok
13:36:12.0492 7032 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:36:12.0493 7032 usbcir - ok
13:36:12.0495 7032 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:36:12.0496 7032 usbehci - ok
13:36:12.0501 7032 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:36:12.0503 7032 usbhub - ok
13:36:12.0506 7032 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:36:12.0506 7032 usbohci - ok
13:36:12.0509 7032 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:36:12.0509 7032 usbprint - ok
13:36:12.0512 7032 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:36:12.0512 7032 usbscan - ok
13:36:12.0515 7032 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:36:12.0516 7032 USBSTOR - ok
13:36:12.0518 7032 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:12.0518 7032 usbuhci - ok
13:36:12.0521 7032 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:36:12.0522 7032 UxSms - ok
13:36:12.0524 7032 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:36:12.0525 7032 VaultSvc - ok
13:36:12.0527 7032 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:36:12.0528 7032 vdrvroot - ok
13:36:12.0534 7032 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:36:12.0539 7032 vds - ok
13:36:12.0542 7032 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:12.0542 7032 vga - ok
13:36:12.0544 7032 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:36:12.0545 7032 VgaSave - ok
13:36:12.0547 7032 VGPU - ok
13:36:12.0551 7032 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:36:12.0553 7032 vhdmp - ok
13:36:12.0555 7032 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:36:12.0555 7032 viaide - ok
13:36:12.0559 7032 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
13:36:12.0561 7032 vmbus - ok
13:36:12.0563 7032 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
13:36:12.0563 7032 VMBusHID - ok
13:36:12.0566 7032 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:36:12.0567 7032 volmgr - ok
13:36:12.0572 7032 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:36:12.0575 7032 volmgrx - ok
13:36:12.0579 7032 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:36:12.0582 7032 volsnap - ok
13:36:12.0585 7032 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:12.0587 7032 vsmraid - ok
13:36:12.0602 7032 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:36:12.0614 7032 VSS - ok
13:36:12.0617 7032 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:36:12.0617 7032 vwifibus - ok
13:36:12.0623 7032 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:36:12.0627 7032 W32Time - ok
13:36:12.0630 7032 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:36:12.0631 7032 WacomPen - ok
13:36:12.0634 7032 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:36:12.0635 7032 WANARP - ok
13:36:12.0637 7032 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:36:12.0637 7032 Wanarpv6 - ok
13:36:12.0652 7032 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:36:12.0664 7032 wbengine - ok
13:36:12.0668 7032 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:36:12.0670 7032 WbioSrvc - ok
13:36:12.0676 7032 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:36:12.0679 7032 wcncsvc - ok
13:36:12.0682 7032 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:36:12.0683 7032 WcsPlugInService - ok
13:36:12.0686 7032 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:36:12.0686 7032 Wd - ok
13:36:12.0694 7032 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:36:12.0700 7032 Wdf01000 - ok
13:36:12.0703 7032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:36:12.0705 7032 WdiServiceHost - ok
13:36:12.0707 7032 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:36:12.0709 7032 WdiSystemHost - ok
13:36:12.0713 7032 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:36:12.0716 7032 WebClient - ok
13:36:12.0720 7032 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:36:12.0722 7032 Wecsvc - ok
13:36:12.0725 7032 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:36:12.0727 7032 wercplsupport - ok
13:36:12.0729 7032 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:36:12.0731 7032 WerSvc - ok
13:36:12.0733 7032 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:12.0733 7032 WfpLwf - ok
13:36:12.0736 7032 [ 0C4CCB79DCF96210077BC523D0EBF6C0 ] WhsMcClient C:\Program Files\Windows Server\Bin\WhsMcClient.exe
13:36:12.0737 7032 WhsMcClient - ok
13:36:12.0740 7032 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:36:12.0740 7032 WIMMount - ok
13:36:12.0742 7032 WinDefend - ok
13:36:12.0746 7032 WinHttpAutoProxySvc - ok
13:36:12.0754 7032 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:36:12.0755 7032 Winmgmt - ok
13:36:12.0774 7032 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:36:12.0790 7032 WinRM - ok
13:36:12.0802 7032 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:36:12.0810 7032 Wlansvc - ok
13:36:12.0812 7032 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:36:12.0813 7032 WmiAcpi - ok
13:36:12.0827 7032 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:36:12.0829 7032 wmiApSrv - ok
13:36:12.0831 7032 WMPNetworkSvc - ok
13:36:12.0834 7032 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:36:12.0835 7032 WPCSvc - ok
13:36:12.0838 7032 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:36:12.0840 7032 WPDBusEnum - ok
13:36:12.0843 7032 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:36:12.0843 7032 ws2ifsl - ok
13:36:12.0847 7032 [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
13:36:12.0849 7032 WSConnectorUpdate - ok
13:36:12.0852 7032 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:36:12.0854 7032 wscsvc - ok
13:36:12.0856 7032 WSearch - ok
13:36:12.0860 7032 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
13:36:12.0860 7032 WSS_ComputerBackupProviderSvc - ok
13:36:12.0882 7032 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:36:12.0897 7032 wuauserv - ok
13:36:12.0901 7032 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:36:12.0902 7032 WudfPf - ok
13:36:12.0905 7032 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:12.0907 7032 WUDFRd - ok
13:36:12.0910 7032 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:36:12.0912 7032 wudfsvc - ok
13:36:12.0916 7032 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:36:12.0919 7032 WwanSvc - ok
13:36:12.0926 7032 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:36:12.0930 7032 yukonw7 - ok
13:36:12.0932 7032 ================ Scan global ===============================
13:36:12.0934 7032 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:36:12.0938 7032 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:36:12.0943 7032 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:36:12.0947 7032 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:36:12.0952 7032 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:36:12.0954 7032 [Global] - ok
13:36:12.0955 7032 ================ Scan MBR ==================================
13:36:12.0956 7032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:36:13.0026 7032 \Device\Harddisk0\DR0 - ok
13:36:13.0028 7032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:36:13.0030 7032 \Device\Harddisk1\DR1 - ok
13:36:13.0040 7032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:36:13.0042 7032 \Device\Harddisk2\DR2 - ok
13:36:13.0043 7032 ================ Scan VBR ==================================
13:36:13.0044 7032 [ 54F226C0A2BEC4DA264940F6D8665405 ] \Device\Harddisk0\DR0\Partition1
13:36:13.0045 7032 \Device\Harddisk0\DR0\Partition1 - ok
13:36:13.0047 7032 [ 432BB9B234C12A4C8079B087733C6FEB ] \Device\Harddisk0\DR0\Partition2
13:36:13.0047 7032 \Device\Harddisk0\DR0\Partition2 - ok
13:36:13.0049 7032 [ 61E16EEC1087D8A058ABADCEA9A43712 ] \Device\Harddisk1\DR1\Partition1
13:36:13.0050 7032 \Device\Harddisk1\DR1\Partition1 - ok
13:36:13.0052 7032 [ 59387D03ED3A379FF1A374663A688CFC ] \Device\Harddisk2\DR2\Partition1
13:36:13.0053 7032 \Device\Harddisk2\DR2\Partition1 - ok
