| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2013, 20:48
| #1 |
 |  Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Hallo, ich habe mir im Laufe der letzten Jahre wohl einiges eingefangen und habe das auch immer mit AVIRA bzw. Malewarebytes Anti-Malware, glaube auch SuperAntiSpyware, in den Griff bekommen. In letzter Zeit springt mein Virenscanner mit den im Titel genannten Trojanern an. Heute habe ich noch mal einen Malewarebytes Anti-Malware Scan gemacht, allerdings ohne Fund. Logs von Defogger, OTL und GMER sind beigefügt. Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:47 on 19/03/2013 (Britta)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 19.03.2013 18:10:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Britta\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 49,66% Memory free 7,59 Gb Paging File | 5,54 Gb Available in Paging File | 73,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 23,09 Gb Free Space | 19,83% Space Free | Partition Type: NTFS Drive D: | 332,72 Gb Total Space | 191,06 Gb Free Space | 57,42% Space Free | Partition Type: NTFS Drive F: | 931,51 Gb Total Space | 824,81 Gb Free Space | 88,55% Space Free | Partition Type: NTFS Computer Name: BRITTA_PC | User Name: Britta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.19 18:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.07.31 09:42:48 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.10 06:36:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.10 06:36:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe PRC - [2011.05.31 17:07:45 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.02.01 20:53:38 | 000,391,232 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.05.25 20:22:34 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.02.08 19:04:04 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe PRC - [2010.02.05 18:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.01.05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.31 18:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe PRC - [2009.07.31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe PRC - [2009.06.19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2013.02.15 09:05:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.01.10 15:34:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.01.10 15:15:50 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 15:14:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.10 15:14:13 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.10 15:14:06 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.10 15:13:43 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.10 15:13:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.10 15:13:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.10 15:13:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.10 15:13:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.02.03 00:51:50 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll MOD - [2010.02.03 00:51:32 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll MOD - [2010.02.03 00:51:24 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll MOD - [2010.02.03 00:51:14 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll MOD - [2010.02.03 00:51:10 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll MOD - [2010.01.05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.08.04 10:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2009.07.20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.08.09 11:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2010.06.21 21:44:10 | 002,532,680 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2010.01.27 17:15:56 | 008,610,664 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV:64bit: - [2009.12.08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.06 22:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.14 11:43:10 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 08:48:40 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.05.10 06:36:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.10 06:36:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.05.31 17:07:45 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2011.02.01 20:53:54 | 001,112,736 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.10.29 04:11:24 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.27 20:42:45 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.07.06 16:03:00 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 03:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 03:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.05.10 06:36:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.10 06:36:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.05.31 17:07:45 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011.05.31 17:07:44 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2011.05.31 17:07:43 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.05.31 17:07:37 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.05.17 15:44:46 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.07 16:07:22 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.2.23219.0.sys -- (DisplayLinkUsbPort) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.10.29 03:25:00 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.09.04 14:28:28 | 000,067,584 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lan9500-x64-n51f.sys -- (LAN9500) DRV:64bit: - [2010.08.25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.08.23 23:02:59 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.09 11:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:64bit: - [2010.03.11 10:17:14 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2010.03.03 12:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.02 09:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.02.26 09:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.25 04:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010.02.02 23:38:29 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.01.27 17:16:26 | 000,185,968 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd) DRV:64bit: - [2010.01.27 17:16:26 | 000,116,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dlcdbus.sys -- (dlcdbus) DRV:64bit: - [2010.01.27 17:16:26 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr) DRV:64bit: - [2010.01.18 13:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.10.30 03:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.18 09:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.08.06 22:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.18 20:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:15:57 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.05.13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008.05.16 11:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 11:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 11:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 11:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 11:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 11:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 11:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2007.09.06 14:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1) DRV:64bit: - [2007.04.23 15:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) DRV:64bit: - [2007.04.23 15:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex) DRV:64bit: - [2007.04.23 15:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm) DRV:64bit: - [2007.04.23 15:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl) DRV:64bit: - [2007.04.23 15:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "hxxp://www.sueddeutsche.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.01.25 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.19 11:39:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 08:48:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 08:48:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 08:48:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 08:48:36 | 000,000,000 | ---D | M] [2010.08.22 15:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\Extensions [2013.03.11 11:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\Firefox\Profiles\2vxwcsiu.default\extensions [2012.12.01 11:23:30 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Britta\AppData\Roaming\mozilla\Firefox\Profiles\2vxwcsiu.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2013.03.08 08:48:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 08:48:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.22 12:03:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.25 07:33:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.22 12:03:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.22 12:03:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.22 12:03:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.22 12:03:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.23 08:58:09 | 000,002,592 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 129.187.254.163 asa03.lrz.de O1 - Hosts: 109 more lines... O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1b0353f1-8948-487b-9fb3-06b8fd525b9a}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26f10c58-a7df-4576-baa5-cb7dc6b5c369}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2dfa5185-122b-11e0-893d-485b3979aac5}\Shell - "" = AutoRun O33 - MountPoints2\{2dfa5185-122b-11e0-893d-485b3979aac5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{5501e8fb-af02-11df-ba2f-485b3979aac5}\Shell - "" = AutoRun O33 - MountPoints2\{5501e8fb-af02-11df-ba2f-485b3979aac5}\Shell\AutoRun\command - "" = G:\Setupx.exe O33 - MountPoints2\{ea18907b-b76e-11df-aed5-485b3979aac5}\Shell - "" = AutoRun O33 - MountPoints2\{ea18907b-b76e-11df-aed5-485b3979aac5}\Shell\AutoRun\command - "" = F:\autorun.exe setup.exe -suppressUpToDateInfo O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 18:00:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe [2013.03.19 17:56:55 | 000,000,000 | ---D | C] -- C:\Users\Britta\Desktop\Logs [2013.03.19 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013.03.19 14:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013.03.18 14:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2013.03.18 10:47:21 | 000,000,000 | ---D | C] -- C:\Users\Britta\AppData\Roaming\HP [2013.03.14 09:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 09:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.09 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Britta\AppData\Local\PutLockerDownloader [2013.03.09 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com [2013.03.08 08:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.04 16:59:29 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\DB [2013.03.02 14:23:45 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\OPER [2013.02.21 09:56:39 | 000,000,000 | ---D | C] -- C:\Users\Britta\Documents\R [2013.02.20 13:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco [2008.08.12 05:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll ========== Files - Modified Within 30 Days ========== [2013.03.19 18:15:44 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 18:15:44 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.19 18:08:07 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.03.19 18:07:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.19 18:07:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.19 18:07:19 | 3054,882,816 | -HS- | M] () -- C:\hiberfil.sys [2013.03.19 18:07:18 | 001,710,602 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2013.03.19 18:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 18:01:54 | 000,377,856 | ---- | M] () -- C:\Users\Britta\Desktop\gmer_2.1.19155.exe [2013.03.19 18:00:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Britta\Desktop\OTL.exe [2013.03.19 17:34:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.19 16:47:50 | 000,000,020 | ---- | M] () -- C:\Users\Britta\defogger_reenable [2013.03.19 16:44:58 | 000,050,477 | ---- | M] () -- C:\Users\Britta\Desktop\Defogger.exe [2013.03.19 14:09:32 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.19 14:09:32 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.19 14:09:32 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.19 14:09:32 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.19 14:09:32 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.18 11:13:03 | 000,458,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 10:56:19 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013.03.14 11:49:13 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.03.11 11:35:13 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.10 19:42:43 | 000,001,298 | ---- | M] () -- C:\Users\Britta\Desktop\Acronis*True*Image*Home.lnk [2013.03.10 08:28:50 | 000,002,538 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.03.10 08:28:49 | 000,001,564 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.02.23 08:58:09 | 000,002,592 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.20 22:50:04 | 000,006,603 | ---- | M] () -- C:\Users\Britta\Desktop\record_.lnk ========== Files Created - No Company Name ========== [2013.03.19 18:01:52 | 000,377,856 | ---- | C] () -- C:\Users\Britta\Desktop\gmer_2.1.19155.exe [2013.03.19 16:47:50 | 000,000,020 | ---- | C] () -- C:\Users\Britta\defogger_reenable [2013.03.19 16:44:52 | 000,050,477 | ---- | C] () -- C:\Users\Britta\Desktop\Defogger.exe [2013.03.18 10:56:19 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.03.14 11:49:13 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2013.03.10 19:42:43 | 000,001,298 | ---- | C] () -- C:\Users\Britta\Desktop\Acronis*True*Image*Home.lnk [2013.03.09 19:00:37 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.02.20 22:47:30 | 000,006,603 | ---- | C] () -- C:\Users\Britta\Desktop\record_.lnk [2012.09.03 16:31:21 | 000,008,422 | ---- | C] () -- C:\Users\Britta\spss_macros_project_68312_2012_09_03.sps [2012.04.27 11:46:22 | 000,262,516 | ---- | C] () -- C:\Windows\hpwins23.dat.temp [2012.04.27 11:46:22 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp [2011.11.05 14:13:53 | 000,262,516 | ---- | C] () -- C:\Windows\hpwins23.dat [2011.11.05 14:13:53 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat [2011.08.20 11:46:07 | 000,015,872 | ---- | C] () -- C:\Users\Britta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.23 17:59:16 | 000,000,000 | ---- | C] () -- C:\Users\Britta\AppData\Local\{77A2F0BF-B1CB-40FD-B914-8BF20C628BFB} [2011.07.22 15:50:43 | 000,000,000 | ---- | C] () -- C:\Users\Britta\AppData\Local\{437C5DAD-B54B-4ABE-9052-55EE0DCB9A18} [2010.10.16 12:31:11 | 000,038,458 | ---- | C] () -- C:\Users\Britta\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.08.22 17:17:13 | 000,007,666 | ---- | C] () -- C:\Users\Britta\AppData\Local\Resmon.ResmonCfg [2010.05.25 19:58:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.04.08 18:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 16:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.08.28 14:11:30 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\ACD Systems [2010.08.28 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Acronis [2013.03.14 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Akhuv [2013.01.15 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Bitdreamers [2010.08.22 19:45:51 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.08.23 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\DAEMON Tools Lite [2012.12.18 07:56:04 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Dropbox [2012.10.04 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\GARMIN [2010.08.26 07:59:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Igqo [2010.08.28 20:01:28 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Leadertech [2013.02.08 18:06:10 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\MyPhoneExplorer [2013.02.19 11:10:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Swiss Academic Software [2010.09.19 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\TeamViewer [2010.08.30 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\TimeComX ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.03.2013 18:10:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Britta\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,79 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 49,66% Memory free
7,59 Gb Paging File | 5,54 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 23,09 Gb Free Space | 19,83% Space Free | Partition Type: NTFS
Drive D: | 332,72 Gb Total Space | 191,06 Gb Free Space | 57,42% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 824,81 Gb Free Space | 88,55% Space Free | Partition Type: NTFS
Computer Name: BRITTA_PC | User Name: Britta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{199E7FC3-1715-4C9B-9DCE-37E61995F272}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22B9EDB4-8D41-4E51-B779-750C810C565F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A0468AE-08EF-41F4-8EE3-E08BD1950E78}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{363C0790-4AF1-44F5-8321-D645B1645462}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3909B801-AA01-4BA5-AE83-DB84BC430393}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3D2E8E46-4DA5-46B4-B1BF-033B674C73CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E7AABB6-F52B-49D9-B000-168FADD82E8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43251674-C128-45C0-868A-AB83743A0770}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64570F92-14C8-4B0E-9394-45F00CD7AE09}" = lport=137 | protocol=17 | dir=in | app=system |
"{654AA687-F0F0-423B-8AD6-AC46C846EBC9}" = lport=445 | protocol=6 | dir=in | app=system |
"{6B8531AE-9A59-403B-9282-1B272438F12A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6F79DA02-80F7-42C4-9F72-C055AA1B56D8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7E7FA119-A166-479B-A806-A0D720607992}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F152073-6FB1-493B-88A8-C0D5A514CB8E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{81896A18-023E-479D-92CD-F4853BA5025E}" = rport=138 | protocol=17 | dir=out | app=system |
"{93219A13-B324-47D8-9879-5086A8567644}" = lport=139 | protocol=6 | dir=in | app=system |
"{97B41F95-0AAC-487F-BC67-DB14EEB3231F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1A16779-C5CA-457B-8846-43DE4DF17D1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5EB711C-5D49-4297-A8F3-286F57DEE678}" = rport=445 | protocol=6 | dir=out | app=system |
"{B081250D-1312-4664-B3CE-7FF872EC6B76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF7441D6-3079-4671-9E22-0B0BB21D6394}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8394506-1773-4239-B582-3A04CF779267}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC24E98F-2B07-4906-96E0-883A87197D52}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E4E88B84-4CAF-421B-949D-1927FD692979}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F2CEEDEC-ED6E-4E1A-AE32-F556D6B54908}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B02DAA-C8A7-4A29-A8C2-00652EDF6E5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{066A1BAD-9B66-4058-B1F4-84F5FA8B78C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0CF990C4-5E34-4DFF-BC70-9BEE9BD3CEE2}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{0E45193A-833E-44D2-8A3A-FE2E2AE41D78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1447A14C-E89E-408C-B34C-E4C6A632BA20}" = protocol=17 | dir=in | app=c:\users\britta\appdata\roaming\dropbox\bin\dropbox.exe |
"{17969B8E-71D3-4B12-8D07-47C3B40D63B0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{18E2D811-6E1C-406C-9F53-9EE1A61A764E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe |
"{1B8DC502-79D2-4A7D-AEB3-21C11BAC0EB4}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{1CE6147B-0A9D-4B0F-BDD2-2AC38A37B968}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{22BEAD4E-A8CE-4BE3-9394-FBE871A1B905}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{263DD1B3-8638-4C7B-8732-EB0539F15BA4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2C817BC8-7745-4AD7-855D-C0B8B5910742}" = protocol=6 | dir=out | app=system |
"{2E4C8A94-1AD5-4E76-B83D-159C36895EAF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{3766C838-F1FA-414A-85B7-E86C28546DE1}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{379AFEFC-CBDE-4F06-9C73-F279DE3E0D00}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{3D1C1F62-EF3D-423E-B76B-6940DEC4DFF0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3D97D250-3191-4177-8A34-6ECFB6A34193}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FFE0581-681D-4209-ACA2-08266C125F58}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{42FBB8BC-C404-4A3C-8D89-9F5D2D43C1F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{43C34B98-135A-4083-AC52-3C1597D791E6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{458EBA06-5B40-4260-9CD2-117CEC2AAEC8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46022594-EC1D-4479-A9AC-34992BB8A20F}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{46669348-25E7-447B-BF87-1250F52DE372}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{57B88FA3-6DA8-4F57-89C0-F05A71BFDEEF}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{5DAB4120-EDC0-42C8-98D6-60A2BEBABCAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{62B5C2A6-38EA-4250-BA0C-C6F16FD36960}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{68CDA005-506A-4D87-AF5E-7D626247FD6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{69A18FCF-0DD4-431F-8207-0B92540608C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E45EF56-D385-4C2B-B90D-54F9C67EBC5C}" = protocol=6 | dir=in | app=c:\users\britta\appdata\roaming\dropbox\bin\dropbox.exe |
"{6FF71EB7-6153-400B-A126-CB3CE66B3D3F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{710654FD-5D76-4842-B4AB-18A6EA89486C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DD310C8-443F-40E6-88D9-238DEE728D61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F24D32F-5CE7-43F0-B304-C91D835B370E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{99B25E24-E4A0-4BBD-9043-AD4AF3971ECC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{A017ED1E-A01A-468B-8D15-C273A2FEB390}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A9691A89-06DC-41B8-8BED-BA587C1E625A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9C307AA-EDC0-4B84-8F84-D0EB0D3F6908}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{AEA071FF-73CC-4C1A-9F94-99A924E604F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4237C03-F022-4E2F-BAEB-6E46F59EB9FE}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{B66CE5C0-F8F3-4E90-A75C-5B5D989D46B4}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{BA2521B9-72AF-4912-B166-C50E5B37DE23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BE38A0DA-C10D-4957-9590-FEFFA0ADA6A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C15B4E54-CA5B-411D-B08C-344BADB4E0E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C1E8499E-7A28-40C7-A5E0-0846E5FDBE12}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{CB4BFB69-3C72-4F56-B5C6-BC3929640F89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF73A91E-572E-43B2-B976-2E61D2C92A3F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D4303FCC-C99B-4060-AE2B-34DD481E8B59}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{D967DCC6-9967-4303-8AC7-04554EFBA2F6}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{DA424061-A10C-4FBA-832E-A21841B8E34E}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{E365948A-794D-472C-92D8-AA4FC00681B0}" = dir=in | app=c:\users\britta\appdata\local\temp\7zs5ca8\oj6500ve709_full_14\setup\hpznui40.exe |
"{E639DDC3-7B07-4EE4-AA04-7D6241824F77}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{E9D99A83-4737-4CC7-B2E3-727DE69A47F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{EE71C340-A247-4396-9F56-2FB0BA8E4759}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F4E1ED38-B36C-4A95-B5A0-A2CFC8DD79B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{F4E88FBB-5619-42F8-98AA-3C8D29F9F307}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4EC0887-D9CA-4CAB-9EC7-0CD83C30B26B}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{F9C9B0A7-A2E3-4835-AF2F-D51E1A1DD6DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FA44F30C-F24A-4875-B364-11D184455191}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{FF80A38E-0BC4-4707-AE22-ED3A8A6E6D1B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3EF27BBD-5FB5-44E1-AB80-056FBE369536}" = Kensington Display Adapter
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC76BA86-1033-0000-0064-0003D0000004}" = Adobe Acrobat 9 Pro Extended 64-bit Add-On
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF43C18E-693D-4126-B190-8F55E3623D5D}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{EF4BC5F6-385F-4EA9-8A47-CEB064951E13}" = DisplayLink Core Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"24DA573F901348FFDFF7717497830D45BE0C362E" = Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"R for Windows 2.15.2_is1" = R for Windows 2.15.2
"Sandboxie" = Sandboxie 3.48 (64-bit)
"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{3fb10979-3448-4cf4-9764-404ec73c5027}" = Nero 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{50C913B1-A091-48B8-A434-6C9670284888}" = Garmin Training Center
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB5F6422-502E-477C-B31D-25ECE8F829E6}" = Garmin ANT Agent
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"dm-Fotowelt" = dm-Fotowelt
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"JDiskReport 1.1" = JGoodies JDiskReport 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamViewer 5" = TeamViewer 5
"TimeComX Basic 64-Bit" = TimeComX Basic (64-Bit)
"VLC media player" = VLC media player 1.1.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.03.2013 11:52:22 | Computer Name = Britta_PC | Source = Application Hang | ID = 1002
Description = Programm ControlDeck.exe, Version 1.0.6.5 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 8f0 Startzeit:
01ce23f047a2b7b4 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
Berichts-ID:
c84da69c-8fe3-11e2-b933-485b3979aac5
Error - 18.03.2013 12:51:49 | Computer Name = Britta_PC | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook konnte zuletzt
nicht korrekt gestartet werden. Das Starten von Outlook im abgesicherten Modus
hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, sodass Sie das Programm
erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert
sein. Möchten Sie Outlook im abgesicherten Modus starten?.
