| |
| |||||||
Log-Analyse und Auswertung: Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder startenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2013, 03:08
| #1 |
| |  Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Hallo zusammen habe von meiner Nachbarin einen PC bekommen soweit ich konnte hab ich den PC wieder zum laufen bekommen leider bekomme ich es nicht fertig den Sicherheitsdienst bzw. den Windows-Verwaltungsinstrumentation Dienst wieder zu starten. Infizierte Dateien wurde soweit gefunden gelöscht Java wurde Temp gelehrt und AVG findet nichts mehr. Gescannt habe wie in einem Thread zuvor angegeben mit Malwarebytes Anti-Malware und OTL wobei er bei Malwarebytes doch noch was gefunden hat sie Log. Auch reagiert das System sehr träge. Die Kinderschutzsoftware von Salfeld ist gewünscht ! Danke schon einmal für die Hilfe P.S. 2 Logs hab ich als rar angehängt da er mir die Dateien sonst nicht uppen lies |
|
29.04.2013, 07:10
| #2 |
| /// Malwareteam    | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Windows nochmal drüber installiert und gehofft, das MBAM alles findet?
__________________WAS genau hast du gemacht? WAS wurde entfernt? Bitte zippe mir ALLE Logfiles von MBAM und hänge sie als zip hier an. Außerdem eine möglichst detaillierte Auflistung, welche Maßnhamen bisher unternommen wurden.
__________________ |
|
29.04.2013, 13:36
| #3 |
| | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Befallen "war" der Computer mit : Bundespolizei, National Cyber Crimes Unit -Scareware
__________________ich bitte zu entschuldigen dass ich keine genauere Angaben machen kann da ich mich auf das entfernen konzentriert habe und leider auf die Dokumentation dabei verzichtet hatte. -Mit AVG Rescue CD wurde gescannt (aktuelle Updates wurden geladen) 6 Funde (einer war in einem Java Ordner)wurde entfernt Protokoll wurde leider keins angelegt. - Befallenes System wurde dann im abgesicherten Modus gestartet und alle Dienste Systemstarts deaktiviert außer den MS Diensten. - normaler Neustart mit 2 Fehlermeldungen Anwendungen konnten nicht gestartet werden Namen nicht mehr bekannt. - Windows Systemwiederherstellung deaktiviert. - Das schon bereits installierte Norton 360 geupdatet und vollen Systemscan druchgeführt keine Funde. - Währendessen : - Java - > Temp : gelöscht - Java - > geupdatet ältere Installationen entfernt. - Revo Uninstaller, Tuneup 2013 Testversion, CCleaner installiert - angefangen unnötige Programme "Ask Toolbar" "Bing bar" usw. mit revo uninstaller zu entferenen. - Registrierung mit Tuneup gescannt und "bereinigt" leider sind die Details nicht mir im Tuneuprescue Center. - Neustart ohne Fehlermeldung. Aber sehr träge. - Nachdem der Sonarschutz von Norton sich deaktivierte und Supportcenter mit Fehlern abbrach. deinstallation von Norton 360 und AVG Free Antivirus installiert - Angefangen Dienste zu überprüfen : - Benutzerkontensteuerung wieder aktiviert. - Sicherheitscenter versucht zu starten : Fehlermeldung 1068: Der Abhängingkeitsdienst oder Abhängigkeitsgruppe konnte nicht gestartet werden - Ereignisse gelöscht neu gestart. - Ereignissprotokoll durchforstet und Windowsverwaltungsinstrumentation als Fehler für Sicherheitscenter gefunden. - Windowsverwaltungsinstrumentation versucht zu starten : Fehler 126: Das angegebene Modul wurde nicht gefunden - Nach Lösungen gesucht und auf euer Forum gestoßen :-) - Wie in einem Thread zuvor oben angegebene Schritte gemacht. MBAM und OTL siehe Logs. P.S. in OTL.rar ist die 2te Log von MBAM Mittlerweile veruscht mit Windows Upgrade System wieder herstellen bricht aber leider mit der Meldung ab das das installierte Windows neuer ist. Geändert von Speedbones (29.04.2013 um 13:42 Uhr) Grund: ergänzung |
|
29.04.2013, 13:49
| #4 |
| /// Malwareteam | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: Custom scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 3: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
29.04.2013, 16:27
| #5 |
| | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Also hab jetzt alles wie oben beschrieben ausgeführt. Nur aswMBR Scan bricht er mir wenn er C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStuidoTools.Applications aber mit der Meldung aswMBR frunktoniert nicht mehr. Hab den Schritt nochmal im "abgesicherter Modus mit Eingabeaufforderung" durchgeführt und konnte dort wenigstens das Log bis zum Ansturz speichern. OTL : Code:
ATTFilter OTL logfile created on: 29.04.2013 16:41:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manuela\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,02% Memory free 3,50 Gb Paging File | 2,14 Gb Available in Paging File | 61,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 351,74 Gb Free Space | 75,52% Space Free | Partition Type: NTFS Computer Name: MANUELA-PC | User Name: Manuela | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Manuela\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer) PRC - C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) PRC - C:\Windows\System32\cchservice.exe (Salfeld Computer) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () ========== Services (SafeList) ========== SRV - (Winmgmt) -- C:\PROGRA~2\1je4o.dat File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (Windows-CCHook-Service) -- C:\Windows\System32\cchservice.exe (Salfeld Computer) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ksupmgr) -- C:\Windows\System32\ksupmgr.exe () ========== Driver Services (SafeList) ========== DRV - (cpuz132) -- C:\Users\ADMINI~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SipIMNDI) -- C:\Windows\System32\drivers\SipIMNDI.sys (T-Systems International GmbH) DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bserd) -- C:\Windows\System32\drivers\ss_bserd.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (VMUVC) -- C:\Windows\System32\drivers\VMUVC.sys (Vimicro Corporation) DRV - (vvftUVC) -- C:\Windows\System32\drivers\vvftUVC.sys (Vimicro Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.wortmann.de IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 9F 20 9C 7A 9D CC 01 [binary data] IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes,DefaultScope = {9B10233B-AC09-49B9-8B63-4E5A5642D470} IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{6E17CA7D-67F7-48C8-A3B2-9449C2E0BD1C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=7F6C5DC1-444B-47D3-8F3D-E4445E3AB187&apn_sauid=D4E0E3C9-13EE-4AEE-8840-AAD495BA4C0C IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\SearchScopes\{9B10233B-AC09-49B9-8B63-4E5A5642D470}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 21:49:32 | 000,000,000 | ---D | M] [2013.04.28 21:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\Extensions [2013.04.28 23:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\Firefox\Profiles\hgddy3qq.default\extensions [2013.04.28 23:47:02 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manuela\AppData\Roaming\mozilla\firefox\profiles\hgddy3qq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.28 21:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Ask Toolbar = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.36218_0\ CHR - Extension: YouTube = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\Manuela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found. O3 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-3883231393-2963448492-3018279876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F45DCB1A-DE08-488A-AB2E-79A94513086B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\pccompanion.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{b4e1339b-00f1-11df-996c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b4e1339b-00f1-11df-996c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: winmgmt - C:\PROGRA~2\1je4o.dat File not found MsConfig - StartUpFolder: C:^Users^Manuela^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^msconfig.lnk - - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2013.04.29 16:37:40 | 000,000,000 | ---D | C] -- C:\Users\Manuela\Desktop\Gesendet [2013.04.29 14:58:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Manuela\Desktop\tdsskiller.exe [2013.04.29 14:52:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Manuela\Desktop\aswMBR.exe [2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\WinRAR [2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.04.29 04:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.04.29 04:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.04.29 03:01:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.29 02:03:39 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Malwarebytes [2013.04.29 02:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.29 02:03:22 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.29 02:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.29 02:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.29 02:03:09 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Programs [2013.04.29 01:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.29 01:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.04.29 01:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2013.04.29 01:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.29 01:13:17 | 000,000,000 | ---D | C] -- C:\AMD [2013.04.29 00:49:48 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys [2013.04.29 00:49:48 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\eSupport.com [2013.04.29 00:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.04.29 00:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.29 00:14:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe [2013.04.28 22:58:42 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2013.04.28 22:58:41 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2013.04.28 22:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.04.28 22:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013 [2013.04.28 22:49:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.04.28 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Mozilla [2013.04.28 21:49:58 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Mozilla [2013.04.28 21:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.28 