13:36:13.0053 7032 ============================================================
13:36:13.0053 7032 Scan finished
13:36:13.0053 7032 ============================================================
13:36:13.0058 7024 Detected object count: 0
13:36:13.0058 7024 Actual detected object count: 0
13:36:42.0516 6852 Deinitialize success
|
|
20.03.2013, 14:16
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Das imit aswMBR reicht mir erstmal, es erkennt einen Standard-MBR Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 14:25
| #8 | |
| | parking.supernova-advertising Weiterleitung Firefox+Internet ExplorerZitat:
Code:
ATTFilter 14:21:40.0788 8260 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:21:40.0958 8260 ============================================================
14:21:40.0958 8260 Current date / time: 2013/03/20 14:21:40.0958
14:21:40.0958 8260 SystemInfo:
14:21:40.0958 8260
14:21:40.0958 8260 OS Version: 6.1.7601 ServicePack: 1.0
14:21:40.0958 8260 Product type: Workstation
14:21:40.0958 8260 ComputerName: 187JACKIE-PC
14:21:40.0959 8260 UserName: 187jackie
14:21:40.0959 8260 Windows directory: C:\Windows
14:21:40.0959 8260 System windows directory: C:\Windows
14:21:40.0959 8260 Running under WOW64
14:21:40.0959 8260 Processor architecture: Intel x64
14:21:40.0959 8260 Number of processors: 8
14:21:40.0959 8260 Page size: 0x1000
14:21:40.0959 8260 Boot type: Normal boot
14:21:40.0959 8260 ============================================================
14:21:41.0169 8260 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:21:44.0527 8260 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:21:53.0903 8260 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:21:53.0919 8260 ============================================================
14:21:53.0919 8260 \Device\Harddisk0\DR0:
14:21:53.0922 8260 MBR partitions:
14:21:53.0922 8260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:21:53.0922 8260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1BEF1000
14:21:53.0922 8260 \Device\Harddisk1\DR1:
14:21:53.0922 8260 MBR partitions:
14:21:53.0922 8260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
14:21:53.0922 8260 \Device\Harddisk2\DR2:
14:21:53.0922 8260 MBR partitions:
14:21:53.0922 8260 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
14:21:53.0922 8260 ============================================================
14:21:53.0923 8260 C: <-> \Device\Harddisk0\DR0\Partition2
14:21:53.0937 8260 D: <-> \Device\Harddisk1\DR1\Partition1
14:21:53.0973 8260 E: <-> \Device\Harddisk2\DR2\Partition1
14:21:53.0973 8260 ============================================================
14:21:53.0973 8260 Initialize success
14:21:53.0974 8260 ============================================================
14:22:06.0456 7036 ============================================================
14:22:06.0456 7036 Scan started
14:22:06.0456 7036 Mode: Manual; SigCheck; TDLFS;
14:22:06.0456 7036 ============================================================
14:22:06.0655 7036 ================ Scan system memory ========================
14:22:06.0655 7036 System memory - ok
14:22:06.0656 7036 ================ Scan services =============================
14:22:06.0694 7036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:22:06.0739 7036 1394ohci - ok
14:22:06.0745 7036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:22:06.0757 7036 ACPI - ok
14:22:06.0760 7036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:22:06.0772 7036 AcpiPmi - ok
14:22:06.0776 7036 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:22:06.0785 7036 AdobeARMservice - ok
14:22:06.0792 7036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:22:06.0806 7036 adp94xx - ok
14:22:06.0811 7036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:22:06.0824 7036 adpahci - ok
14:22:06.0828 7036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:22:06.0839 7036 adpu320 - ok
14:22:06.0843 7036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:22:06.0870 7036 AeLookupSvc - ok
14:22:06.0876 7036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:22:06.0890 7036 AFD - ok
14:22:06.0894 7036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:22:06.0903 7036 agp440 - ok
14:22:06.0906 7036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:22:06.0917 7036 ALG - ok
14:22:06.0919 7036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:22:06.0929 7036 aliide - ok
14:22:06.0931 7036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:22:06.0940 7036 amdide - ok
14:22:06.0943 7036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:22:06.0953 7036 AmdK8 - ok
14:22:06.0956 7036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:22:06.0967 7036 AmdPPM - ok
14:22:06.0970 7036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:22:06.0980 7036 amdsata - ok
14:22:06.0984 7036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:22:06.0995 7036 amdsbs - ok
14:22:06.0998 7036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:22:07.0007 7036 amdxata - ok
14:22:07.0009 7036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:22:07.0035 7036 AppID - ok
14:22:07.0038 7036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:22:07.0065 7036 AppIDSvc - ok
14:22:07.0068 7036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:22:07.0094 7036 Appinfo - ok
14:22:07.0098 7036 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:22:07.0109 7036 AppMgmt - ok
14:22:07.0112 7036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:22:07.0122 7036 arc - ok
14:22:07.0125 7036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:22:07.0135 7036 arcsas - ok
14:22:07.0140 7036 [ 1E00D45122C5417F3110A69FCB1B7751 ] arXfrSvc C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
14:22:07.0151 7036 arXfrSvc - ok
14:22:07.0161 7036 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:22:07.0170 7036 aspnet_state - ok
14:22:07.0172 7036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:07.0199 7036 AsyncMac - ok
14:22:07.0202 7036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:22:07.0211 7036 atapi - ok
14:22:07.0219 7036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:22:07.0249 7036 AudioEndpointBuilder - ok
14:22:07.0257 7036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:22:07.0286 7036 AudioSrv - ok
14:22:07.0290 7036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:22:07.0304 7036 AxInstSV - ok
14:22:07.0310 7036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:22:07.0323 7036 b06bdrv - ok
14:22:07.0328 7036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:22:07.0340 7036 b57nd60a - ok
14:22:07.0343 7036 [ 7729395761F4061A643B573BF7F19AA8 ] BackupReader C:\Windows\system32\DRIVERS\BackupReader.sys
14:22:07.0351 7036 BackupReader - ok
14:22:07.0355 7036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:22:07.0365 7036 BDESVC - ok
14:22:07.0367 7036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:22:07.0394 7036 Beep - ok
14:22:07.0403 7036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:22:07.0433 7036 BFE - ok
14:22:07.0449 7036 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
14:22:07.0473 7036 BHDrvx64 - ok
14:22:07.0482 7036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:22:07.0515 7036 BITS - ok
14:22:07.0517 7036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:22:07.0527 7036 blbdrive - ok
14:22:07.0533 7036 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:22:07.0545 7036 Bonjour Service - ok
14:22:07.0549 7036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:22:07.0559 7036 bowser - ok
14:22:07.0561 7036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:22:07.0572 7036 BrFiltLo - ok
14:22:07.0575 7036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:22:07.0586 7036 BrFiltUp - ok
14:22:07.0589 7036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:22:07.0600 7036 Browser - ok
14:22:07.0605 7036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