Error - 18.03.2013 12:56:28 | Computer Name = Britta_PC | Source = Application Hang | ID = 1002
Description = Programm HpWebReg.exe, Version 22.50.231.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 146c Startzeit:
01ce23f96371ff12 Endzeit: 16 Anwendungspfad: C:\Program Files\HP\HP Officejet 6500
E710n-z\Bin\HpWebReg.exe Berichts-ID: c145d0c4-8fec-11e2-b933-485b3979aac5
Error - 18.03.2013 16:34:20 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe" in Zeile
19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 18.03.2013 16:35:11 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll" in Zeile 19.
Der
Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.03.2013 16:36:32 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 19.03.2013 07:37:59 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe" in Zeile
19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist
ungültig.
Error - 19.03.2013 07:38:43 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll" in Zeile 19.
Der
Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.03.2013 07:39:47 | Computer Name = Britta_PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll".
Fehler in Manifest- oder Richtliniendatei "c:\program files\R\r-2.15.2\Tcl\bin64\tk85.dll"
in Zeile 9. Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 19.03.2013 09:37:18 | Computer Name = Britta_PC | Source = MsiInstaller | ID = 10005
Description =
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 18.03.2013 11:50:14 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 18.03.2013 11:50:19 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 18.03.2013 17:13:00 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 19.03.2013 03:09:07 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 19.03.2013 13:07:53 | Computer Name = Britta_PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
[ System Events ]
Error - 18.03.2013 07:08:06 | Computer Name = Britta_PC | Source = DCOM | ID = 10005
Description =
Error - 18.03.2013 07:08:06 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description =
Error - 18.03.2013 08:37:31 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description =
Error - 18.03.2013 09:41:37 | Computer Name = Britta_PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 18.03.2013 12:16:04 | Computer Name = Britta_PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 18.03.2013 12:16:04 | Computer Name = Britta_PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 19.03.2013 09:05:17 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.03.2013 09:20:15 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.03.2013 09:20:19 | Computer Name = Britta_PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 19.03.2013 13:08:54 | Computer Name = Britta_PC | Source = DCOM | ID = 10016
Description =
< End of report >
Ich hoffe, mir kann geholfen werden. Im Voraus herzlichen Dank. |
|
19.03.2013, 20:52
| #2 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Hier die restlichen Logs (sind nicht mehr Zeichen zugelassen)
__________________Gmer Log: Code:
ATTFilter GMER Logfile: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.19.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Britta :: BRITTA_PC [Administrator] 19.03.2013 14:22:47 mbam-log-2013-03-19 (14-22-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 519905 Laufzeit: 3 Stunde(n), 27 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
19.03.2013, 20:52
| #3 |
| /// Helfer-Team  | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Log von Antivir erstellen: http://www.trojaner-board.de/125889-...en-posten.html Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.03.09 18:58:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\movie2kDownloader.com
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:115CEE00
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:2F370DA6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4CF61E54
[2010.05.25 19:58:24 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
[2010.08.26 07:59:17 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Igqo
[2013.03.14 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Britta\AppData\Roaming\Akhuv
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Britta\*.tmp
C:\Users\Britta\AppData\*.dll
C:\Users\Britta\AppData\*.exe
C:\Users\Britta\AppData\Local\Temp\*.exe
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
20.03.2013, 16:06
| #4 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Vielen Dank für die schnelle Antwort. Ich habe die 3 Schritte jetzt ausgeführt, Logs sind eingefügt. Malwarebytes Antivirus hatte beim Starten aufgefordert, eine .dll Datei zu löschen. Ich habe erst nein geklickt und ein Update durchgeführt und das Programm durchlaufen lassen (log1). Danach das Programm erneut ausgeführt und den EIntrag der .dll Datei ändern lassen (log2, 2. Durchlauf). OTL Fix: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Britta\AppData\Roaming\mozilla\firefox\profiles\2vxwcsiu.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi moved successfully.
C:\Program Files (x86)\movie2kDownloader.com folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:A724744F deleted successfully.
ADS C:\ProgramData\Temp:115CEE00 deleted successfully.
ADS C:\ProgramData\Temp:2F370DA6 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
C:\ProgramData\FullRemove.exe moved successfully.
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\SysWOW64\srvany.exe moved successfully.
C:\Users\Britta\AppData\Roaming\Igqo folder moved successfully.
C:\Users\Britta\AppData\Roaming\Akhuv folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Britta\*.tmp not found.
File\Folder C:\Users\Britta\AppData\*.dll not found.
File\Folder C:\Users\Britta\AppData\*.exe not found.
C:\Users\Britta\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Britta\AppData\Local\Temp\Uni000.exe moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Britta\Desktop\cmd.bat deleted successfully.
C:\Users\Britta\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Britta
->Temp folder emptied: 6644051483 bytes
->Temporary Internet Files folder emptied: 83561422 bytes
->FireFox cache emptied: 64842863 bytes
->Flash cache emptied: 74569 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: UpdatusUser.Britta_PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8096716712 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
RecycleBin emptied: 13976411 bytes
Total Files Cleaned = 14.213,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03192013_220713
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Britta :: BRITTA_PC [administrator]
20.03.2013 15:14:35
mbar-log-2013-03-20 (15-14-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30599
Time elapsed: 16 minute(s), 6 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
log2 Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Britta :: BRITTA_PC [administrator]
20.03.2013 15:41:15
mbar-log-2013-03-20 (15-41-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30600
Time elapsed: 14 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
ADW cleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 20/03/2013 um 15:46:58 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Britta - BRITTA_PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Britta\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Britta\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\prefs.js
C:\Users\Britta\AppData\Roaming\Mozilla\Firefox\Profiles\2vxwcsiu.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11741 octets] - [20/03/2013 15:46:58]
########## EOF - C:\AdwCleaner[S1].txt - [11802 octets] ##########
[/CODE] |
|
20.03.2013, 19:39
| #5 |
| /// Helfer-Team | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte  SecurityCheck und:
|
|
20.03.2013, 20:36
| #6 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. OK, nun habe ich aswMBR.exe 3mal - nach dem Klicken auf Scan - durchlaufen lassen mit dem erfolglosen Ergebnis: Code:
ATTFilter avast! Antirootkit funktioniert nicht mehr
Das Programm wir aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
Und nun? |
|
20.03.2013, 20:38
| #7 |
| /// Helfer-Team | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. OK: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
dann mit ESET weiter. |
|
20.03.2013, 20:51
| #8 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Oh: TDSSKiller.exe ->Error Page 404 |
|
21.03.2013, 06:51
| #9 |
| /// Helfer-Team | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Kaspersky baut um, mit ESET weitermachen. |
|
21.03.2013, 11:43
| #10 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. OK. ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=276db5ed60d3f944a7fb262bda1cc6d2
# engine=13443
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 09:59:34
# local_time=2013-03-21 10:59:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 99 98828 229279664 91598 0
# compatibility_mode=5893 16776573 100 94 135223 115489824 0 0
# scanned=274212
# found=2
# cleaned=0
# scan_time=10786
sh=30EF816C6621ED6F246DAF02B2E912D2044A7B3C ft=1 fh=8960084616669ecc vn="a variant of Win32/Kryptik.ATIT trojan" ac=I fn="C:\_OTL\MovedFiles\03192013_220713\C_Users\Britta\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\6ddeaafa-5e98d355"
sh=C5417642089F8244E1CFD60A1F9DCE7F16D31AB0 ft=1 fh=3c16887179f5274c vn="Win32/Spy.Zbot.AAU trojan" ac=I fn="C:\_OTL\MovedFiles\03192013_220713\C_Users\Britta\AppData\Roaming\Igqo\alwaof.exe"
SecurityCheck checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.59 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 Java(TM) 6 Update 20 Java(TM) 6 Update 26 Java 7 Update 9 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180 Adobe Reader XI Mozilla Firefox (19.0.2) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
21.03.2013, 19:16
| #11 |
| /// Helfer-Team | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Alles Windows Updates einspielen, inkl. Internet Explorer! http://windowsupdate.microsoft.com Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
26.03.2013, 10:49
| #12 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Sorry, t'john, ich war ein paar Tage unterwegs und nicht am PC. Also: Habe Windows Updates eingespielt, inkl. Internet Explorer. Seitdem muß ich Firefox im abgesichtem Modus starten, da der Mozilla Absturz-Melder den Hinweis gegeben hat: "Entschuldigung Ein Problem ist aufgetreten und Firefox abgestürzt." Bei "Firefox neu starten" kann ich es nur im abgesicherten Modus starten. Habe dann versucht, folgende Schritte von Deinen Tipps durchzuführen: 1. PluginCheck: Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 19.0 ist aktuell
Flash (11,6,602,180) ist aktuell.
Java ist Installiert aber nicht aktiviert.
Adobe Reader 11,0,2,0 ist aktuell.