14:22:07.0617 7036 Brserid - ok
14:22:07.0620 7036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:22:07.0632 7036 BrSerWdm - ok
14:22:07.0634 7036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:22:07.0646 7036 BrUsbMdm - ok
14:22:07.0648 7036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
14:22:07.0658 7036 BrUsbSer - ok
14:22:07.0661 7036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:22:07.0673 7036 BTHMODEM - ok
14:22:07.0677 7036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:22:07.0704 7036 bthserv - ok
14:22:07.0708 7036 [ 3862E463B01E20326325DDDDDFBB3372 ] busenum C:\Windows\system32\DRIVERS\SteelBus64.sys
14:22:07.0718 7036 busenum - ok
14:22:07.0723 7036 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys
14:22:07.0731 7036 ccSet_NIS - ok
14:22:07.0734 7036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:22:07.0761 7036 cdfs - ok
14:22:07.0764 7036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:22:07.0775 7036 cdrom - ok
14:22:07.0778 7036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:22:07.0804 7036 CertPropSvc - ok
14:22:07.0807 7036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:22:07.0819 7036 circlass - ok
14:22:07.0824 7036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:22:07.0837 7036 CLFS - ok
14:22:07.0843 7036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:07.0851 7036 clr_optimization_v2.0.50727_32 - ok
14:22:07.0856 7036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:22:07.0864 7036 clr_optimization_v2.0.50727_64 - ok
14:22:07.0872 7036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:22:07.0881 7036 clr_optimization_v4.0.30319_32 - ok
14:22:07.0884 7036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:22:07.0892 7036 clr_optimization_v4.0.30319_64 - ok
14:22:07.0895 7036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:22:07.0905 7036 CmBatt - ok
14:22:07.0907 7036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:22:07.0916 7036 cmdide - ok
14:22:07.0922 7036 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:22:07.0941 7036 CNG - ok
14:22:07.0944 7036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:22:07.0953 7036 Compbatt - ok
14:22:07.0956 7036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:22:07.0968 7036 CompositeBus - ok
14:22:07.0970 7036 COMSysApp - ok
14:22:07.0973 7036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:22:07.0983 7036 crcdisk - ok
14:22:07.0985 7036 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
14:22:07.0989 7036 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:22:07.0989 7036 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:22:07.0992 7036 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
14:22:07.0996 7036 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:22:07.0996 7036 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:22:08.0001 7036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:22:08.0012 7036 CryptSvc - ok
14:22:08.0018 7036 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:22:08.0033 7036 CSC - ok
14:22:08.0041 7036 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:22:08.0056 7036 CscService - ok
14:22:08.0060 7036 [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
14:22:08.0071 7036 CT20XUT - ok
14:22:08.0075 7036 [ 7C62EF8F845C7595275BD140BC613AB9 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
14:22:08.0085 7036 CT20XUT.SYS - ok
14:22:08.0093 7036 [ CBB7D529BEF84ACBEFF4383D2E641429 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
14:22:08.0106 7036 ctac32k - ok
14:22:08.0115 7036 [ D48821CEA87EE02E61C8087931E65214 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
14:22:08.0130 7036 ctaud2k - ok
14:22:08.0136 7036 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
14:22:08.0141 7036 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
14:22:08.0141 7036 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
14:22:08.0155 7036 [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
14:22:08.0178 7036 CTEXFIFX - ok
14:22:08.0192 7036 [ 96BE487253F4B5A0B5851A4884C2AD83 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
14:22:08.0215 7036 CTEXFIFX.SYS - ok
14:22:08.0219 7036 [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
14:22:08.0228 7036 CTHWIUT - ok
14:22:08.0231 7036 [ 103622BCED20E4F1BB28422AF2713763 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
14:22:08.0239 7036 CTHWIUT.SYS - ok
14:22:08.0242 7036 [ BD442E7C6CC3C6B601E5733D70F8DE10 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
14:22:08.0250 7036 ctprxy2k - ok
14:22:08.0254 7036 [ 42E18F3D1C442137E37F0564D4AF1FE5 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
14:22:08.0264 7036 ctsfm2k - ok
14:22:08.0272 7036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:22:08.0302 7036 DcomLaunch - ok
14:22:08.0307 7036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:22:08.0335 7036 defragsvc - ok
14:22:08.0338 7036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:22:08.0364 7036 DfsC - ok
14:22:08.0369 7036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:22:08.0382 7036 Dhcp - ok
14:22:08.0385 7036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:22:08.0412 7036 discache - ok
14:22:08.0415 7036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:22:08.0424 7036 Disk - ok
14:22:08.0428 7036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:22:08.0439 7036 Dnscache - ok
14:22:08.0444 7036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:22:08.0471 7036 dot3svc - ok
14:22:08.0475 7036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:22:08.0502 7036 DPS - ok
14:22:08.0504 7036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:22:08.0516 7036 drmkaud - ok
14:22:08.0526 7036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:22:08.0545 7036 DXGKrnl - ok
14:22:08.0548 7036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:22:08.0576 7036 EapHost - ok
14:22:08.0605 7036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:22:08.0638 7036 ebdrv - ok
14:22:08.0645 7036 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:22:08.0656 7036 eeCtrl - ok
14:22:08.0659 7036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:22:08.0669 7036 EFS - ok
14:22:08.0678 7036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:22:08.0693 7036 ehRecvr - ok
14:22:08.0697 7036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:22:08.0707 7036 ehSched - ok
14:22:08.0714 7036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:22:08.0728 7036 elxstor - ok
14:22:08.0732 7036 [ A3A0790511C8303DEE122917835E2502 ] emupia C:\Windows\system32\drivers\emupia2k.sys
14:22:08.0741 7036 emupia - ok
14:22:08.0744 7036 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:22:08.0752 7036 EraserUtilRebootDrv - ok
14:22:08.0754 7036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:22:08.0764 7036 ErrDev - ok
14:22:08.0772 7036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:22:08.0801 7036 EventSystem - ok
14:22:08.0805 7036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:22:08.0832 7036 exfat - ok
14:22:08.0836 7036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:22:08.0864 7036 fastfat - ok
14:22:08.0872 7036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:22:08.0887 7036 Fax - ok
14:22:08.0889 7036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:22:08.0899 7036 fdc - ok
14:22:08.0902 7036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:22:08.0928 7036 fdPHost - ok
14:22:08.0931 7036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:22:08.0958 7036 FDResPub - ok
14:22:08.0960 7036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:22:08.0970 7036 FileInfo - ok
14:22:08.0973 7036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:22:08.0999 7036 Filetrace - ok
14:22:09.0001 7036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:09.0011 7036 flpydisk - ok
14:22:09.0015 7036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:22:09.0027 7036 FltMgr - ok