TDSSKiller.2.8.16.0_26.03.2013_10.07.58_log.txt Code:
ATTFilter 10:07:58.0199 3608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:07:58.0409 3608 ============================================================
10:07:58.0409 3608 Current date / time: 2013/03/26 10:07:58.0409
10:07:58.0409 3608 SystemInfo:
10:07:58.0409 3608
10:07:58.0409 3608 OS Version: 6.1.7601 ServicePack: 1.0
10:07:58.0409 3608 Product type: Workstation
10:07:58.0409 3608 ComputerName: BRI***_PC
10:07:58.0409 3608 UserName: Bri***
10:07:58.0409 3608 Windows directory: C:\Windows
10:07:58.0409 3608 System windows directory: C:\Windows
10:07:58.0409 3608 Running under WOW64
10:07:58.0409 3608 Processor architecture: Intel x64
10:07:58.0409 3608 Number of processors: 4
10:07:58.0409 3608 Page size: 0x1000
10:07:58.0409 3608 Boot type: Normal boot
10:07:58.0409 3608 ============================================================
10:08:00.0209 3608 Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:08:00.0219 3608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:00.0229 3608 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608 Drive \Device\Harddisk2\DR3 - Size: 0xEFD00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608 Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0792 3608 ============================================================
10:08:04.0792 3608 \Device\Harddisk3\DR4:
10:08:04.0792 3608 MBR partitions:
10:08:04.0792 3608 \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0792 3608 \Device\Harddisk0\DR0:
10:08:04.0823 3608 MBR partitions:
10:08:04.0823 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0xE8E0360
10:08:04.0823 3608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10A13756, BlocksNum 0x299714EB
10:08:04.0823 3608 \Device\Harddisk1\DR1:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
10:08:04.0933 3608 \Device\Harddisk2\DR3:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xB, StartLBA 0x2410, BlocksNum 0x77C3F0
10:08:04.0933 3608 \Device\Harddisk3\DR4:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0933 3608 ============================================================
10:08:04.0995 3608 C: <-> \Device\Harddisk0\DR0\Partition1
10:08:05.0042 3608 D: <-> \Device\Harddisk0\DR0\Partition2
10:08:05.0089 3608 F: <-> \Device\Harddisk1\DR1\Partition1
10:08:05.0089 3608 ============================================================
10:08:05.0089 3608 Initialize success
10:08:05.0089 3608 ============================================================
10:08:34.0932 3952 ============================================================
10:08:34.0932 3952 Scan started
10:08:34.0932 3952 Mode: Manual; SigCheck; TDLFS;
10:08:34.0932 3952 ============================================================
10:08:35.0400 3952 ================ Scan system memory ========================
10:08:35.0400 3952 System memory - ok
10:08:35.0400 3952 ================ Scan services =============================
10:08:35.0556 3952 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:08:35.0696 3952 1394ohci - ok
10:08:35.0758 3952 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:08:35.0790 3952 ACPI - ok
10:08:35.0805 3952 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:08:35.0914 3952 AcpiPmi - ok
10:08:36.0070 3952 [ BD2F775D230A9B55AB01CDA4EA5CE729 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:36.0148 3952 AcrSch2Svc - ok
10:08:36.0195 3952 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
10:08:36.0226 3952 acsock - ok
10:08:36.0320 3952 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:36.0351 3952 AdobeARMservice - ok
10:08:36.0476 3952 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:36.0492 3952 AdobeFlashPlayerUpdateSvc - ok
10:08:36.0538 3952 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:36.0585 3952 adp94xx - ok
10:08:36.0616 3952 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:08:36.0663 3952 adpahci - ok
10:08:36.0679 3952 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:08:36.0726 3952 adpu320 - ok
10:08:36.0804 3952 ADSMService - ok
10:08:36.0835 3952 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:08:37.0022 3952 AeLookupSvc - ok
10:08:37.0069 3952 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
10:08:37.0100 3952 AFBAgent - ok
10:08:37.0209 3952 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:08:37.0240 3952 afcdp - ok
10:08:37.0334 3952 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:08:37.0474 3952 afcdpsrv - ok
10:08:37.0568 3952 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:08:37.0630 3952 AFD - ok
10:08:37.0662 3952 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:08:37.0693 3952 agp440 - ok
10:08:37.0708 3952 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:08:37.0771 3952 ALG - ok
10:08:37.0786 3952 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:08:37.0802 3952 aliide - ok
10:08:37.0818 3952 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:08:37.0833 3952 amdide - ok
10:08:37.0849 3952 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:08:37.0927 3952 AmdK8 - ok
10:08:37.0927 3952 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:08:37.0989 3952 AmdPPM - ok
10:08:38.0020 3952 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:08:38.0052 3952 amdsata - ok
10:08:38.0067 3952 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:38.0114 3952 amdsbs - ok
10:08:38.0130 3952 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:08:38.0145 3952 amdxata - ok
10:08:38.0239 3952 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:38.0270 3952 AntiVirSchedulerService - ok
10:08:38.0286 3952 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:38.0301 3952 AntiVirService - ok
10:08:38.0332 3952 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:08:38.0551 3952 AppID - ok
10:08:38.0566 3952 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:08:38.0676 3952 AppIDSvc - ok
10:08:38.0707 3952 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:08:38.0800 3952 Appinfo - ok
10:08:38.0832 3952 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:08:38.0863 3952 arc - ok
10:08:38.0878 3952 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:08:38.0910 3952 arcsas - ok
10:08:38.0956 3952 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
10:08:38.0972 3952 ASLDRService - ok
10:08:39.0003 3952 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
10:08:39.0034 3952 ASMMAP64 - ok
10:08:39.0066 3952 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:39.0175 3952 AsyncMac - ok
10:08:39.0222 3952 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:08:39.0237 3952 atapi - ok
10:08:39.0346 3952 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:08:39.0549 3952 athr - ok
10:08:39.0580 3952 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
10:08:39.0596 3952 ATKGFNEXSrv - ok
10:08:39.0643 3952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:39.0768 3952 AudioEndpointBuilder - ok
10:08:39.0799 3952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:08:39.0877 3952 AudioSrv - ok
10:08:39.0924 3952 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:39.0955 3952 avgntflt - ok
10:08:40.0033 3952 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:08:40.0064 3952 avipbb - ok
10:08:40.0095 3952 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:40.0111 3952 avkmgr - ok
10:08:40.0173 3952 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:08:40.0251 3952 AxInstSV - ok
10:08:40.0282 3952 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:40.0329 3952 b06bdrv - ok
10:08:40.0360 3952 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:40.0407 3952 b57nd60a - ok
10:08:40.0485 3952 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:08:40.0516 3952 BBSvc - ok
10:08:40.0563 3952 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:08:40.0579 3952 BBUpdate - ok
10:08:40.0610 3952 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:08:40.0657 3952 BDESVC - ok
10:08:40.0719 3952 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:08:40.0813 3952 Beep - ok
10:08:40.0875 3952 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:08:40.0984 3952 BFE - ok
10:08:41.0062 3952 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:08:41.0187 3952 BITS - ok
10:08:41.0218 3952 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:41.0281 3952 blbdrive - ok
10:08:41.0328 3952 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:08:41.0390 3952 bowser - ok
10:08:41.0421 3952 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:41.0515 3952 BrFiltLo - ok
10:08:41.0530 3952 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:41.0562 3952 BrFiltUp - ok
10:08:41.0593 3952 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:08:41.0624 3952 Browser - ok
10:08:41.0671 3952 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:08:41.0733 3952 Brserid - ok
10:08:41.0733 3952 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:41.0780 3952 BrSerWdm - ok
10:08:41.0796 3952 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:41.0858 3952 BrUsbMdm - ok
10:08:41.0858 3952 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:41.0889 3952 BrUsbSer - ok
10:08:41.0905 3952 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:41.0936 3952 BTHMODEM - ok
10:08:41.0983 3952 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:08:42.0076 3952 bthserv - ok
10:08:42.0123 3952 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0201 3952 cdfs - ok
10:08:42.0248 3952 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:08:42.0295 3952 cdrom - ok
10:08:42.0310 3952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:08:42.0420 3952 CertPropSvc - ok
10:08:42.0451 3952 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0498 3952 circlass - ok
10:08:42.0576 3952 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:08:42.0607 3952 CLFS - ok
10:08:42.0654 3952 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0685 3952 clr_optimization_v2.0.50727_32 - ok
10:08:42.0763 3952 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0794 3952 clr_optimization_v2.0.50727_64 - ok
10:08:42.0872 3952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0888 3952 clr_optimization_v4.0.30319_32 - ok
10:08:42.0919 3952 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0934 3952 clr_optimization_v4.0.30319_64 - ok
10:08:42.0966 3952 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:43.0012 3952 CmBatt - ok
10:08:43.0059 3952 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:08:43.0075 3952 cmdide - ok
10:08:43.0137 3952 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:08:43.0200 3952 CNG - ok
10:08:43.0246 3952 [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:08:43.0356 3952 CnxtHdAudService - ok
10:08:43.0387 3952 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:08:43.0418 3952 Compbatt - ok
10:08:43.0449 3952 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:08:43.0496 3952 CompositeBus - ok
10:08:43.0512 3952 COMSysApp - ok
10:08:43.0527 3952 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:43.0558 3952 crcdisk - ok
10:08:43.0590 3952 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:08:43.0636 3952 CryptSvc - ok
10:08:43.0683 3952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:08:43.0808 3952 DcomLaunch - ok
10:08:43.0855 3952 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:08:43.0948 3952 defragsvc - ok
10:08:43.0995 3952 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:08:44.0104 3952 DfsC - ok
10:08:44.0136 3952 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:08:44.0167 3952 Dhcp - ok
10:08:44.0214 3952 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:08:44.0307 3952 discache - ok
10:08:44.0354 3952 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:08:44.0385 3952 Disk - ok
10:08:44.0650 3952 [ ECDA7D5B479F6C38C9D3D74868CB6401 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:08:45.0025 3952 DisplayLinkService - ok
10:08:45.0072 3952 [ 64FF7EAA324702E824AFFD24D4B33412 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
10:08:45.0118 3952 DisplayLinkUsbPort - ok
10:08:45.0150 3952 [ 0E787242686A9FC890ED420C9C287686 ] dlcdbus C:\Windows\system32\DRIVERS\dlcdbus.sys
10:08:45.0181 3952 dlcdbus - ok
10:08:45.0212 3952 [ B77DE8ECE8C423CC2DE0812FEB13BF5E ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
10:08:45.0243 3952 dlkmd - ok
10:08:45.0259 3952 [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
10:08:45.0290 3952 dlkmdldr - ok
10:08:45.0306 3952 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:08:45.0337 3952 Dnscache - ok
10:08:45.0368 3952 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:08:45.0477 3952 dot3svc - ok
10:08:45.0508 3952 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:08:45.0602 3952 DPS - ok
10:08:45.0633 3952 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:08:45.0680 3952 drmkaud - ok
10:08:45.0742 3952 [ 50AAD2A07BD8B90A8CFB4F6D7A4D165A ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
10:08:45.0774 3952 DSI_SiUSBXp_3_1 - ok
10:08:45.0836 3952 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:08:45.0930 3952 DXGKrnl - ok
10:08:45.0976 3952 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:08:46.0070 3952 EapHost - ok
10:08:46.0148 3952 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:08:46.0351 3952 ebdrv - ok
10:08:46.0382 3952 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:08:46.0413 3952 EFS - ok
10:08:46.0476 3952 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:08:46.0554 3952 ehRecvr - ok
10:08:46.0585 3952 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:08:46.0647 3952 ehSched - ok
10:08:46.0694 3952 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:08:46.0741 3952 elxstor - ok
10:08:46.0756 3952 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:08:46.0803 3952 ErrDev - ok
10:08:46.0850 3952 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
10:08:46.0912 3952 ETD - ok
10:08:46.0959 3952 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:08:47.0068 3952 EventSystem - ok
10:08:47.0100 3952 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:08:47.0193 3952 exfat - ok
10:08:47.0240 3952 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:08:47.0349 3952 fastfat - ok
10:08:47.0396 3952 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:08:47.0490 3952 Fax - ok
10:08:47.0521 3952 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:08:47.0568 3952 fdc - ok
10:08:47.0583 3952 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:08:47.0661 3952 fdPHost - ok
10:08:47.0677 3952 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:08:47.0770 3952 FDResPub - ok
10:08:47.0833 3952 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:08:47.0895 3952 FileInfo - ok
10:08:47.0911 3952 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:08:48.0004 3952 Filetrace - ok
10:08:48.0082 3952 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:08:48.0160 3952 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0160 3952 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:08:48.0192 3952 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:48.0223 3952 flpydisk - ok
10:08:48.0270 3952 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:08:48.0316 3952 FltMgr - ok
10:08:48.0379 3952 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:08:48.0457 3952 FontCache - ok
10:08:48.0519 3952 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:48.0550 3952 FontCache3.0.0.0 - ok
10:08:48.0566 3952 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:08:48.0597 3952 FsDepends - ok
10:08:48.0644 3952 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:08:48.0675 3952 Fs_Rec - ok
10:08:48.0722 3952 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:08:48.0753 3952 fvevol - ok
10:08:48.0800 3952 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:48.0831 3952 gagp30kx - ok
10:08:48.0862 3952 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:08:48.0987 3952 gpsvc - ok
10:08:49.0065 3952 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0081 3952 gupdate - ok
10:08:49.0174 3952 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0190 3952 gupdatem - ok
10:08:49.0221 3952 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:08:49.0268 3952 hcw85cir - ok
10:08:49.0299 3952 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:49.0393 3952 HdAudAddService - ok
10:08:49.0424 3952 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:08:49.0471 3952 HDAudBus - ok
10:08:49.0502 3952 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:49.0533 3952 HECIx64 - ok
10:08:49.0549 3952 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:49.0611 3952 HidBatt - ok
10:08:49.0611 3952 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:08:49.0658 3952 HidBth - ok
10:08:49.0674 3952 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:08:49.0736 3952 HidIr - ok
10:08:49.0752 3952 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:08:49.0845 3952 hidserv - ok
10:08:49.0892 3952 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:08:49.0923 3952 HidUsb - ok
10:08:49.0954 3952 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:08:50.0032 3952 hkmsvc - ok
10:08:50.0064 3952 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:50.0110 3952 HomeGroupListener - ok
10:08:50.0157 3952 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:50.0188 3952 HomeGroupProvider - ok
10:08:50.0235 3952 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:08:50.0266 3952 HpSAMD - ok
10:08:50.0329 3952 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:08:50.0454 3952 HTTP - ok
10:08:50.0500 3952 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:08:50.0516 3952 hwpolicy - ok
10:08:50.0547 3952 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:08:50.0578 3952 i8042prt - ok
10:08:50.0610 3952 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:08:50.0641 3952 iaStor - ok
10:08:50.0672 3952 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:08:50.0719 3952 iaStorV - ok
10:08:50.0781 3952 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:50.0875 3952 idsvc - ok
10:08:51.0249 3952 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:51.0811 3952 igfx - ok