14:22:09.0039 7036 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
14:22:09.0057 7036 FontCache - ok
14:22:09.0061 7036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:22:09.0068 7036 FontCache3.0.0.0 - ok
14:22:09.0071 7036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:22:09.0081 7036 FsDepends - ok
14:22:09.0083 7036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:22:09.0092 7036 Fs_Rec - ok
14:22:09.0097 7036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:22:09.0110 7036 fvevol - ok
14:22:09.0113 7036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:22:09.0123 7036 gagp30kx - ok
14:22:09.0132 7036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:22:09.0163 7036 gpsvc - ok
14:22:09.0178 7036 [ 012895BB7AF4B86DE4BBE1212D9CA568 ] ha20x22k C:\Windows\system32\drivers\ha20x22k.sys
14:22:09.0203 7036 ha20x22k - ok
14:22:09.0219 7036 [ F016406FF3A8B6419D805BFFAC454518 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
14:22:09.0243 7036 ha20x2k - ok
14:22:09.0246 7036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:22:09.0256 7036 hcw85cir - ok
14:22:09.0261 7036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:22:09.0275 7036 HdAudAddService - ok
14:22:09.0278 7036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:22:09.0291 7036 HDAudBus - ok
14:22:09.0293 7036 [ D319A833EC173AD83C67885B3ED6C71C ] HealthAlertsSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:09.0301 7036 HealthAlertsSvc - ok
14:22:09.0304 7036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:22:09.0313 7036 HidBatt - ok
14:22:09.0316 7036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:22:09.0329 7036 HidBth - ok
14:22:09.0331 7036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:22:09.0343 7036 HidIr - ok
14:22:09.0346 7036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:22:09.0372 7036 hidserv - ok
14:22:09.0375 7036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:22:09.0385 7036 HidUsb - ok
14:22:09.0388 7036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:22:09.0414 7036 hkmsvc - ok
14:22:09.0419 7036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:22:09.0430 7036 HomeGroupListener - ok
14:22:09.0435 7036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:22:09.0446 7036 HomeGroupProvider - ok
14:22:09.0449 7036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:22:09.0459 7036 HpSAMD - ok
14:22:09.0467 7036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:22:09.0498 7036 HTTP - ok
14:22:09.0501 7036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:22:09.0510 7036 hwpolicy - ok
14:22:09.0513 7036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:22:09.0523 7036 i8042prt - ok
14:22:09.0528 7036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:22:09.0542 7036 iaStorV - ok
14:22:09.0551 7036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:22:09.0567 7036 idsvc - ok
14:22:09.0575 7036 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130319.002\IDSvia64.sys
14:22:09.0586 7036 IDSVia64 - ok
14:22:09.0589 7036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:22:09.0599 7036 iirsp - ok
14:22:09.0608 7036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:22:09.0640 7036 IKEEXT - ok
14:22:09.0643 7036 [ D319A833EC173AD83C67885B3ED6C71C ] initMonitor C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:09.0651 7036 initMonitor - ok
14:22:09.0653 7036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:22:09.0662 7036 intelide - ok
14:22:09.0665 7036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:22:09.0676 7036 intelppm - ok
14:22:09.0679 7036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:22:09.0706 7036 IPBusEnum - ok
14:22:09.0709 7036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:09.0735 7036 IpFilterDriver - ok
14:22:09.0742 7036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:22:09.0756 7036 iphlpsvc - ok
14:22:09.0759 7036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:22:09.0770 7036 IPMIDRV - ok
14:22:09.0773 7036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:22:09.0800 7036 IPNAT - ok
14:22:09.0803 7036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:22:09.0816 7036 IRENUM - ok
14:22:09.0818 7036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:22:09.0827 7036 isapnp - ok
14:22:09.0832 7036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:22:09.0844 7036 iScsiPrt - ok
14:22:09.0846 7036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:22:09.0856 7036 kbdclass - ok
14:22:09.0858 7036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:22:09.0868 7036 kbdhid - ok
14:22:09.0871 7036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:22:09.0880 7036 KeyIso - ok
14:22:09.0884 7036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:22:09.0894 7036 KSecDD - ok
14:22:09.0897 7036 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:22:09.0908 7036 KSecPkg - ok
14:22:09.0910 7036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:22:09.0937 7036 ksthunk - ok
14:22:09.0942 7036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:22:09.0972 7036 KtmRm - ok
14:22:09.0974 7036 [ F11FF47203538DD145FAF56A4DAF5D75 ] LANConfig C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
14:22:09.0982 7036 LANConfig - ok
14:22:09.0986 7036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:22:10.0014 7036 LanmanServer - ok
14:22:10.0017 7036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:22:10.0045 7036 LanmanWorkstation - ok
14:22:10.0048 7036 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
14:22:10.0055 7036 LGBusEnum - ok
14:22:10.0058 7036 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
14:22:10.0065 7036 LGVirHid - ok
14:22:10.0067 7036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:22:10.0094 7036 lltdio - ok
14:22:10.0099 7036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:22:10.0128 7036 lltdsvc - ok
14:22:10.0130 7036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:22:10.0157 7036 lmhosts - ok
14:22:10.0159 7036 [ 7B73F2695700F79335057E1262CBA766 ] LoClntService C:\Program Files\Windows Server\bin\LightsOutClientService.exe
14:22:10.0162 7036 LoClntService ( UnsignedFile.Multi.Generic ) - warning
14:22:10.0162 7036 LoClntService - detected UnsignedFile.Multi.Generic (1)
14:22:10.0176 7036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:22:10.0187 7036 LSI_FC - ok
14:22:10.0190 7036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:22:10.0200 7036 LSI_SAS - ok
14:22:10.0203 7036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:22:10.0212 7036 LSI_SAS2 - ok
14:22:10.0215 7036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:22:10.0225 7036 LSI_SCSI - ok
14:22:10.0228 7036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:22:10.0255 7036 luafv - ok
14:22:10.0258 7036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:22:10.0270 7036 Mcx2Svc - ok
14:22:10.0272 7036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:22:10.0281 7036 megasas - ok
14:22:10.0286 7036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:22:10.0298 7036 MegaSR - ok
14:22:10.0304 7036 Microsoft SharePoint Workspace Audit Service - ok
14:22:10.0307 7036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:22:10.0334 7036 MMCSS - ok
14:22:10.0337 7036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:22:10.0363 7036 Modem - ok
14:22:10.0366 7036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:22:10.0378 7036 monitor - ok
14:22:10.0380 7036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:22:10.0390 7036 mouclass - ok
14:22:10.0392 7036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:22:10.0402 7036 mouhid - ok
14:22:10.0405 7036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:22:10.0415 7036 mountmgr - ok
14:22:10.0418 7036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:22:10.0429 7036 mpio - ok
14:22:10.0432 7036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:22:10.0458 7036 mpsdrv - ok