10:08:51.0858 3952 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:08:51.0889 3952 iirsp - ok
10:08:51.0936 3952 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:08:52.0060 3952 IKEEXT - ok
10:08:52.0107 3952 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:08:52.0185 3952 Impcd - ok
10:08:52.0232 3952 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:08:52.0279 3952 IntcDAud - ok
10:08:52.0310 3952 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:08:52.0341 3952 intelide - ok
10:08:52.0372 3952 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:08:52.0404 3952 intelppm - ok
10:08:52.0450 3952 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:08:52.0513 3952 IPBusEnum - ok
10:08:52.0544 3952 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:52.0638 3952 IpFilterDriver - ok
10:08:52.0684 3952 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:08:52.0778 3952 iphlpsvc - ok
10:08:52.0794 3952 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:08:52.0840 3952 IPMIDRV - ok
10:08:52.0872 3952 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:08:52.0981 3952 IPNAT - ok
10:08:53.0012 3952 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:08:53.0106 3952 IRENUM - ok
10:08:53.0152 3952 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:08:53.0184 3952 isapnp - ok
10:08:53.0215 3952 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:08:53.0262 3952 iScsiPrt - ok
10:08:53.0277 3952 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:08:53.0308 3952 JMCR - ok
10:08:53.0340 3952 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
10:08:53.0371 3952 JME - ok
10:08:53.0386 3952 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:08:53.0418 3952 kbdclass - ok
10:08:53.0433 3952 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:08:53.0480 3952 kbdhid - ok
10:08:53.0511 3952 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
10:08:53.0542 3952 kbfiltr - ok
10:08:53.0558 3952 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:08:53.0589 3952 KeyIso - ok
10:08:53.0636 3952 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:08:53.0667 3952 KSecDD - ok
10:08:53.0683 3952 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:08:53.0730 3952 KSecPkg - ok
10:08:53.0776 3952 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:08:53.0870 3952 ksthunk - ok
10:08:53.0901 3952 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:08:54.0026 3952 KtmRm - ok
10:08:54.0073 3952 [ 44892163F1A1329FA5C22A4CEEBB1D45 ] LAN9500 C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
10:08:54.0104 3952 LAN9500 - ok
10:08:54.0166 3952 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:08:54.0276 3952 LanmanServer - ok
10:08:54.0307 3952 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:54.0385 3952 LanmanWorkstation - ok
10:08:54.0463 3952 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:08:54.0494 3952 LBTServ - ok
10:08:54.0525 3952 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:08:54.0556 3952 LEqdUsb - ok
10:08:54.0572 3952 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:08:54.0588 3952 LHidEqd - ok
10:08:54.0603 3952 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:08:54.0619 3952 LHidFilt - ok
10:08:54.0681 3952 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
10:08:54.0697 3952 libusb0 - ok
10:08:54.0744 3952 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:08:54.0837 3952 lltdio - ok
10:08:54.0884 3952 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:08:54.0993 3952 lltdsvc - ok
10:08:55.0024 3952 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:08:55.0102 3952 lmhosts - ok
10:08:55.0134 3952 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:08:55.0165 3952 LMouFilt - ok
10:08:55.0212 3952 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:55.0243 3952 LMS ( UnsignedFile.Multi.Generic ) - warning
10:08:55.0243 3952 LMS - detected UnsignedFile.Multi.Generic (1)
10:08:55.0274 3952 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:55.0305 3952 LSI_FC - ok
10:08:55.0321 3952 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:55.0352 3952 LSI_SAS - ok
10:08:55.0368 3952 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:55.0399 3952 LSI_SAS2 - ok
10:08:55.0414 3952 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:55.0446 3952 LSI_SCSI - ok
10:08:55.0461 3952 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:08:55.0570 3952 luafv - ok
10:08:55.0602 3952 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
10:08:55.0617 3952 lullaby - ok
10:08:55.0695 3952 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
10:08:55.0742 3952 McComponentHostService - ok
10:08:55.0789 3952 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:08:55.0836 3952 Mcx2Svc - ok
10:08:55.0867 3952 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:08:55.0898 3952 megasas - ok
10:08:55.0914 3952 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:55.0976 3952 MegaSR - ok
10:08:56.0054 3952 Microsoft SharePoint Workspace Audit Service - ok
10:08:56.0070 3952 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:08:56.0163 3952 MMCSS - ok
10:08:56.0210 3952 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:08:56.0319 3952 Modem - ok
10:08:56.0335 3952 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:08:56.0366 3952 monitor - ok
10:08:56.0397 3952 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:08:56.0413 3952 mouclass - ok
10:08:56.0460 3952 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:08:56.0506 3952 mouhid - ok
10:08:56.0522 3952 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:08:56.0553 3952 mountmgr - ok
10:08:56.0631 3952 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:56.0647 3952 MozillaMaintenance - ok
10:08:56.0662 3952 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:08:56.0694 3952 mpio - ok
10:08:56.0725 3952 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:08:56.0818 3952 mpsdrv - ok
10:08:56.0850 3952 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:08:56.0974 3952 MpsSvc - ok
10:08:57.0006 3952 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:08:57.0068 3952 MRxDAV - ok
10:08:57.0130 3952 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:57.0177 3952 mrxsmb - ok
10:08:57.0224 3952 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:57.0286 3952 mrxsmb10 - ok
10:08:57.0318 3952 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:57.0380 3952 mrxsmb20 - ok
10:08:57.0396 3952 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:08:57.0427 3952 msahci - ok
10:08:57.0458 3952 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:08:57.0489 3952 msdsm - ok
10:08:57.0520 3952 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:08:57.0567 3952 MSDTC - ok
10:08:57.0614 3952 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:08:57.0723 3952 Msfs - ok
10:08:57.0739 3952 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:08:57.0817 3952 mshidkmdf - ok
10:08:57.0848 3952 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:08:57.0864 3952 msisadrv - ok
10:08:57.0895 3952 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:08:57.0988 3952 MSiSCSI - ok
10:08:58.0004 3952 msiserver - ok
10:08:58.0035 3952 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:08:58.0129 3952 MSKSSRV - ok
10:08:58.0144 3952 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:58.0238 3952 MSPCLOCK - ok
10:08:58.0254 3952 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:08:58.0347 3952 MSPQM - ok
10:08:58.0378 3952 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:08:58.0410 3952 MsRPC - ok
10:08:58.0456 3952 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:08:58.0472 3952 mssmbios - ok
10:08:58.0488 3952 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:08:58.0581 3952 MSTEE - ok
10:08:58.0581 3952 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:58.0628 3952 MTConfig - ok
10:08:58.0675 3952 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
10:08:58.0690 3952 MTsensor - ok
10:08:58.0690 3952 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:08:58.0722 3952 Mup - ok
10:08:58.0753 3952 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:08:58.0862 3952 napagent - ok
10:08:58.0893 3952 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:08:58.0940 3952 NativeWifiP - ok
10:08:58.0987 3952 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:08:59.0049 3952 NDIS - ok
10:08:59.0065 3952 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:59.0158 3952 NdisCap - ok
10:08:59.0205 3952 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:59.0299 3952 NdisTapi - ok
10:08:59.0314 3952 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:59.0408 3952 Ndisuio - ok
10:08:59.0439 3952 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:59.0533 3952 NdisWan - ok
10:08:59.0564 3952 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:08:59.0642 3952 NDProxy - ok
10:08:59.0720 3952 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:08:59.0751 3952 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:08:59.0751 3952 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:08:59.0782 3952 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:08:59.0892 3952 NetBIOS - ok
10:08:59.0938 3952 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:09:00.0032 3952 NetBT - ok
10:09:00.0048 3952 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:09:00.0079 3952 Netlogon - ok
10:09:00.0110 3952 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:09:00.0219 3952 Netman - ok
10:09:00.0250 3952 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:09:00.0344 3952 netprofm - ok
10:09:00.0375 3952 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:00.0406 3952 NetTcpPortSharing - ok
10:09:00.0422 3952 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:09:00.0453 3952 nfrd960 - ok
10:09:00.0484 3952 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:09:00.0531 3952 NlaSvc - ok
10:09:00.0547 3952 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:09:00.0625 3952 Npfs - ok
10:09:00.0656 3952 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:09:00.0750 3952 nsi - ok
10:09:00.0781 3952 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:09:00.0859 3952 nsiproxy - ok
10:09:00.0937 3952 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:09:01.0108 3952 Ntfs - ok
10:09:01.0155 3952 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:09:01.0233 3952 Null - ok
10:09:01.0561 3952 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:02.0169 3952 nvlddmkm - ok
10:09:02.0278 3952 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
10:09:02.0310 3952 nvpciflt - ok
10:09:02.0341 3952 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:09:02.0372 3952 nvraid - ok
10:09:02.0388 3952 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:09:02.0419 3952 nvstor - ok
10:09:02.0481 3952 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
10:09:02.0544 3952 nvsvc - ok
10:09:02.0637 3952 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:09:02.0715 3952 nvUpdatusService - ok
10:09:02.0746 3952 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:09:02.0778 3952 nv_agp - ok
10:09:02.0778 3952 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:09:02.0824 3952 ohci1394 - ok
10:09:02.0918 3952 [ 379F3CDCD9917135B7629FA90F87FD1D ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
10:09:03.0043 3952 OODefragAgent - ok
10:09:03.0090 3952 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:03.0105 3952 ose - ok
10:09:03.0246 3952 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:09:03.0480 3952 osppsvc - ok
10:09:03.0526 3952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:09:03.0573 3952 p2pimsvc - ok
10:09:03.0589 3952 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:09:03.0636 3952 p2psvc - ok
10:09:03.0667 3952 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:09:03.0714 3952 Parport - ok
10:09:03.0745 3952 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:09:03.0776 3952 partmgr - ok
10:09:03.0807 3952 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:09:03.0854 3952 PcaSvc - ok
10:09:03.0901 3952 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:09:03.0932 3952 pci - ok
10:09:03.0948 3952 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:09:03.0979 3952 pciide - ok
10:09:04.0010 3952 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:09:04.0041 3952 pcmcia - ok
10:09:04.0104 3952 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:09:04.0135 3952 pcw - ok
10:09:04.0166 3952 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:09:04.0291 3952 PEAUTH - ok
10:09:04.0384 3952 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:09:04.0416 3952 PerfHost - ok
10:09:04.0478 3952 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:09:04.0650 3952 pla - ok
10:09:04.0696 3952 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:09:04.0743 3952 PlugPlay - ok
10:09:04.0806 3952 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:09:04.0837 3952 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:09:04.0837 3952 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:09:04.0852 3952 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:09:04.0899 3952 PNRPAutoReg - ok
10:09:04.0930 3952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:09:04.0962 3952 PNRPsvc - ok
10:09:04.0993 3952 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:09:05.0071 3952 PolicyAgent - ok
10:09:05.0102 3952 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:09:05.0196 3952 Power - ok
10:09:05.0227 3952 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:09:05.0336 3952 PptpMiniport - ok
10:09:05.0367 3952 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:09:05.0398 3952 Processor - ok
10:09:05.0461 3952 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:09:05.0508 3952 ProfSvc - ok
10:09:05.0523 3952 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:05.0539 3952 ProtectedStorage - ok
10:09:05.0570 3952 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:09:05.0648 3952 Psched - ok
10:09:05.0695 3952 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:09:05.0835 3952 ql2300 - ok
10:09:05.0851 3952 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:09:05.0882 3952 ql40xx - ok
10:09:05.0913 3952 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:09:05.0960 3952 QWAVE - ok
10:09:05.0976 3952 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:09:06.0022 3952 QWAVEdrv - ok
10:09:06.0054 3952 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:09:06.0132 3952 RasAcd - ok
10:09:06.0178 3952 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:06.0272 3952 RasAgileVpn - ok
10:09:06.0303 3952 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:09:06.0397 3952 RasAuto - ok
10:09:06.0444 3952 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:06.0553 3952 Rasl2tp - ok
10:09:06.0600 3952 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:09:06.0709 3952 RasMan - ok
10:09:06.0756 3952 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:06.0834 3952 RasPppoe - ok
10:09:06.0865 3952 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:09:06.0958 3952 RasSstp - ok
10:09:07.0005 3952 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:09:07.0114 3952 rdbss - ok
10:09:07.0130 3952 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:07.0177 3952 rdpbus - ok
10:09:07.0208 3952 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:07.0302 3952 RDPCDD - ok
10:09:07.0317 3952 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:09:07.0411 3952 RDPENCDD - ok
10:09:07.0442 3952 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:09:07.0520 3952 RDPREFMP - ok
10:09:07.0582 3952 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:09:07.0598 3952 RdpVideoMiniport - ok
10:09:07.0629 3952 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:09:07.0692 3952 RDPWD - ok
10:09:07.0723 3952 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:09:07.0770 3952 rdyboost - ok
10:09:07.0816 3952 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:09:07.0910 3952 RemoteAccess - ok
10:09:07.0941 3952 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:09:08.0035 3952 RemoteRegistry - ok
10:09:08.0050 3952 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:09:08.0144 3952 RpcEptMapper - ok
10:09:08.0160 3952 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:09:08.0206 3952 RpcLocator - ok
10:09:08.0253 3952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:09:08.0331 3952 RpcSs - ok
10:09:08.0394 3952 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:09:08.0487 3952 rspndr - ok
10:09:08.0550 3952 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
10:09:08.0565 3952 s0016bus - ok
10:09:08.0581 3952 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:09:08.0596 3952 s0016mdfl - ok
10:09:08.0612 3952 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
10:09:08.0628 3952 s0016mdm - ok
10:09:08.0643 3952 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:09:08.0690 3952 s0016mgmt - ok
10:09:08.0690 3952 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
10:09:08.0721 3952 s0016nd5 - ok
10:09:08.0721 3952 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
10:09:08.0752 3952 s0016obex - ok
10:09:08.0768 3952 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
10:09:08.0799 3952 s0016unic - ok
10:09:08.0815 3952 [ E0F0977CAAFDF719929C8CA02A1C5147 ] s115bus C:\Windows\system32\DRIVERS\s115bus.sys
10:09:08.0846 3952 s115bus - ok
10:09:08.0877 3952 [ 136328E6C3086A19EB3154058BC7B3A3 ] s115mdfl C:\Windows\system32\DRIVERS\s115mdfl.sys
10:09:08.0893 3952 s115mdfl - ok
10:09:08.0924 3952 [ 54552277DE7EAE1A2E108A4CFF7ABB07 ] s115mdm C:\Windows\system32\DRIVERS\s115mdm.sys
10:09:08.0940 3952 s115mdm - ok
10:09:08.0986 3952 [ E9B3966836CB9C2107264E44249267DF ] s115mgmt C:\Windows\system32\DRIVERS\s115mgmt.sys
10:09:09.0018 3952 s115mgmt - ok
10:09:09.0049 3952 [ F6AB3B6E35981C4F3FED4198D3F29674 ] s115obex C:\Windows\system32\DRIVERS\s115obex.sys
10:09:09.0064 3952 s115obex - ok
10:09:09.0096 3952 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:09:09.0111 3952 SamSs - ok
10:09:09.0174 3952 [ B7E1FF02C6A9BCDE9A34DE801E379844 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
10:09:09.0205 3952 SbieDrv - ok
10:09:09.0236 3952 [ 4B30590ABBBE4138BD4999FDF586AE53 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
10:09:09.0252 3952 SbieSvc - ok
10:09:09.0283 3952 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:09:09.0314 3952 sbp2port - ok
10:09:09.0345 3952 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:09:09.0439 3952 SCardSvr - ok
10:09:09.0470 3952 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:09:09.0548 3952 scfilter - ok
10:09:09.0610 3952 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:09:09.0720 3952 Schedule - ok
10:09:09.0735 3952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:09:09.0813 3952 SCPolicySvc - ok
10:09:09.0829 3952 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:09:09.0876 3952 sdbus - ok
10:09:09.0907 3952 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:09:09.0954 3952 SDRSVC - ok
10:09:09.0985 3952 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:09:10.0078 3952 secdrv - ok
10:09:10.0110 3952 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:09:10.0203 3952 seclogon - ok
10:09:10.0234 3952 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:09:10.0328 3952 SENS - ok
10:09:10.0344 3952 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:09:10.0390 3952 SensrSvc - ok
10:09:10.0406 3952 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:09:10.0453 3952 Serenum - ok
10:09:10.0468 3952 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:09:10.0515 3952 Serial - ok
10:09:10.0546 3952 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:09:10.0593 3952 sermouse - ok
10:09:10.0624 3952 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:09:10.0734 3952 SessionEnv - ok
10:09:10.0765 3952 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:09:10.0812 3952 sffdisk - ok
10:09:10.0858 3952 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:09:10.0890 3952 sffp_mmc - ok
10:09:10.0905 3952 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:09:10.0936 3952 sffp_sd - ok
10:09:10.0952 3952 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:09:10.0999 3952 sfloppy - ok
10:09:11.0061 3952 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:09:11.0139 3952 SharedAccess - ok
10:09:11.0186 3952 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:11.0280 3952 ShellHWDetection - ok
10:09:11.0342 3952 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
10:09:11.0389 3952 SiSGbeLH - ok
10:09:11.0389 3952 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:09:11.0420 3952 SiSRaid2 - ok
10:09:11.0436 3952 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:09:11.0467 3952 SiSRaid4 - ok
10:09:11.0529 3952 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:09:11.0592 3952 SkypeUpdate - ok
10:09:11.0607 3952 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:09:11.0716 3952 Smb - ok
10:09:11.0779 3952 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:09:11.0810 3952 snapman - ok
10:09:11.0826 3952 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:09:11.0872 3952 SNMPTRAP - ok
10:09:11.0950 3952 [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:09:12.0091 3952 SNP2UVC - ok
10:09:12.0122 3952 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:09:12.0153 3952 spldr - ok
10:09:12.0184 3952 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:09:12.0231 3952 Spooler - ok
10:09:12.0325 3952 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:09:12.0528 3952 sppsvc - ok
10:09:12.0574 3952 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:09:12.0668 3952 sppuinotify - ok
10:09:12.0730 3952 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
10:09:12.0824 3952 sptd - ok
10:09:12.0871 3952 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:09:12.0949 3952 srv - ok
10:09:12.0980 3952 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:09:13.0058 3952 srv2 - ok
10:09:13.0105 3952 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:09:13.0152 3952 srvnet - ok
10:09:13.0198 3952 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:09:13.0292 3952 SSDPSRV - ok
10:09:13.0308 3952 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:09:13.0401 3952 SstpSvc - ok
10:09:13.0432 3952 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:09:13.0464 3952 stexstor - ok
10:09:13.0479 3952 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:09:13.0526 3952 StillCam - ok
10:09:13.0573 3952 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:09:13.0651 3952 stisvc - ok
10:09:13.0666 3952 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:09:13.0698 3952 swenum - ok
10:09:13.0729 3952 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:09:13.0807 3952 swprv - ok
10:09:13.0885 3952 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:09:13.0978 3952 SysMain - ok
10:09:14.0010 3952 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:14.0041 3952 TabletInputService - ok
10:09:14.0072 3952 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:09:14.0181 3952 TapiSrv - ok
10:09:14.0228 3952 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:09:14.0322 3952 TBS - ok
10:09:14.0384 3952 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:09:14.0556 3952 Tcpip - ok
10:09:14.0618 3952 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:09:14.0680 3952 TCPIP6 - ok
10:09:14.0727 3952 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:09:14.0790 3952 tcpipreg - ok
10:09:14.0821 3952 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:09:14.0852 3952 TDPIPE - ok
10:09:14.0946 3952 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:09:15.0055 3952 tdrpman273 - ok
10:09:15.0086 3952 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:09:15.0102 3952 TDTCP - ok
10:09:15.0148 3952 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:09:15.0242 3952 tdx - ok
10:09:15.0304 3952 [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
10:09:15.0320 3952 TeamViewer5 - ok
10:09:15.0367 3952 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:09:15.0382 3952 teamviewervpn - ok
10:09:15.0398 3952 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:09:15.0429 3952 TermDD - ok
10:09:15.0460 3952 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:09:15.0663 3952 TermService - ok
10:09:15.0694 3952 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:09:15.0741 3952 Themes - ok
10:09:15.0772 3952 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:09:15.0850 3952 THREADORDER - ok
10:09:15.0897 3952 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:09:15.0991 3952 timounter - ok
10:09:16.0053 3952 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:09:16.0147 3952 TrkWks - ok
10:09:16.0194 3952 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:16.0287 3952 TrustedInstaller - ok
10:09:16.0334 3952 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:16.0428 3952 tssecsrv - ok
10:09:16.0474 3952 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:09:16.0521 3952 TsUsbFlt - ok
10:09:16.0568 3952 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:09:16.0662 3952 tunnel - ok
10:09:16.0693 3952 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
10:09:16.0708 3952 TurboB - ok
10:09:16.0771 3952 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:09:16.0786 3952 TurboBoost - ok
10:09:16.0833 3952 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:09:16.0880 3952 uagp35 - ok
10:09:16.0911 3952 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:09:17.0020 3952 udfs - ok
10:09:17.0052 3952 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:09:17.0098 3952 UI0Detect - ok
10:09:17.0130 3952 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:09:17.0161 3952 uliagpkx - ok
10:09:17.0176 3952 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:09:17.0208 3952 umbus - ok
10:09:17.0239 3952 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:09:17.0286 3952 UmPass - ok
10:09:17.0379 3952 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:09:17.0473 3952 UNS ( UnsignedFile.Multi.Generic ) - warning
10:09:17.0473 3952 UNS - detected UnsignedFile.Multi.Generic (1)
10:09:17.0520 3952 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:09:17.0613 3952 upnphost - ok
10:09:17.0676 3952 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:09:17.0722 3952 usbaudio - ok
10:09:17.0754 3952 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:17.0785 3952 usbccgp - ok
10:09:17.0800 3952 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:09:17.0847 3952 usbcir - ok
10:09:17.0878 3952 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:09:17.0925 3952 usbehci - ok
10:09:17.0956 3952 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:09:17.0988 3952 usbhub - ok
10:09:18.0003 3952 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:09:18.0034 3952 usbohci - ok
10:09:18.0050 3952 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:09:18.0081 3952 usbprint - ok
10:09:18.0097 3952 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:18.0159 3952 USBSTOR - ok
10:09:18.0159 3952 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:09:18.0206 3952 usbuhci - ok
10:09:18.0222 3952 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:09:18.0284 3952 usbvideo - ok
10:09:18.0315 3952 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:09:18.0393 3952 UxSms - ok
10:09:18.0424 3952 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:09:18.0440 3952 VaultSvc - ok
10:09:18.0456 3952 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:09:18.0487 3952 vdrvroot - ok
10:09:18.0518 3952 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:09:18.0627 3952 vds - ok
10:09:18.0658 3952 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:18.0690 3952 vga - ok
10:09:18.0705 3952 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:09:18.0814 3952 VgaSave - ok
10:09:18.0846 3952 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:09:18.0877 3952 vhdmp - ok
10:09:18.0908 3952 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:09:18.0924 3952 viaide - ok
10:09:18.0955 3952 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:09:18.0986 3952 volmgr - ok
10:09:19.0017 3952 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:09:19.0048 3952 volmgrx - ok
10:09:19.0080 3952 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:09:19.0126 3952 volsnap - ok
10:09:19.0189 3952 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:09:19.0220 3952 vpnagent - ok
10:09:19.0251 3952 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:09:19.0267 3952 vpnva - ok
10:09:19.0298 3952 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:09:19.0345 3952 vsmraid - ok
10:09:19.0407 3952 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:09:19.0548 3952 VSS - ok
10:09:19.0563 3952 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:19.0626 3952 vwifibus - ok
10:09:19.0672 3952 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:19.0735 3952 vwififlt - ok
10:09:19.0766 3952 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:09:19.0813 3952 vwifimp - ok
10:09:19.0860 3952 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:09:19.0938 3952 W32Time - ok
10:09:19.0969 3952 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:09:20.0000 3952 WacomPen - ok
10:09:20.0047 3952 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0140 3952 WANARP - ok
10:09:20.0140 3952 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0218 3952 Wanarpv6 - ok
10:09:20.0296 3952 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:20.0374 3952 WatAdminSvc - ok
10:09:20.0437 3952 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:09:20.0546 3952 wbengine - ok
10:09:20.0577 3952 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:09:20.0624 3952 WbioSrvc - ok
10:09:20.0671 3952 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:09:20.0718 3952 wcncsvc - ok
10:09:20.0733 3952 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:20.0780 3952 WcsPlugInService - ok
10:09:20.0827 3952 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:09:20.0842 3952 Wd - ok
10:09:20.0905 3952 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:09:20.0983 3952 Wdf01000 - ok
10:09:21.0014 3952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:09:21.0123 3952 WdiServiceHost - ok
10:09:21.0123 3952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:09:21.0170 3952 WdiSystemHost - ok
10:09:21.0201 3952 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:09:21.0279 3952 WebClient - ok
10:09:21.0295 3952 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:09:21.0420 3952 Wecsvc - ok
10:09:21.0451 3952 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:09:21.0544 3952 wercplsupport - ok
10:09:21.0576 3952 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:09:21.0669 3952 WerSvc - ok
10:09:21.0700 3952 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:21.0778 3952 WfpLwf - ok
10:09:21.0825 3952 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
10:09:21.0872 3952 WimFltr - ok
10:09:21.0903 3952 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:09:21.0934 3952 WIMMount - ok
10:09:21.0981 3952 WinDefend - ok
10:09:21.0997 3952 WinHttpAutoProxySvc - ok
10:09:22.0044 3952 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:09:22.0122 3952 Winmgmt - ok
10:09:22.0200 3952 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:09:22.0371 3952 WinRM - ok
10:09:22.0434 3952 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:22.0496 3952 WinUsb - ok
10:09:22.0543 3952 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:09:22.0636 3952 Wlansvc - ok
10:09:22.0714 3952 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:09:22.0839 3952 wlidsvc - ok
10:09:22.0870 3952 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:09:22.0917 3952 WmiAcpi - ok
10:09:22.0948 3952 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:09:22.0995 3952 wmiApSrv - ok
10:09:23.0026 3952 WMPNetworkSvc - ok
10:09:23.0058 3952 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:09:23.0120 3952 WPCSvc - ok
10:09:23.0151 3952 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:09:23.0182 3952 WPDBusEnum - ok
10:09:23.0229 3952 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:09:23.0323 3952 ws2ifsl - ok
10:09:23.0354 3952 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:09:23.0385 3952 wscsvc - ok
10:09:23.0401 3952 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:09:23.0448 3952 WSDPrintDevice - ok
10:09:23.0448 3952 WSearch - ok
10:09:23.0541 3952 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:09:23.0666 3952 wuauserv - ok
10:09:23.0697 3952 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:09:23.0728 3952 WudfPf - ok
10:09:23.0775 3952 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:23.0822 3952 WUDFRd - ok
10:09:23.0853 3952 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:09:23.0900 3952 wudfsvc - ok
10:09:23.0931 3952 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:09:23.0994 3952 WwanSvc - ok
10:09:24.0025 3952 ================ Scan global ===============================
10:09:24.0072 3952 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:09:24.0103 3952 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0118 3952 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0150 3952 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:09:24.0181 3952 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:09:24.0196 3952 [Global] - ok
10:09:24.0196 3952 ================ Scan MBR ==================================
10:09:24.0992 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:25.0179 3952 \Device\Harddisk3\DR4 - ok
10:09:25.0226 3952 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:09:25.0678 3952 \Device\Harddisk0\DR0 - ok
10:09:25.0678 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:09:26.0224 3952 \Device\Harddisk1\DR1 - ok
10:09:26.0224 3952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
10:09:31.0014 3952 \Device\Harddisk2\DR3 - ok
10:09:31.0029 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:31.0216 3952 \Device\Harddisk3\DR4 - ok
10:09:31.0216 3952 ================ Scan VBR ==================================
10:09:31.0216 3952 [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0216 3952 \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0279 3952 [ C1EFB675B04D3E0FEFEB0B2A9E55B3D3 ] \Device\Harddisk0\DR0\Partition1
10:09:31.0279 3952 \Device\Harddisk0\DR0\Partition1 - ok
10:09:31.0294 3952 [ E8FBD723A8500F903E608DCF5B339629 ] \Device\Harddisk0\DR0\Partition2
10:09:31.0294 3952 \Device\Harddisk0\DR0\Partition2 - ok
10:09:31.0310 3952 [ 8E37C8177012DCDC8A81A9657CA7B97F ] \Device\Harddisk1\DR1\Partition1
10:09:31.0310 3952 \Device\Harddisk1\DR1\Partition1 - ok
10:09:31.0310 3952 [ 364BE6FAD58CE19E8C0B3E4A5C363247 ] \Device\Harddisk2\DR3\Partition1
10:09:31.0326 3952 \Device\Harddisk2\DR3\Partition1 - ok
10:09:31.0326 3952 [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0326 3952 \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0326 3952 ============================================================
10:09:31.0326 3952 Scan finished
10:09:31.0326 3952 ============================================================
10:09:31.0357 6536 Detected object count: 5
10:09:31.0357 6536 Actual detected object count: 5
10:18:10.0916 6536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0931 6536 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0931 6536 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.03.2013, 10:57
| #13 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Hab einen Schritt vergessen, zu posten: Hier nun alle drei Schritte: 1. Java aktualisieren Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 19.0 ist aktuell
Flash (11,6,602,180) ist aktuell.
Java (1,7,0,17) ist aktuell.
Adobe Reader 11,0,2,0 ist aktuell.
2. Java deaktivieren Code:
ATTFilter PluginCheck
Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.
Firefox 19.0 ist aktuell
Flash (11,6,602,180) ist aktuell.
Java ist Installiert aber nicht aktiviert.
Adobe Reader 11,0,2,0 ist aktuell.