14:22:10.0467 7036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:22:10.0499 7036 MpsSvc - ok
14:22:10.0503 7036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:22:10.0517 7036 MRxDAV - ok
14:22:10.0521 7036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:10.0531 7036 mrxsmb - ok
14:22:10.0536 7036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:10.0547 7036 mrxsmb10 - ok
14:22:10.0551 7036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:10.0561 7036 mrxsmb20 - ok
14:22:10.0564 7036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:22:10.0573 7036 msahci - ok
14:22:10.0576 7036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:22:10.0587 7036 msdsm - ok
14:22:10.0590 7036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:22:10.0602 7036 MSDTC - ok
14:22:10.0607 7036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:22:10.0633 7036 Msfs - ok
14:22:10.0635 7036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:22:10.0661 7036 mshidkmdf - ok
14:22:10.0664 7036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:22:10.0673 7036 msisadrv - ok
14:22:10.0677 7036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:22:10.0705 7036 MSiSCSI - ok
14:22:10.0707 7036 msiserver - ok
14:22:10.0710 7036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:22:10.0736 7036 MSKSSRV - ok
14:22:10.0738 7036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:10.0764 7036 MSPCLOCK - ok
14:22:10.0767 7036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:22:10.0793 7036 MSPQM - ok
14:22:10.0798 7036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:22:10.0811 7036 MsRPC - ok
14:22:10.0815 7036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:22:10.0824 7036 mssmbios - ok
14:22:10.0827 7036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:22:10.0854 7036 MSTEE - ok
14:22:10.0856 7036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:22:10.0866 7036 MTConfig - ok
14:22:10.0869 7036 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
14:22:10.0876 7036 MTsensor - ok
14:22:10.0879 7036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:22:10.0889 7036 Mup - ok
14:22:10.0895 7036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:22:10.0924 7036 napagent - ok
14:22:10.0930 7036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:22:10.0944 7036 NativeWifiP - ok
14:22:10.0948 7036 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130319.005\ENG64.SYS
14:22:10.0956 7036 NAVENG - ok
14:22:10.0975 7036 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130319.005\EX64.SYS
14:22:11.0003 7036 NAVEX15 - ok
14:22:11.0014 7036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:22:11.0032 7036 NDIS - ok
14:22:11.0035 7036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:22:11.0061 7036 NdisCap - ok
14:22:11.0065 7036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:11.0091 7036 NdisTapi - ok
14:22:11.0094 7036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:11.0119 7036 Ndisuio - ok
14:22:11.0123 7036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:11.0150 7036 NdisWan - ok
14:22:11.0153 7036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:22:11.0178 7036 NDProxy - ok
14:22:11.0181 7036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:22:11.0208 7036 NetBIOS - ok
14:22:11.0212 7036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:22:11.0239 7036 NetBT - ok
14:22:11.0242 7036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:22:11.0251 7036 Netlogon - ok
14:22:11.0257 7036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:22:11.0286 7036 Netman - ok
14:22:11.0289 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:11.0298 7036 NetMsmqActivator - ok
14:22:11.0301 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:11.0309 7036 NetPipeActivator - ok
14:22:11.0315 7036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:22:11.0345 7036 netprofm - ok
14:22:11.0348 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:11.0356 7036 NetTcpActivator - ok
14:22:11.0359 7036 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:22:11.0367 7036 NetTcpPortSharing - ok
14:22:11.0370 7036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:22:11.0380 7036 nfrd960 - ok
14:22:11.0385 7036 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
14:22:11.0393 7036 NIS - ok
14:22:11.0398 7036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:22:11.0410 7036 NlaSvc - ok
14:22:11.0413 7036 [ D319A833EC173AD83C67885B3ED6C71C ] NotificationsProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:11.0420 7036 NotificationsProviderSvc - ok
14:22:11.0423 7036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:22:11.0449 7036 Npfs - ok
14:22:11.0452 7036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:22:11.0478 7036 nsi - ok
14:22:11.0481 7036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:22:11.0507 7036 nsiproxy - ok
14:22:11.0524 7036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:22:11.0550 7036 Ntfs - ok
14:22:11.0553 7036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:22:11.0579 7036 Null - ok
14:22:11.0583 7036 [ B4F53BCA4C688FF47F04FA90098F896E ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:22:11.0593 7036 NVHDA - ok
14:22:11.0694 7036 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:22:11.0816 7036 nvlddmkm - ok
14:22:11.0822 7036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:22:11.0833 7036 nvraid - ok
14:22:11.0837 7036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:22:11.0847 7036 nvstor - ok
14:22:11.0857 7036 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:22:11.0874 7036 nvsvc - ok
14:22:11.0887 7036 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
14:22:11.0908 7036 nvUpdatusService - ok
14:22:11.0911 7036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:22:11.0922 7036 nv_agp - ok
14:22:11.0925 7036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:22:11.0935 7036 ohci1394 - ok
14:22:11.0938 7036 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:22:11.0947 7036 ose - ok
14:22:11.0990 7036 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:22:12.0050 7036 osppsvc - ok
14:22:12.0056 7036 [ 3395A2F150EC0F9F0A2E1ADDDECB867B ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
14:22:12.0066 7036 ossrv - ok
14:22:12.0072 7036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:22:12.0085 7036 p2pimsvc - ok
14:22:12.0091 7036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:22:12.0104 7036 p2psvc - ok
14:22:12.0107 7036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:22:12.0117 7036 Parport - ok
14:22:12.0120 7036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:22:12.0130 7036 partmgr - ok
14:22:12.0134 7036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:22:12.0149 7036 PcaSvc - ok
14:22:12.0152 7036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:22:12.0163 7036 pci - ok
14:22:12.0166 7036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:22:12.0175 7036 pciide - ok
14:22:12.0179 7036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:22:12.0190 7036 pcmcia - ok
14:22:12.0193 7036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:22:12.0202 7036 pcw - ok
14:22:12.0210 7036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:22:12.0241 7036 PEAUTH - ok
14:22:12.0254 7036 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:22:12.0274 7036 PeerDistSvc - ok
14:22:12.0297 7036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:22:12.0308 7036 PerfHost - ok
14:22:12.0325 7036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:22:12.0361 7036 pla - ok
14:22:12.0367 7036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:22:12.0380 7036 PlugPlay - ok
14:22:12.0383 7036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:22:12.0393 7036 PNRPAutoReg - ok
14:22:12.0397 7036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:22:12.0409 7036 PNRPsvc - ok
14:22:12.0416 7036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:22:12.0446 7036 PolicyAgent - ok