3. TDSSKiller.exe: TDSSKiller.2.8.16.0_26.03.2013_10.07.58_log.txt Code:
ATTFilter 10:07:58.0199 3608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:07:58.0409 3608 ============================================================
10:07:58.0409 3608 Current date / time: 2013/03/26 10:07:58.0409
10:07:58.0409 3608 SystemInfo:
10:07:58.0409 3608
10:07:58.0409 3608 OS Version: 6.1.7601 ServicePack: 1.0
10:07:58.0409 3608 Product type: Workstation
10:07:58.0409 3608 ComputerName: BRI***_PC
10:07:58.0409 3608 UserName: Bri***
10:07:58.0409 3608 Windows directory: C:\Windows
10:07:58.0409 3608 System windows directory: C:\Windows
10:07:58.0409 3608 Running under WOW64
10:07:58.0409 3608 Processor architecture: Intel x64
10:07:58.0409 3608 Number of processors: 4
10:07:58.0409 3608 Page size: 0x1000
10:07:58.0409 3608 Boot type: Normal boot
10:07:58.0409 3608 ============================================================
10:08:00.0209 3608 Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
10:08:00.0219 3608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:00.0229 3608 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608 Drive \Device\Harddisk2\DR3 - Size: 0xEFD00000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0777 3608 Drive \Device\Harddisk3\DR4 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:08:04.0792 3608 ============================================================
10:08:04.0792 3608 \Device\Harddisk3\DR4:
10:08:04.0792 3608 MBR partitions:
10:08:04.0792 3608 \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0792 3608 \Device\Harddisk0\DR0:
10:08:04.0823 3608 MBR partitions:
10:08:04.0823 3608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x21333B7, BlocksNum 0xE8E0360
10:08:04.0823 3608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10A13756, BlocksNum 0x299714EB
10:08:04.0823 3608 \Device\Harddisk1\DR1:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747051C1
10:08:04.0933 3608 \Device\Harddisk2\DR3:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk2\DR3\Partition1: MBR, Type 0xB, StartLBA 0x2410, BlocksNum 0x77C3F0
10:08:04.0933 3608 \Device\Harddisk3\DR4:
10:08:04.0933 3608 MBR partitions:
10:08:04.0933 3608 \Device\Harddisk3\DR4\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
10:08:04.0933 3608 ============================================================
10:08:04.0995 3608 C: <-> \Device\Harddisk0\DR0\Partition1
10:08:05.0042 3608 D: <-> \Device\Harddisk0\DR0\Partition2
10:08:05.0089 3608 F: <-> \Device\Harddisk1\DR1\Partition1
10:08:05.0089 3608 ============================================================
10:08:05.0089 3608 Initialize success
10:08:05.0089 3608 ============================================================
10:08:34.0932 3952 ============================================================
10:08:34.0932 3952 Scan started
10:08:34.0932 3952 Mode: Manual; SigCheck; TDLFS;
10:08:34.0932 3952 ============================================================
10:08:35.0400 3952 ================ Scan system memory ========================
10:08:35.0400 3952 System memory - ok
10:08:35.0400 3952 ================ Scan services =============================
10:08:35.0556 3952 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:08:35.0696 3952 1394ohci - ok
10:08:35.0758 3952 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:08:35.0790 3952 ACPI - ok
10:08:35.0805 3952 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:08:35.0914 3952 AcpiPmi - ok
10:08:36.0070 3952 [ BD2F775D230A9B55AB01CDA4EA5CE729 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:08:36.0148 3952 AcrSch2Svc - ok
10:08:36.0195 3952 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
10:08:36.0226 3952 acsock - ok
10:08:36.0320 3952 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:08:36.0351 3952 AdobeARMservice - ok
10:08:36.0476 3952 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:36.0492 3952 AdobeFlashPlayerUpdateSvc - ok
10:08:36.0538 3952 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:08:36.0585 3952 adp94xx - ok
10:08:36.0616 3952 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:08:36.0663 3952 adpahci - ok
10:08:36.0679 3952 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:08:36.0726 3952 adpu320 - ok
10:08:36.0804 3952 ADSMService - ok
10:08:36.0835 3952 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:08:37.0022 3952 AeLookupSvc - ok
10:08:37.0069 3952 [ 2D00D3DADC1D3326BA788EB071F2726E ] AFBAgent C:\Windows\system32\FBAgent.exe
10:08:37.0100 3952 AFBAgent - ok
10:08:37.0209 3952 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:08:37.0240 3952 afcdp - ok
10:08:37.0334 3952 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:08:37.0474 3952 afcdpsrv - ok
10:08:37.0568 3952 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:08:37.0630 3952 AFD - ok
10:08:37.0662 3952 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:08:37.0693 3952 agp440 - ok
10:08:37.0708 3952 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:08:37.0771 3952 ALG - ok
10:08:37.0786 3952 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:08:37.0802 3952 aliide - ok
10:08:37.0818 3952 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:08:37.0833 3952 amdide - ok
10:08:37.0849 3952 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:08:37.0927 3952 AmdK8 - ok
10:08:37.0927 3952 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:08:37.0989 3952 AmdPPM - ok
10:08:38.0020 3952 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:08:38.0052 3952 amdsata - ok
10:08:38.0067 3952 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:08:38.0114 3952 amdsbs - ok
10:08:38.0130 3952 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:08:38.0145 3952 amdxata - ok
10:08:38.0239 3952 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:08:38.0270 3952 AntiVirSchedulerService - ok
10:08:38.0286 3952 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:08:38.0301 3952 AntiVirService - ok
10:08:38.0332 3952 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:08:38.0551 3952 AppID - ok
10:08:38.0566 3952 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:08:38.0676 3952 AppIDSvc - ok
10:08:38.0707 3952 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:08:38.0800 3952 Appinfo - ok
10:08:38.0832 3952 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:08:38.0863 3952 arc - ok
10:08:38.0878 3952 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:08:38.0910 3952 arcsas - ok
10:08:38.0956 3952 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
10:08:38.0972 3952 ASLDRService - ok
10:08:39.0003 3952 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
10:08:39.0034 3952 ASMMAP64 - ok
10:08:39.0066 3952 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:08:39.0175 3952 AsyncMac - ok
10:08:39.0222 3952 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:08:39.0237 3952 atapi - ok
10:08:39.0346 3952 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:08:39.0549 3952 athr - ok
10:08:39.0580 3952 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
10:08:39.0596 3952 ATKGFNEXSrv - ok
10:08:39.0643 3952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:08:39.0768 3952 AudioEndpointBuilder - ok
10:08:39.0799 3952 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:08:39.0877 3952 AudioSrv - ok
10:08:39.0924 3952 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:08:39.0955 3952 avgntflt - ok
10:08:40.0033 3952 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:08:40.0064 3952 avipbb - ok
10:08:40.0095 3952 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:08:40.0111 3952 avkmgr - ok
10:08:40.0173 3952 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:08:40.0251 3952 AxInstSV - ok
10:08:40.0282 3952 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:08:40.0329 3952 b06bdrv - ok
10:08:40.0360 3952 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:08:40.0407 3952 b57nd60a - ok
10:08:40.0485 3952 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
10:08:40.0516 3952 BBSvc - ok
10:08:40.0563 3952 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
10:08:40.0579 3952 BBUpdate - ok
10:08:40.0610 3952 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:08:40.0657 3952 BDESVC - ok
10:08:40.0719 3952 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:08:40.0813 3952 Beep - ok
10:08:40.0875 3952 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:08:40.0984 3952 BFE - ok
10:08:41.0062 3952 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:08:41.0187 3952 BITS - ok
10:08:41.0218 3952 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:08:41.0281 3952 blbdrive - ok
10:08:41.0328 3952 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:08:41.0390 3952 bowser - ok
10:08:41.0421 3952 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:08:41.0515 3952 BrFiltLo - ok
10:08:41.0530 3952 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:08:41.0562 3952 BrFiltUp - ok
10:08:41.0593 3952 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:08:41.0624 3952 Browser - ok
10:08:41.0671 3952 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:08:41.0733 3952 Brserid - ok
10:08:41.0733 3952 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:08:41.0780 3952 BrSerWdm - ok
10:08:41.0796 3952 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:08:41.0858 3952 BrUsbMdm - ok
10:08:41.0858 3952 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:08:41.0889 3952 BrUsbSer - ok
10:08:41.0905 3952 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:08:41.0936 3952 BTHMODEM - ok
10:08:41.0983 3952 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:08:42.0076 3952 bthserv - ok
10:08:42.0123 3952 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:08:42.0201 3952 cdfs - ok
10:08:42.0248 3952 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:08:42.0295 3952 cdrom - ok
10:08:42.0310 3952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:08:42.0420 3952 CertPropSvc - ok
10:08:42.0451 3952 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:08:42.0498 3952 circlass - ok
10:08:42.0576 3952 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:08:42.0607 3952 CLFS - ok
10:08:42.0654 3952 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:42.0685 3952 clr_optimization_v2.0.50727_32 - ok
10:08:42.0763 3952 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:08:42.0794 3952 clr_optimization_v2.0.50727_64 - ok
10:08:42.0872 3952 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:42.0888 3952 clr_optimization_v4.0.30319_32 - ok
10:08:42.0919 3952 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:08:42.0934 3952 clr_optimization_v4.0.30319_64 - ok
10:08:42.0966 3952 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:08:43.0012 3952 CmBatt - ok
10:08:43.0059 3952 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:08:43.0075 3952 cmdide - ok
10:08:43.0137 3952 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:08:43.0200 3952 CNG - ok
10:08:43.0246 3952 [ F7CA3ACCF5AA0E2182546C5BE42B2E96 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:08:43.0356 3952 CnxtHdAudService - ok
10:08:43.0387 3952 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:08:43.0418 3952 Compbatt - ok
10:08:43.0449 3952 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:08:43.0496 3952 CompositeBus - ok
10:08:43.0512 3952 COMSysApp - ok
10:08:43.0527 3952 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:08:43.0558 3952 crcdisk - ok
10:08:43.0590 3952 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:08:43.0636 3952 CryptSvc - ok
10:08:43.0683 3952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:08:43.0808 3952 DcomLaunch - ok
10:08:43.0855 3952 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:08:43.0948 3952 defragsvc - ok
10:08:43.0995 3952 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:08:44.0104 3952 DfsC - ok
10:08:44.0136 3952 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:08:44.0167 3952 Dhcp - ok
10:08:44.0214 3952 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:08:44.0307 3952 discache - ok
10:08:44.0354 3952 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:08:44.0385 3952 Disk - ok
10:08:44.0650 3952 [ ECDA7D5B479F6C38C9D3D74868CB6401 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
10:08:45.0025 3952 DisplayLinkService - ok
10:08:45.0072 3952 [ 64FF7EAA324702E824AFFD24D4B33412 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
10:08:45.0118 3952 DisplayLinkUsbPort - ok
10:08:45.0150 3952 [ 0E787242686A9FC890ED420C9C287686 ] dlcdbus C:\Windows\system32\DRIVERS\dlcdbus.sys
10:08:45.0181 3952 dlcdbus - ok
10:08:45.0212 3952 [ B77DE8ECE8C423CC2DE0812FEB13BF5E ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
10:08:45.0243 3952 dlkmd - ok
10:08:45.0259 3952 [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
10:08:45.0290 3952 dlkmdldr - ok
10:08:45.0306 3952 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:08:45.0337 3952 Dnscache - ok
10:08:45.0368 3952 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:08:45.0477 3952 dot3svc - ok
10:08:45.0508 3952 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:08:45.0602 3952 DPS - ok
10:08:45.0633 3952 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:08:45.0680 3952 drmkaud - ok
10:08:45.0742 3952 [ 50AAD2A07BD8B90A8CFB4F6D7A4D165A ] DSI_SiUSBXp_3_1 C:\Windows\system32\drivers\DSI_SiUSBXp_3_1.sys
10:08:45.0774 3952 DSI_SiUSBXp_3_1 - ok
10:08:45.0836 3952 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:08:45.0930 3952 DXGKrnl - ok
10:08:45.0976 3952 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:08:46.0070 3952 EapHost - ok
10:08:46.0148 3952 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:08:46.0351 3952 ebdrv - ok
10:08:46.0382 3952 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:08:46.0413 3952 EFS - ok
10:08:46.0476 3952 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:08:46.0554 3952 ehRecvr - ok
10:08:46.0585 3952 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:08:46.0647 3952 ehSched - ok
10:08:46.0694 3952 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:08:46.0741 3952 elxstor - ok
10:08:46.0756 3952 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:08:46.0803 3952 ErrDev - ok
10:08:46.0850 3952 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
10:08:46.0912 3952 ETD - ok
10:08:46.0959 3952 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:08:47.0068 3952 EventSystem - ok
10:08:47.0100 3952 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:08:47.0193 3952 exfat - ok
10:08:47.0240 3952 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:08:47.0349 3952 fastfat - ok
10:08:47.0396 3952 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:08:47.0490 3952 Fax - ok
10:08:47.0521 3952 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:08:47.0568 3952 fdc - ok
10:08:47.0583 3952 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:08:47.0661 3952 fdPHost - ok
10:08:47.0677 3952 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:08:47.0770 3952 FDResPub - ok
10:08:47.0833 3952 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:08:47.0895 3952 FileInfo - ok
10:08:47.0911 3952 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:08:48.0004 3952 Filetrace - ok
10:08:48.0082 3952 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:08:48.0160 3952 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:08:48.0160 3952 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:08:48.0192 3952 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:08:48.0223 3952 flpydisk - ok
10:08:48.0270 3952 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:08:48.0316 3952 FltMgr - ok
10:08:48.0379 3952 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:08:48.0457 3952 FontCache - ok
10:08:48.0519 3952 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:08:48.0550 3952 FontCache3.0.0.0 - ok
10:08:48.0566 3952 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:08:48.0597 3952 FsDepends - ok
10:08:48.0644 3952 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:08:48.0675 3952 Fs_Rec - ok
10:08:48.0722 3952 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:08:48.0753 3952 fvevol - ok
10:08:48.0800 3952 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:08:48.0831 3952 gagp30kx - ok
10:08:48.0862 3952 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:08:48.0987 3952 gpsvc - ok
10:08:49.0065 3952 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0081 3952 gupdate - ok
10:08:49.0174 3952 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:08:49.0190 3952 gupdatem - ok
10:08:49.0221 3952 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:08:49.0268 3952 hcw85cir - ok
10:08:49.0299 3952 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:08:49.0393 3952 HdAudAddService - ok
10:08:49.0424 3952 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:08:49.0471 3952 HDAudBus - ok
10:08:49.0502 3952 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:08:49.0533 3952 HECIx64 - ok
10:08:49.0549 3952 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:08:49.0611 3952 HidBatt - ok
10:08:49.0611 3952 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:08:49.0658 3952 HidBth - ok
10:08:49.0674 3952 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:08:49.0736 3952 HidIr - ok
10:08:49.0752 3952 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:08:49.0845 3952 hidserv - ok
10:08:49.0892 3952 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:08:49.0923 3952 HidUsb - ok
10:08:49.0954 3952 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:08:50.0032 3952 hkmsvc - ok
10:08:50.0064 3952 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:08:50.0110 3952 HomeGroupListener - ok
10:08:50.0157 3952 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:08:50.0188 3952 HomeGroupProvider - ok
10:08:50.0235 3952 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:08:50.0266 3952 HpSAMD - ok
10:08:50.0329 3952 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:08:50.0454 3952 HTTP - ok
10:08:50.0500 3952 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:08:50.0516 3952 hwpolicy - ok
10:08:50.0547 3952 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:08:50.0578 3952 i8042prt - ok
10:08:50.0610 3952 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:08:50.0641 3952 iaStor - ok
10:08:50.0672 3952 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:08:50.0719 3952 iaStorV - ok
10:08:50.0781 3952 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:08:50.0875 3952 idsvc - ok
10:08:51.0249 3952 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:08:51.0811 3952 igfx - ok
10:08:51.0858 3952 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:08:51.0889 3952 iirsp - ok
10:08:51.0936 3952 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:08:52.0060 3952 IKEEXT - ok
10:08:52.0107 3952 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
10:08:52.0185 3952 Impcd - ok
10:08:52.0232 3952 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:08:52.0279 3952 IntcDAud - ok
10:08:52.0310 3952 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:08:52.0341 3952 intelide - ok
10:08:52.0372 3952 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:08:52.0404 3952 intelppm - ok
10:08:52.0450 3952 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:08:52.0513 3952 IPBusEnum - ok
10:08:52.0544 3952 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:52.0638 3952 IpFilterDriver - ok
10:08:52.0684 3952 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:08:52.0778 3952 iphlpsvc - ok
10:08:52.0794 3952 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:08:52.0840 3952 IPMIDRV - ok
10:08:52.0872 3952 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:08:52.0981 3952 IPNAT - ok
10:08:53.0012 3952 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:08:53.0106 3952 IRENUM - ok
10:08:53.0152 3952 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:08:53.0184 3952 isapnp - ok
10:08:53.0215 3952 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:08:53.0262 3952 iScsiPrt - ok
10:08:53.0277 3952 [ DB917B998CBC15A153C00DD6EFC34C13 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:08:53.0308 3952 JMCR - ok
10:08:53.0340 3952 [ DE4B2249D95C7815D06A39EA5FF4EE53 ] JME C:\Windows\system32\DRIVERS\JME.sys
10:08:53.0371 3952 JME - ok
10:08:53.0386 3952 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:08:53.0418 3952 kbdclass - ok
10:08:53.0433 3952 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:08:53.0480 3952 kbdhid - ok
10:08:53.0511 3952 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
10:08:53.0542 3952 kbfiltr - ok
10:08:53.0558 3952 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:08:53.0589 3952 KeyIso - ok
10:08:53.0636 3952 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:08:53.0667 3952 KSecDD - ok
10:08:53.0683 3952 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:08:53.0730 3952 KSecPkg - ok
10:08:53.0776 3952 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:08:53.0870 3952 ksthunk - ok
10:08:53.0901 3952 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:08:54.0026 3952 KtmRm - ok
10:08:54.0073 3952 [ 44892163F1A1329FA5C22A4CEEBB1D45 ] LAN9500 C:\Windows\system32\DRIVERS\lan9500-x64-n51f.sys
10:08:54.0104 3952 LAN9500 - ok
10:08:54.0166 3952 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:08:54.0276 3952 LanmanServer - ok
10:08:54.0307 3952 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:08:54.0385 3952 LanmanWorkstation - ok
10:08:54.0463 3952 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:08:54.0494 3952 LBTServ - ok
10:08:54.0525 3952 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:08:54.0556 3952 LEqdUsb - ok
10:08:54.0572 3952 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:08:54.0588 3952 LHidEqd - ok
10:08:54.0603 3952 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:08:54.0619 3952 LHidFilt - ok
10:08:54.0681 3952 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
10:08:54.0697 3952 libusb0 - ok
10:08:54.0744 3952 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:08:54.0837 3952 lltdio - ok
10:08:54.0884 3952 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:08:54.0993 3952 lltdsvc - ok
10:08:55.0024 3952 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:08:55.0102 3952 lmhosts - ok
10:08:55.0134 3952 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:08:55.0165 3952 LMouFilt - ok
10:08:55.0212 3952 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:55.0243 3952 LMS ( UnsignedFile.Multi.Generic ) - warning
10:08:55.0243 3952 LMS - detected UnsignedFile.Multi.Generic (1)
10:08:55.0274 3952 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:55.0305 3952 LSI_FC - ok
10:08:55.0321 3952 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:55.0352 3952 LSI_SAS - ok
10:08:55.0368 3952 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:55.0399 3952 LSI_SAS2 - ok
10:08:55.0414 3952 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:55.0446 3952 LSI_SCSI - ok
10:08:55.0461 3952 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:08:55.0570 3952 luafv - ok
10:08:55.0602 3952 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
10:08:55.0617 3952 lullaby - ok
10:08:55.0695 3952 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe
10:08:55.0742 3952 McComponentHostService - ok
10:08:55.0789 3952 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:08:55.0836 3952 Mcx2Svc - ok
10:08:55.0867 3952 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:08:55.0898 3952 megasas - ok
10:08:55.0914 3952 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:55.0976 3952 MegaSR - ok
10:08:56.0054 3952 Microsoft SharePoint Workspace Audit Service - ok
10:08:56.0070 3952 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:08:56.0163 3952 MMCSS - ok
10:08:56.0210 3952 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:08:56.0319 3952 Modem - ok
10:08:56.0335 3952 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:08:56.0366 3952 monitor - ok
10:08:56.0397 3952 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:08:56.0413 3952 mouclass - ok
10:08:56.0460 3952 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:08:56.0506 3952 mouhid - ok
10:08:56.0522 3952 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:08:56.0553 3952 mountmgr - ok
10:08:56.0631 3952 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:08:56.0647 3952 MozillaMaintenance - ok
10:08:56.0662 3952 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:08:56.0694 3952 mpio - ok
10:08:56.0725 3952 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:08:56.0818 3952 mpsdrv - ok
10:08:56.0850 3952 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:08:56.0974 3952 MpsSvc - ok
10:08:57.0006 3952 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:08:57.0068 3952 MRxDAV - ok
10:08:57.0130 3952 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:57.0177 3952 mrxsmb - ok
10:08:57.0224 3952 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:57.0286 3952 mrxsmb10 - ok
10:08:57.0318 3952 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:57.0380 3952 mrxsmb20 - ok
10:08:57.0396 3952 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:08:57.0427 3952 msahci - ok
10:08:57.0458 3952 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:08:57.0489 3952 msdsm - ok
10:08:57.0520 3952 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:08:57.0567 3952 MSDTC - ok
10:08:57.0614 3952 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:08:57.0723 3952 Msfs - ok
10:08:57.0739 3952 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:08:57.0817 3952 mshidkmdf - ok
10:08:57.0848 3952 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:08:57.0864 3952 msisadrv - ok
10:08:57.0895 3952 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:08:57.0988 3952 MSiSCSI - ok
10:08:58.0004 3952 msiserver - ok
10:08:58.0035 3952 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:08:58.0129 3952 MSKSSRV - ok
10:08:58.0144 3952 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:58.0238 3952 MSPCLOCK - ok
10:08:58.0254 3952 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:08:58.0347 3952 MSPQM - ok
10:08:58.0378 3952 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:08:58.0410 3952 MsRPC - ok
10:08:58.0456 3952 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:08:58.0472 3952 mssmbios - ok
10:08:58.0488 3952 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:08:58.0581 3952 MSTEE - ok
10:08:58.0581 3952 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:58.0628 3952 MTConfig - ok
10:08:58.0675 3952 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
10:08:58.0690 3952 MTsensor - ok
10:08:58.0690 3952 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:08:58.0722 3952 Mup - ok
10:08:58.0753 3952 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:08:58.0862 3952 napagent - ok
10:08:58.0893 3952 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:08:58.0940 3952 NativeWifiP - ok
10:08:58.0987 3952 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:08:59.0049 3952 NDIS - ok
10:08:59.0065 3952 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:59.0158 3952 NdisCap - ok
10:08:59.0205 3952 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:59.0299 3952 NdisTapi - ok
10:08:59.0314 3952 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:59.0408 3952 Ndisuio - ok
10:08:59.0439 3952 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:59.0533 3952 NdisWan - ok
10:08:59.0564 3952 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:08:59.0642 3952 NDProxy - ok
10:08:59.0720 3952 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:08:59.0751 3952 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:08:59.0751 3952 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:08:59.0782 3952 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:08:59.0892 3952 NetBIOS - ok
10:08:59.0938 3952 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:09:00.0032 3952 NetBT - ok
10:09:00.0048 3952 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:09:00.0079 3952 Netlogon - ok
10:09:00.0110 3952 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:09:00.0219 3952 Netman - ok
10:09:00.0250 3952 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:09:00.0344 3952 netprofm - ok
10:09:00.0375 3952 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:00.0406 3952 NetTcpPortSharing - ok
10:09:00.0422 3952 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:09:00.0453 3952 nfrd960 - ok
10:09:00.0484 3952 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:09:00.0531 3952 NlaSvc - ok
10:09:00.0547 3952 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:09:00.0625 3952 Npfs - ok
10:09:00.0656 3952 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:09:00.0750 3952 nsi - ok
10:09:00.0781 3952 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:09:00.0859 3952 nsiproxy - ok
10:09:00.0937 3952 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:09:01.0108 3952 Ntfs - ok
10:09:01.0155 3952 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:09:01.0233 3952 Null - ok
10:09:01.0561 3952 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:02.0169 3952 nvlddmkm - ok
10:09:02.0278 3952 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
10:09:02.0310 3952 nvpciflt - ok
10:09:02.0341 3952 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:09:02.0372 3952 nvraid - ok
10:09:02.0388 3952 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:09:02.0419 3952 nvstor - ok
10:09:02.0481 3952 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
10:09:02.0544 3952 nvsvc - ok
10:09:02.0637 3952 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:09:02.0715 3952 nvUpdatusService - ok
10:09:02.0746 3952 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:09:02.0778 3952 nv_agp - ok
10:09:02.0778 3952 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:09:02.0824 3952 ohci1394 - ok
10:09:02.0918 3952 [ 379F3CDCD9917135B7629FA90F87FD1D ] OODefragAgent C:\Program Files\OO Software\Defrag\oodag.exe
10:09:03.0043 3952 OODefragAgent - ok
10:09:03.0090 3952 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:03.0105 3952 ose - ok
10:09:03.0246 3952 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:09:03.0480 3952 osppsvc - ok
10:09:03.0526 3952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:09:03.0573 3952 p2pimsvc - ok
10:09:03.0589 3952 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:09:03.0636 3952 p2psvc - ok
10:09:03.0667 3952 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:09:03.0714 3952 Parport - ok
10:09:03.0745 3952 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:09:03.0776 3952 partmgr - ok
10:09:03.0807 3952 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:09:03.0854 3952 PcaSvc - ok
10:09:03.0901 3952 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:09:03.0932 3952 pci - ok
10:09:03.0948 3952 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:09:03.0979 3952 pciide - ok
10:09:04.0010 3952 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:09:04.0041 3952 pcmcia - ok
10:09:04.0104 3952 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:09:04.0135 3952 pcw - ok
10:09:04.0166 3952 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:09:04.0291 3952 PEAUTH - ok
10:09:04.0384 3952 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:09:04.0416 3952 PerfHost - ok
10:09:04.0478 3952 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:09:04.0650 3952 pla - ok
10:09:04.0696 3952 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:09:04.0743 3952 PlugPlay - ok
10:09:04.0806 3952 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:09:04.0837 3952 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:09:04.0837 3952 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:09:04.0852 3952 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:09:04.0899 3952 PNRPAutoReg - ok
10:09:04.0930 3952 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:09:04.0962 3952 PNRPsvc - ok
10:09:04.0993 3952 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:09:05.0071 3952 PolicyAgent - ok
10:09:05.0102 3952 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:09:05.0196 3952 Power - ok
10:09:05.0227 3952 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:09:05.0336 3952 PptpMiniport - ok
10:09:05.0367 3952 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:09:05.0398 3952 Processor - ok
10:09:05.0461 3952 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:09:05.0508 3952 ProfSvc - ok
10:09:05.0523 3952 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:09:05.0539 3952 ProtectedStorage - ok
10:09:05.0570 3952 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:09:05.0648 3952 Psched - ok
10:09:05.0695 3952 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:09:05.0835 3952 ql2300 - ok
10:09:05.0851 3952 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:09:05.0882 3952 ql40xx - ok
10:09:05.0913 3952 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:09:05.0960 3952 QWAVE - ok
10:09:05.0976 3952 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:09:06.0022 3952 QWAVEdrv - ok
10:09:06.0054 3952 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:09:06.0132 3952 RasAcd - ok
10:09:06.0178 3952 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:06.0272 3952 RasAgileVpn - ok
10:09:06.0303 3952 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:09:06.0397 3952 RasAuto - ok
10:09:06.0444 3952 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:06.0553 3952 Rasl2tp - ok
10:09:06.0600 3952 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:09:06.0709 3952 RasMan - ok
10:09:06.0756 3952 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:06.0834 3952 RasPppoe - ok
10:09:06.0865 3952 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:09:06.0958 3952 RasSstp - ok
10:09:07.0005 3952 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:09:07.0114 3952 rdbss - ok
10:09:07.0130 3952 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:07.0177 3952 rdpbus - ok
10:09:07.0208 3952 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:07.0302 3952 RDPCDD - ok
10:09:07.0317 3952 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:09:07.0411 3952 RDPENCDD - ok
10:09:07.0442 3952 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:09:07.0520 3952 RDPREFMP - ok
10:09:07.0582 3952 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:09:07.0598 3952 RdpVideoMiniport - ok
10:09:07.0629 3952 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:09:07.0692 3952 RDPWD - ok
10:09:07.0723 3952 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:09:07.0770 3952 rdyboost - ok
10:09:07.0816 3952 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:09:07.0910 3952 RemoteAccess - ok
10:09:07.0941 3952 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:09:08.0035 3952 RemoteRegistry - ok
10:09:08.0050 3952 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:09:08.0144 3952 RpcEptMapper - ok
10:09:08.0160 3952 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:09:08.0206 3952 RpcLocator - ok
10:09:08.0253 3952 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:09:08.0331 3952 RpcSs - ok
10:09:08.0394 3952 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:09:08.0487 3952 rspndr - ok
10:09:08.0550 3952 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
10:09:08.0565 3952 s0016bus - ok
10:09:08.0581 3952 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
10:09:08.0596 3952 s0016mdfl - ok
10:09:08.0612 3952 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
10:09:08.0628 3952 s0016mdm - ok
10:09:08.0643 3952 [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys
10:09:08.0690 3952 s0016mgmt - ok
10:09:08.0690 3952 [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys
10:09:08.0721 3952 s0016nd5 - ok
10:09:08.0721 3952 [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys
10:09:08.0752 3952 s0016obex - ok
10:09:08.0768 3952 [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys
10:09:08.0799 3952 s0016unic - ok
10:09:08.0815 3952 [ E0F0977CAAFDF719929C8CA02A1C5147 ] s115bus C:\Windows\system32\DRIVERS\s115bus.sys
10:09:08.0846 3952 s115bus - ok
10:09:08.0877 3952 [ 136328E6C3086A19EB3154058BC7B3A3 ] s115mdfl C:\Windows\system32\DRIVERS\s115mdfl.sys
10:09:08.0893 3952 s115mdfl - ok
10:09:08.0924 3952 [ 54552277DE7EAE1A2E108A4CFF7ABB07 ] s115mdm C:\Windows\system32\DRIVERS\s115mdm.sys
10:09:08.0940 3952 s115mdm - ok
10:09:08.0986 3952 [ E9B3966836CB9C2107264E44249267DF ] s115mgmt C:\Windows\system32\DRIVERS\s115mgmt.sys
10:09:09.0018 3952 s115mgmt - ok
10:09:09.0049 3952 [ F6AB3B6E35981C4F3FED4198D3F29674 ] s115obex C:\Windows\system32\DRIVERS\s115obex.sys
10:09:09.0064 3952 s115obex - ok
10:09:09.0096 3952 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:09:09.0111 3952 SamSs - ok
10:09:09.0174 3952 [ B7E1FF02C6A9BCDE9A34DE801E379844 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
10:09:09.0205 3952 SbieDrv - ok
10:09:09.0236 3952 [ 4B30590ABBBE4138BD4999FDF586AE53 ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
10:09:09.0252 3952 SbieSvc - ok