14:22:12.0451 7036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:22:12.0479 7036 Power - ok
14:22:12.0482 7036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:22:12.0509 7036 PptpMiniport - ok
14:22:12.0511 7036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:22:12.0521 7036 Processor - ok
14:22:12.0525 7036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:22:12.0537 7036 ProfSvc - ok
14:22:12.0539 7036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:22:12.0549 7036 ProtectedStorage - ok
14:22:12.0551 7036 [ D319A833EC173AD83C67885B3ED6C71C ] providers_system C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:12.0558 7036 providers_system - ok
14:22:12.0562 7036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:22:12.0588 7036 Psched - ok
14:22:12.0603 7036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:22:12.0627 7036 ql2300 - ok
14:22:12.0631 7036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:22:12.0641 7036 ql40xx - ok
14:22:12.0645 7036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:22:12.0661 7036 QWAVE - ok
14:22:12.0663 7036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:22:12.0677 7036 QWAVEdrv - ok
14:22:12.0679 7036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:22:12.0705 7036 RasAcd - ok
14:22:12.0708 7036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:22:12.0734 7036 RasAgileVpn - ok
14:22:12.0738 7036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:22:12.0765 7036 RasAuto - ok
14:22:12.0769 7036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:12.0796 7036 Rasl2tp - ok
14:22:12.0801 7036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:22:12.0829 7036 RasMan - ok
14:22:12.0833 7036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:12.0860 7036 RasPppoe - ok
14:22:12.0863 7036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:22:12.0890 7036 RasSstp - ok
14:22:12.0895 7036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:22:12.0922 7036 rdbss - ok
14:22:12.0925 7036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:22:12.0937 7036 rdpbus - ok
14:22:12.0939 7036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:12.0966 7036 RDPCDD - ok
14:22:12.0971 7036 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:22:12.0981 7036 RDPDR - ok
14:22:12.0983 7036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:22:13.0009 7036 RDPENCDD - ok
14:22:13.0013 7036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:22:13.0038 7036 RDPREFMP - ok
14:22:13.0042 7036 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:22:13.0052 7036 RdpVideoMiniport - ok
14:22:13.0056 7036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:22:13.0068 7036 RDPWD - ok
14:22:13.0072 7036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:22:13.0083 7036 rdyboost - ok
14:22:13.0086 7036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:22:13.0113 7036 RemoteAccess - ok
14:22:13.0117 7036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:22:13.0145 7036 RemoteRegistry - ok
14:22:13.0148 7036 [ A182DCFD0E03AB4F5102DCA2608C96DA ] RmDlient C:\Windows\system32\osvninst.exe
14:22:13.0153 7036 RmDlient ( UnsignedFile.Multi.Generic ) - warning
14:22:13.0153 7036 RmDlient - detected UnsignedFile.Multi.Generic (1)
14:22:13.0156 7036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:22:13.0183 7036 RpcEptMapper - ok
14:22:13.0186 7036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:22:13.0196 7036 RpcLocator - ok
14:22:13.0203 7036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:22:13.0232 7036 RpcSs - ok
14:22:13.0236 7036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:22:13.0262 7036 rspndr - ok
14:22:13.0265 7036 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:22:13.0274 7036 s3cap - ok
14:22:13.0277 7036 [ 92EEA5F44DBFD36D794660A4E1F8DAC5 ] SAlphamHid C:\Windows\system32\DRIVERS\SAlpham64.sys
14:22:13.0286 7036 SAlphamHid - ok
14:22:13.0288 7036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:22:13.0298 7036 SamSs - ok
14:22:13.0301 7036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:22:13.0311 7036 sbp2port - ok
14:22:13.0315 7036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:22:13.0344 7036 SCardSvr - ok
14:22:13.0346 7036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:22:13.0372 7036 scfilter - ok
14:22:13.0383 7036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:22:13.0417 7036 Schedule - ok
14:22:13.0420 7036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:22:13.0446 7036 SCPolicySvc - ok
14:22:13.0450 7036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:22:13.0461 7036 SDRSVC - ok
14:22:13.0464 7036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:22:13.0490 7036 secdrv - ok
14:22:13.0493 7036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:22:13.0519 7036 seclogon - ok
14:22:13.0522 7036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:22:13.0549 7036 SENS - ok
14:22:13.0552 7036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:22:13.0562 7036 SensrSvc - ok
14:22:13.0565 7036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:22:13.0575 7036 Serenum - ok
14:22:13.0577 7036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:22:13.0587 7036 Serial - ok
14:22:13.0590 7036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:22:13.0600 7036 sermouse - ok
14:22:13.0606 7036 [ 2E70B053A90C040F8BFC28E75C0E4153 ] ServiceProviderRegistry C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
14:22:13.0615 7036 ServiceProviderRegistry - ok
14:22:13.0618 7036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:22:13.0645 7036 SessionEnv - ok
14:22:13.0648 7036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:22:13.0657 7036 sffdisk - ok
14:22:13.0660 7036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:22:13.0670 7036 sffp_mmc - ok
14:22:13.0672 7036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:22:13.0684 7036 sffp_sd - ok
14:22:13.0686 7036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:22:13.0696 7036 sfloppy - ok
14:22:13.0701 7036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:22:13.0730 7036 SharedAccess - ok
14:22:13.0736 7036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:22:13.0765 7036 ShellHWDetection - ok
14:22:13.0768 7036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:22:13.0777 7036 SiSRaid2 - ok
14:22:13.0780 7036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:22:13.0790 7036 SiSRaid4 - ok
14:22:13.0793 7036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:22:13.0819 7036 Smb - ok
14:22:13.0824 7036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:22:13.0835 7036 SNMPTRAP - ok
14:22:13.0838 7036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:22:13.0847 7036 spldr - ok
14:22:13.0854 7036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:22:13.0868 7036 Spooler - ok
14:22:13.0899 7036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:22:13.0951 7036 sppsvc - ok
14:22:13.0954 7036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:22:13.0982 7036 sppuinotify - ok
14:22:13.0984 7036 [ D319A833EC173AD83C67885B3ED6C71C ] SqmProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:13.0991 7036 SqmProviderSvc - ok
14:22:14.0001 7036 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\system32\drivers\NISx64\1403000.024\SRTSP64.SYS
14:22:14.0016 7036 SRTSP - ok
14:22:14.0018 7036 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
14:22:14.0026 7036 SRTSPX - ok
14:22:14.0032 7036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:22:14.0045 7036 srv - ok
14:22:14.0050 7036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:22:14.0063 7036 srv2 - ok
14:22:14.0067 7036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:22:14.0077 7036 srvnet - ok
14:22:14.0081 7036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:22:14.0109 7036 SSDPSRV - ok
14:22:14.0112 7036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:22:14.0140 7036 SstpSvc - ok
14:22:14.0142 7036 Steam Client Service - ok
14:22:14.0148 7036 [ 78216A10BF8B200890A88D8820F33F14 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:22:14.0160 7036 Stereo Service - ok
14:22:14.0163 7036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:22:14.0172 7036 stexstor - ok
14:22:14.0179 7036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:22:14.0197 7036 stisvc - ok
14:22:14.0200 7036 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:22:14.0210 7036 storflt - ok
14:22:14.0212 7036 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:22:14.0222 7036 storvsc - ok
14:22:14.0224 7036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:22:14.0233 7036 swenum - ok
14:22:14.0239 7036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:22:14.0270 7036 swprv - ok
14:22:14.0277 7036 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
14:22:14.0289 7036 SymDS - ok
14:22:14.0300 7036 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
14:22:14.0318 7036 SymEFA - ok
14:22:14.0323 7036 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:22:14.0331 7036 SymEvent - ok
14:22:14.0335 7036 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS
14:22:14.0344 7036 SymIRON - ok
14:22:14.0350 7036 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1403000.024\SYMNETS.SYS
14:22:14.0360 7036 SymNetS - ok
14:22:14.0363 7036 Synth3dVsc - ok
14:22:14.0380 7036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:22:14.0406 7036 SysMain - ok
14:22:14.0410 7036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:22:14.0424 7036 TabletInputService - ok
14:22:14.0429 7036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:22:14.0458 7036 TapiSrv - ok
14:22:14.0461 7036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:22:14.0488 7036 TBS - ok
14:22:14.0506 7036 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:22:14.0535 7036 Tcpip - ok
14:22:14.0552 7036 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:22:14.0581 7036 TCPIP6 - ok
14:22:14.0585 7036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:22:14.0595 7036 tcpipreg - ok
14:22:14.0598 7036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:22:14.0608 7036 TDPIPE - ok
14:22:14.0611 7036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:22:14.0621 7036 TDTCP - ok
14:22:14.0624 7036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:22:14.0650 7036 tdx - ok
14:22:14.0653 7036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:22:14.0662 7036 TermDD - ok
14:22:14.0670 7036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:22:14.0701 7036 TermService - ok
14:22:14.0704 7036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:22:14.0718 7036 Themes - ok
14:22:14.0721 7036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:22:14.0748 7036 THREADORDER - ok
14:22:14.0751 7036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:22:14.0779 7036 TrkWks - ok
14:22:14.0783 7036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:22:14.0810 7036 TrustedInstaller - ok
14:22:14.0814 7036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:14.0839 7036 tssecsrv - ok
14:22:14.0842 7036 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:22:14.0852 7036 TsUsbFlt - ok
14:22:14.0854 7036 tsusbhub - ok
14:22:14.0858 7036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:22:14.0884 7036 tunnel - ok
14:22:14.0887 7036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:22:14.0896 7036 uagp35 - ok
14:22:14.0901 7036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:22:14.0928 7036 udfs - ok
14:22:14.0934 7036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:22:14.0945 7036 UI0Detect - ok
14:22:14.0948 7036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:22:14.0957 7036 uliagpkx - ok
14:22:14.0960 7036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:22:14.0970 7036 umbus - ok
14:22:14.0972 7036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:22:14.0982 7036 UmPass - ok
14:22:14.0986 7036 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:22:14.0998 7036 UmRdpService - ok
14:22:15.0003 7036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:22:15.0033 7036 upnphost - ok
14:22:15.0036 7036 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:22:15.0046 7036 usbccgp - ok
14:22:15.0049 7036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:22:15.0061 7036 usbcir - ok
14:22:15.0064 7036 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:22:15.0075 7036 usbehci - ok
14:22:15.0081 7036 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:22:15.0093 7036 usbhub - ok
14:22:15.0095 7036 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:22:15.0105 7036 usbohci - ok
14:22:15.0108 7036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:22:15.0119 7036 usbprint - ok
14:22:15.0122 7036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:22:15.0134 7036 usbscan - ok
14:22:15.0137 7036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
14:22:15.0147 7036 USBSTOR - ok
14:22:15.0149 7036 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:15.0159 7036 usbuhci - ok
14:22:15.0161 7036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:22:15.0188 7036 UxSms - ok
14:22:15.0191 7036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:22:15.0201 7036 VaultSvc - ok
14:22:15.0203 7036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:22:15.0212 7036 vdrvroot - ok
14:22:15.0219 7036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:22:15.0249 7036 vds - ok
14:22:15.0252 7036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:15.0263 7036 vga - ok
14:22:15.0266 7036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:22:15.0292 7036 VgaSave - ok
14:22:15.0294 7036 VGPU - ok
14:22:15.0299 7036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:22:15.0310 7036 vhdmp - ok
14:22:15.0312 7036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:22:15.0347 7036 viaide - ok
14:22:15.0351 7036 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:22:15.0362 7036 vmbus - ok
14:22:15.0364 7036 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:22:15.0374 7036 VMBusHID - ok
14:22:15.0376 7036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:22:15.0386 7036 volmgr - ok
14:22:15.0391 7036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:22:15.0404 7036 volmgrx - ok
14:22:15.0409 7036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:22:15.0421 7036 volsnap - ok
14:22:15.0424 7036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:22:15.0435 7036 vsmraid - ok
14:22:15.0450 7036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:22:15.0488 7036 VSS - ok
14:22:15.0491 7036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:22:15.0503 7036 vwifibus - ok
14:22:15.0508 7036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:22:15.0537 7036 W32Time - ok
14:22:15.0541 7036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:22:15.0551 7036 WacomPen - ok
14:22:15.0554 7036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:22:15.0580 7036 WANARP - ok
14:22:15.0582 7036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:22:15.0608 7036 Wanarpv6 - ok
14:22:15.0623 7036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:22:15.0644 7036 wbengine - ok
14:22:15.0649 7036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:22:15.0663 7036 WbioSrvc - ok
14:22:15.0669 7036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:22:15.0686 7036 wcncsvc - ok
14:22:15.0689 7036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:22:15.0699 7036 WcsPlugInService - ok
14:22:15.0702 7036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:22:15.0711 7036 Wd - ok
14:22:15.0719 7036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:22:15.0738 7036 Wdf01000 - ok
14:22:15.0741 7036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:22:15.0756 7036 WdiServiceHost - ok
14:22:15.0758 7036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:22:15.0772 7036 WdiSystemHost - ok