10:09:09.0283 3952 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:09:09.0314 3952 sbp2port - ok
10:09:09.0345 3952 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:09:09.0439 3952 SCardSvr - ok
10:09:09.0470 3952 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:09:09.0548 3952 scfilter - ok
10:09:09.0610 3952 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:09:09.0720 3952 Schedule - ok
10:09:09.0735 3952 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:09:09.0813 3952 SCPolicySvc - ok
10:09:09.0829 3952 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:09:09.0876 3952 sdbus - ok
10:09:09.0907 3952 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:09:09.0954 3952 SDRSVC - ok
10:09:09.0985 3952 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:09:10.0078 3952 secdrv - ok
10:09:10.0110 3952 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:09:10.0203 3952 seclogon - ok
10:09:10.0234 3952 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:09:10.0328 3952 SENS - ok
10:09:10.0344 3952 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:09:10.0390 3952 SensrSvc - ok
10:09:10.0406 3952 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:09:10.0453 3952 Serenum - ok
10:09:10.0468 3952 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:09:10.0515 3952 Serial - ok
10:09:10.0546 3952 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:09:10.0593 3952 sermouse - ok
10:09:10.0624 3952 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:09:10.0734 3952 SessionEnv - ok
10:09:10.0765 3952 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:09:10.0812 3952 sffdisk - ok
10:09:10.0858 3952 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:09:10.0890 3952 sffp_mmc - ok
10:09:10.0905 3952 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:09:10.0936 3952 sffp_sd - ok
10:09:10.0952 3952 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:09:10.0999 3952 sfloppy - ok
10:09:11.0061 3952 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:09:11.0139 3952 SharedAccess - ok
10:09:11.0186 3952 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:09:11.0280 3952 ShellHWDetection - ok
10:09:11.0342 3952 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
10:09:11.0389 3952 SiSGbeLH - ok
10:09:11.0389 3952 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:09:11.0420 3952 SiSRaid2 - ok
10:09:11.0436 3952 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:09:11.0467 3952 SiSRaid4 - ok
10:09:11.0529 3952 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:09:11.0592 3952 SkypeUpdate - ok
10:09:11.0607 3952 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:09:11.0716 3952 Smb - ok
10:09:11.0779 3952 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:09:11.0810 3952 snapman - ok
10:09:11.0826 3952 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:09:11.0872 3952 SNMPTRAP - ok
10:09:11.0950 3952 [ 1D8474722CDFFBB8FCA5FA12C50A05A2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:09:12.0091 3952 SNP2UVC - ok
10:09:12.0122 3952 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:09:12.0153 3952 spldr - ok
10:09:12.0184 3952 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:09:12.0231 3952 Spooler - ok
10:09:12.0325 3952 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:09:12.0528 3952 sppsvc - ok
10:09:12.0574 3952 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:09:12.0668 3952 sppuinotify - ok
10:09:12.0730 3952 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
10:09:12.0824 3952 sptd - ok
10:09:12.0871 3952 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:09:12.0949 3952 srv - ok
10:09:12.0980 3952 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:09:13.0058 3952 srv2 - ok
10:09:13.0105 3952 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:09:13.0152 3952 srvnet - ok
10:09:13.0198 3952 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:09:13.0292 3952 SSDPSRV - ok
10:09:13.0308 3952 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:09:13.0401 3952 SstpSvc - ok
10:09:13.0432 3952 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:09:13.0464 3952 stexstor - ok
10:09:13.0479 3952 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:09:13.0526 3952 StillCam - ok
10:09:13.0573 3952 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:09:13.0651 3952 stisvc - ok
10:09:13.0666 3952 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:09:13.0698 3952 swenum - ok
10:09:13.0729 3952 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:09:13.0807 3952 swprv - ok
10:09:13.0885 3952 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:09:13.0978 3952 SysMain - ok
10:09:14.0010 3952 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:09:14.0041 3952 TabletInputService - ok
10:09:14.0072 3952 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:09:14.0181 3952 TapiSrv - ok
10:09:14.0228 3952 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:09:14.0322 3952 TBS - ok
10:09:14.0384 3952 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:09:14.0556 3952 Tcpip - ok
10:09:14.0618 3952 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:09:14.0680 3952 TCPIP6 - ok
10:09:14.0727 3952 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:09:14.0790 3952 tcpipreg - ok
10:09:14.0821 3952 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:09:14.0852 3952 TDPIPE - ok
10:09:14.0946 3952 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:09:15.0055 3952 tdrpman273 - ok
10:09:15.0086 3952 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:09:15.0102 3952 TDTCP - ok
10:09:15.0148 3952 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:09:15.0242 3952 tdx - ok
10:09:15.0304 3952 [ 213723E1A736910C644B457DE6D095E2 ] TeamViewer5 C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
10:09:15.0320 3952 TeamViewer5 - ok
10:09:15.0367 3952 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:09:15.0382 3952 teamviewervpn - ok
10:09:15.0398 3952 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:09:15.0429 3952 TermDD - ok
10:09:15.0460 3952 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:09:15.0663 3952 TermService - ok
10:09:15.0694 3952 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:09:15.0741 3952 Themes - ok
10:09:15.0772 3952 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:09:15.0850 3952 THREADORDER - ok
10:09:15.0897 3952 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:09:15.0991 3952 timounter - ok
10:09:16.0053 3952 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:09:16.0147 3952 TrkWks - ok
10:09:16.0194 3952 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:09:16.0287 3952 TrustedInstaller - ok
10:09:16.0334 3952 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:16.0428 3952 tssecsrv - ok
10:09:16.0474 3952 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:09:16.0521 3952 TsUsbFlt - ok
10:09:16.0568 3952 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:09:16.0662 3952 tunnel - ok
10:09:16.0693 3952 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
10:09:16.0708 3952 TurboB - ok
10:09:16.0771 3952 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:09:16.0786 3952 TurboBoost - ok
10:09:16.0833 3952 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:09:16.0880 3952 uagp35 - ok
10:09:16.0911 3952 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:09:17.0020 3952 udfs - ok
10:09:17.0052 3952 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:09:17.0098 3952 UI0Detect - ok
10:09:17.0130 3952 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:09:17.0161 3952 uliagpkx - ok
10:09:17.0176 3952 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:09:17.0208 3952 umbus - ok
10:09:17.0239 3952 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:09:17.0286 3952 UmPass - ok
10:09:17.0379 3952 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:09:17.0473 3952 UNS ( UnsignedFile.Multi.Generic ) - warning
10:09:17.0473 3952 UNS - detected UnsignedFile.Multi.Generic (1)
10:09:17.0520 3952 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:09:17.0613 3952 upnphost - ok
10:09:17.0676 3952 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:09:17.0722 3952 usbaudio - ok
10:09:17.0754 3952 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:17.0785 3952 usbccgp - ok
10:09:17.0800 3952 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:09:17.0847 3952 usbcir - ok
10:09:17.0878 3952 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:09:17.0925 3952 usbehci - ok
10:09:17.0956 3952 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:09:17.0988 3952 usbhub - ok
10:09:18.0003 3952 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:09:18.0034 3952 usbohci - ok
10:09:18.0050 3952 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:09:18.0081 3952 usbprint - ok
10:09:18.0097 3952 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:09:18.0159 3952 USBSTOR - ok
10:09:18.0159 3952 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:09:18.0206 3952 usbuhci - ok
10:09:18.0222 3952 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:09:18.0284 3952 usbvideo - ok
10:09:18.0315 3952 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:09:18.0393 3952 UxSms - ok
10:09:18.0424 3952 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:09:18.0440 3952 VaultSvc - ok
10:09:18.0456 3952 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:09:18.0487 3952 vdrvroot - ok
10:09:18.0518 3952 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:09:18.0627 3952 vds - ok
10:09:18.0658 3952 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:18.0690 3952 vga - ok
10:09:18.0705 3952 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:09:18.0814 3952 VgaSave - ok
10:09:18.0846 3952 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:09:18.0877 3952 vhdmp - ok
10:09:18.0908 3952 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:09:18.0924 3952 viaide - ok
10:09:18.0955 3952 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:09:18.0986 3952 volmgr - ok
10:09:19.0017 3952 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:09:19.0048 3952 volmgrx - ok
10:09:19.0080 3952 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:09:19.0126 3952 volsnap - ok
10:09:19.0189 3952 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:09:19.0220 3952 vpnagent - ok
10:09:19.0251 3952 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:09:19.0267 3952 vpnva - ok
10:09:19.0298 3952 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:09:19.0345 3952 vsmraid - ok
10:09:19.0407 3952 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:09:19.0548 3952 VSS - ok
10:09:19.0563 3952 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:19.0626 3952 vwifibus - ok
10:09:19.0672 3952 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:19.0735 3952 vwififlt - ok
10:09:19.0766 3952 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:09:19.0813 3952 vwifimp - ok
10:09:19.0860 3952 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:09:19.0938 3952 W32Time - ok
10:09:19.0969 3952 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:09:20.0000 3952 WacomPen - ok
10:09:20.0047 3952 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0140 3952 WANARP - ok
10:09:20.0140 3952 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0218 3952 Wanarpv6 - ok
10:09:20.0296 3952 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:20.0374 3952 WatAdminSvc - ok
10:09:20.0437 3952 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:09:20.0546 3952 wbengine - ok
10:09:20.0577 3952 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:09:20.0624 3952 WbioSrvc - ok
10:09:20.0671 3952 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:09:20.0718 3952 wcncsvc - ok
10:09:20.0733 3952 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:09:20.0780 3952 WcsPlugInService - ok
10:09:20.0827 3952 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:09:20.0842 3952 Wd - ok
10:09:20.0905 3952 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:09:20.0983 3952 Wdf01000 - ok
10:09:21.0014 3952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:09:21.0123 3952 WdiServiceHost - ok
10:09:21.0123 3952 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:09:21.0170 3952 WdiSystemHost - ok
10:09:21.0201 3952 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:09:21.0279 3952 WebClient - ok
10:09:21.0295 3952 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:09:21.0420 3952 Wecsvc - ok
10:09:21.0451 3952 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:09:21.0544 3952 wercplsupport - ok
10:09:21.0576 3952 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:09:21.0669 3952 WerSvc - ok
10:09:21.0700 3952 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:21.0778 3952 WfpLwf - ok
10:09:21.0825 3952 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
10:09:21.0872 3952 WimFltr - ok
10:09:21.0903 3952 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:09:21.0934 3952 WIMMount - ok
10:09:21.0981 3952 WinDefend - ok
10:09:21.0997 3952 WinHttpAutoProxySvc - ok
10:09:22.0044 3952 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:09:22.0122 3952 Winmgmt - ok
10:09:22.0200 3952 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:09:22.0371 3952 WinRM - ok
10:09:22.0434 3952 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:22.0496 3952 WinUsb - ok
10:09:22.0543 3952 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:09:22.0636 3952 Wlansvc - ok
10:09:22.0714 3952 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:09:22.0839 3952 wlidsvc - ok
10:09:22.0870 3952 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:09:22.0917 3952 WmiAcpi - ok
10:09:22.0948 3952 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:09:22.0995 3952 wmiApSrv - ok
10:09:23.0026 3952 WMPNetworkSvc - ok
10:09:23.0058 3952 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:09:23.0120 3952 WPCSvc - ok
10:09:23.0151 3952 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:09:23.0182 3952 WPDBusEnum - ok
10:09:23.0229 3952 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:09:23.0323 3952 ws2ifsl - ok
10:09:23.0354 3952 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:09:23.0385 3952 wscsvc - ok
10:09:23.0401 3952 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:09:23.0448 3952 WSDPrintDevice - ok
10:09:23.0448 3952 WSearch - ok
10:09:23.0541 3952 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:09:23.0666 3952 wuauserv - ok
10:09:23.0697 3952 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:09:23.0728 3952 WudfPf - ok
10:09:23.0775 3952 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:23.0822 3952 WUDFRd - ok
10:09:23.0853 3952 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:09:23.0900 3952 wudfsvc - ok
10:09:23.0931 3952 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:09:23.0994 3952 WwanSvc - ok
10:09:24.0025 3952 ================ Scan global ===============================
10:09:24.0072 3952 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:09:24.0103 3952 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0118 3952 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:09:24.0150 3952 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:09:24.0181 3952 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:09:24.0196 3952 [Global] - ok
10:09:24.0196 3952 ================ Scan MBR ==================================
10:09:24.0992 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:25.0179 3952 \Device\Harddisk3\DR4 - ok
10:09:25.0226 3952 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:09:25.0678 3952 \Device\Harddisk0\DR0 - ok
10:09:25.0678 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
10:09:26.0224 3952 \Device\Harddisk1\DR1 - ok
10:09:26.0224 3952 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR3
10:09:31.0014 3952 \Device\Harddisk2\DR3 - ok
10:09:31.0029 3952 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR4
10:09:31.0216 3952 \Device\Harddisk3\DR4 - ok
10:09:31.0216 3952 ================ Scan VBR ==================================
10:09:31.0216 3952 [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0216 3952 \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0279 3952 [ C1EFB675B04D3E0FEFEB0B2A9E55B3D3 ] \Device\Harddisk0\DR0\Partition1
10:09:31.0279 3952 \Device\Harddisk0\DR0\Partition1 - ok
10:09:31.0294 3952 [ E8FBD723A8500F903E608DCF5B339629 ] \Device\Harddisk0\DR0\Partition2
10:09:31.0294 3952 \Device\Harddisk0\DR0\Partition2 - ok
10:09:31.0310 3952 [ 8E37C8177012DCDC8A81A9657CA7B97F ] \Device\Harddisk1\DR1\Partition1
10:09:31.0310 3952 \Device\Harddisk1\DR1\Partition1 - ok
10:09:31.0310 3952 [ 364BE6FAD58CE19E8C0B3E4A5C363247 ] \Device\Harddisk2\DR3\Partition1
10:09:31.0326 3952 \Device\Harddisk2\DR3\Partition1 - ok
10:09:31.0326 3952 [ BFC6A270BBB5D6E1276D41A79FD24FE0 ] \Device\Harddisk3\DR4\Partition1
10:09:31.0326 3952 \Device\Harddisk3\DR4\Partition1 - ok
10:09:31.0326 3952 ============================================================
10:09:31.0326 3952 Scan finished
10:09:31.0326 3952 ============================================================
10:09:31.0357 6536 Detected object count: 5
10:09:31.0357 6536 Actual detected object count: 5
10:18:10.0916 6536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0916 6536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0916 6536 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:10.0931 6536 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:18:10.0931 6536 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.03.2013, 15:26
| #14 |
| /// Helfer-Team | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Sehr gut! damit bist Du sauber und entlassen!  adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
|
26.03.2013, 16:05
| #15 |
| | Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. Ok, super, dass ich "clean" bin. ;-) Tool-Bereinigung mit OTL: done Systemwiederherstellung geleert: done ABER: Da ich Firefox aber seit dem letzten Windows Update nur im abgesicherten Modus starten kann, kann ich nicht auf die Sicherheits-Zonen zurücksetzen. |
|
| Themen zu Trojaner Zbot/ZbotR + TR/PSW.Fareit + Yontoo.Gen + TR/Agent.kdz u.a. |
| 1clickdownload, adobe reader xi, antivir, avg, avira, bho, bingbar, converter, error, fehler, firefox, flash player, format, helper, home, hängen, install.exe, intranet, libusb0.sys, logfile, mozilla, msiinstaller, nvpciflt.sys, officejet, plug-in, programm, registry, required, richtlinie, rundll, scan, security, software, starten, svchost.exe, trojaner, windows |
Linear-Darstellung