14:22:15.0777 7036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:22:15.0793 7036 WebClient - ok
14:22:15.0797 7036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:22:15.0826 7036 Wecsvc - ok
14:22:15.0829 7036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:22:15.0857 7036 wercplsupport - ok
14:22:15.0860 7036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:22:15.0887 7036 WerSvc - ok
14:22:15.0890 7036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:22:15.0916 7036 WfpLwf - ok
14:22:15.0919 7036 [ 0C4CCB79DCF96210077BC523D0EBF6C0 ] WhsMcClient C:\Program Files\Windows Server\Bin\WhsMcClient.exe
14:22:15.0929 7036 WhsMcClient - ok
14:22:15.0931 7036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:22:15.0941 7036 WIMMount - ok
14:22:15.0943 7036 WinDefend - ok
14:22:15.0948 7036 WinHttpAutoProxySvc - ok
14:22:15.0955 7036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:22:15.0983 7036 Winmgmt - ok
14:22:16.0002 7036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:22:16.0042 7036 WinRM - ok
14:22:16.0055 7036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:22:16.0075 7036 Wlansvc - ok
14:22:16.0078 7036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:22:16.0087 7036 WmiAcpi - ok
14:22:16.0093 7036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:22:16.0104 7036 wmiApSrv - ok
14:22:16.0106 7036 WMPNetworkSvc - ok
14:22:16.0109 7036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:22:16.0120 7036 WPCSvc - ok
14:22:16.0123 7036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:22:16.0135 7036 WPDBusEnum - ok
14:22:16.0137 7036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:22:16.0164 7036 ws2ifsl - ok
14:22:16.0168 7036 [ AAA0F5CDE4D5C357A65E14DF793FDA81 ] WSConnectorUpdate C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
14:22:16.0177 7036 WSConnectorUpdate - ok
14:22:16.0181 7036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:22:16.0195 7036 wscsvc - ok
14:22:16.0197 7036 WSearch - ok
14:22:16.0201 7036 [ D319A833EC173AD83C67885B3ED6C71C ] WSS_ComputerBackupProviderSvc C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
14:22:16.0208 7036 WSS_ComputerBackupProviderSvc - ok
14:22:16.0230 7036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:22:16.0265 7036 wuauserv - ok
14:22:16.0268 7036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:22:16.0278 7036 WudfPf - ok
14:22:16.0282 7036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:16.0293 7036 WUDFRd - ok
14:22:16.0296 7036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:22:16.0307 7036 wudfsvc - ok
14:22:16.0311 7036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:22:16.0326 7036 WwanSvc - ok
14:22:16.0334 7036 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:22:16.0348 7036 yukonw7 - ok
14:22:16.0351 7036 ================ Scan global ===============================
14:22:16.0353 7036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:22:16.0356 7036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:22:16.0361 7036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:22:16.0365 7036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:22:16.0369 7036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:22:16.0372 7036 [Global] - ok
14:22:16.0372 7036 ================ Scan MBR ==================================
14:22:16.0374 7036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:22:16.0460 7036 \Device\Harddisk0\DR0 - ok
14:22:16.0462 7036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:22:16.0506 7036 \Device\Harddisk1\DR1 - ok
14:22:16.0520 7036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
14:22:16.0583 7036 \Device\Harddisk2\DR2 - ok
14:22:16.0584 7036 ================ Scan VBR ==================================
14:22:16.0587 7036 [ 54F226C0A2BEC4DA264940F6D8665405 ] \Device\Harddisk0\DR0\Partition1
14:22:16.0589 7036 \Device\Harddisk0\DR0\Partition1 - ok
14:22:16.0591 7036 [ 432BB9B234C12A4C8079B087733C6FEB ] \Device\Harddisk0\DR0\Partition2
14:22:16.0593 7036 \Device\Harddisk0\DR0\Partition2 - ok
14:22:16.0595 7036 [ 61E16EEC1087D8A058ABADCEA9A43712 ] \Device\Harddisk1\DR1\Partition1
14:22:16.0597 7036 \Device\Harddisk1\DR1\Partition1 - ok
14:22:16.0620 7036 [ 59387D03ED3A379FF1A374663A688CFC ] \Device\Harddisk2\DR2\Partition1
14:22:16.0621 7036 \Device\Harddisk2\DR2\Partition1 - ok
14:22:16.0622 7036 ============================================================
14:22:16.0622 7036 Scan finished
14:22:16.0622 7036 ============================================================
14:22:16.0630 6920 Detected object count: 5
14:22:16.0630 6920 Actual detected object count: 5
14:22:37.0569 6920 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:37.0569 6920 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:37.0569 6920 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:37.0569 6920 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:37.0570 6920 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:37.0570 6920 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:37.0572 6920 LoClntService ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:37.0572 6920 LoClntService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:37.0573 6920 RmDlient ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:37.0573 6920 RmDlient ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:44.0281 2176 Deinitialize success
|
|
20.03.2013, 14:47
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 15:28
| #10 |
| | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Anleitung Schritt für Schritt ausgeführt... Die Logfiles sind zu lang um sie direkt zu posten, deshalb im Anhang die 4 Dateien. |
|
20.03.2013, 15:53
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2013, 19:56
| #12 | |
| | parking.supernova-advertising Weiterleitung Firefox+Internet ExplorerZitat:
Bei Opera hab ich keinerlei Probleme. Anbei nochmal die beiden Logfile von Maleware und ESET Maleware Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.20.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 187jackie :: 187JACKIE-PC [Administrator] 20.03.2013 15:58:17 mbam-log-2013-03-20 (15-58-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 229320 Laufzeit: 48 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f0d78de715fd0e4387a697b2d8d7eede
# engine=13437
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-20 04:21:29
# local_time=2013-03-20 05:21:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 172796 126421873 0 0
# compatibility_mode=5893 16776574 66 85 120043 115426339 0 0
# scanned=298560
# found=0
# cleaned=0
# scan_time=4753
|
|
20.03.2013, 23:07
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 08:06
| #14 |
| | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Habe mir ein neues Profil erstellt, das alte gelöscht und mit CCleaner mal aufgeräumt. Leider keine Wirkung. Wenn ich www.pcgh.de eingebe, werde ich über gutscheinfilter, supernova-advertising zu hxxp://www.ihreit.de/Drucker-Kopierer/Toner-Zubehoer/HP-Toner-Cartridge-Yellow-CLJ-2600::15476.html?XTCsid=ooqafppnaaro5jcm4e6fiurrl4 weitergeleitet. Wenn man die Seite dann nochmals aufruft kommt die normale Seite ohne Weiterleitung. KLappt aber nur bei Firefox+IE, Opera ist davon nicht betroffen. |
|
21.03.2013, 10:35
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | parking.supernova-advertising Weiterleitung Firefox+Internet Explorer Hast du mal einen neuen Benutzer unter Windows angelegt und damit getestet?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu parking.supernova-advertising Weiterleitung Firefox+Internet Explorer |
| advertising, autorun, bho, bildschirm, bonjour, downloader, error, fehler, firefox, flash player, helper, icloud, install.exe, installation, internet, internet explorer, launch, logfile, msiinstaller, parking, scan, security, senden, server, software, supernova, svchost.exe, symantec, visual studio, warnung, windows, wiso |
Linear-Darstellung