21:14:36 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\AVG2013 [2013.04.28 21:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.04.28 21:12:29 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.04.28 21:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.04.28 21:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2013.04.28 21:10:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\MFAData [2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.04.28 21:10:29 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Avg2013 [2013.04.28 20:56:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.04.28 20:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013.04.28 20:11:54 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013.04.28 19:52:18 | 000,000,000 | ---D | C] -- C:\Users\Manuela\AppData\Local\Symantec [2013.04.28 12:07:47 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.27 23:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.04.08 09:25:54 | 000,025,200 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2013.04.08 09:25:54 | 000,012,400 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2013.04.08 08:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson [2013.04.08 08:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson ========== Files - Modified Within 30 Days ========== [2013.04.29 16:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.29 16:25:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 16:25:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.29 16:18:32 | 000,000,161 | ---- | M] () -- C:\Windows\System32\swctl.dll [2013.04.29 16:18:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.29 14:58:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Manuela\Desktop\tdsskiller.exe [2013.04.29 14:53:36 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Manuela\Desktop\aswMBR.exe [2013.04.29 12:52:24 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml [2013.04.29 12:52:24 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml [2013.04.29 12:51:35 | 000,002,888 | ---- | M] () -- C:\Users\Manuela\Desktop\Windows-Kompatibilitätsbericht.htm [2013.04.29 04:02:49 | 000,090,204 | ---- | M] () -- C:\Users\Manuela\Desktop\OTL.rar [2013.04.29 02:03:23 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 00:50:18 | 000,000,796 | ---- | M] () -- C:\Users\Manuela\Desktop\Find Drivers with DriverAgent.lnk [2013.04.29 00:49:48 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\Windows\System32\drivers\DrvAgent32.sys [2013.04.29 00:35:07 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.29 00:14:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuela\Desktop\OTL.exe [2013.04.28 23:51:44 | 000,419,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.28 23:50:22 | 000,004,197 | -H-- | M] () -- C:\NET.INI [2013.04.28 23:43:11 | 000,007,629 | ---- | M] () -- C:\Users\Manuela\AppData\Local\Resmon.ResmonCfg [2013.04.28 23:33:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.28 23:33:27 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.28 22:56:46 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.28 22:56:46 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.28 20:23:06 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.28 20:11:54 | 000,001,233 | ---- | M] () -- C:\Users\Manuela\Desktop\Revo Uninstaller.lnk [2013.04.27 23:14:04 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv [2013.04.27 12:04:56 | 095,023,320 | ---- | M] () -- C:\ProgramData\o4ej1.pad [2013.04.19 16:01:39 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.19 16:01:39 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.19 16:01:39 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.19 16:01:39 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.19 15:59:36 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.15 17:10:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf [2013.04.15 17:10:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf [2013.04.12 15:42:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.11 18:34:37 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2013.04.08 09:25:54 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggsemc.sys [2013.04.08 09:25:54 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\ggflt.sys [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013.04.29 12:42:49 | 000,002,888 | ---- | C] () -- C:\Users\Manuela\Desktop\Windows-Kompatibilitätsbericht.htm [2013.04.29 12:36:09 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml [2013.04.29 12:36:09 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml [2013.04.29 04:02:49 | 000,090,204 | ---- | C] () -- C:\Users\Manuela\Desktop\OTL.rar [2013.04.29 02:03:23 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.29 00:50:18 | 000,000,796 | ---- | C] () -- C:\Users\Manuela\Desktop\Find Drivers with DriverAgent.lnk [2013.04.29 00:35:07 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.28 23:51:30 | 000,419,456 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.28 23:04:54 | 000,007,629 | ---- | C] () -- C:\Users\Manuela\AppData\Local\Resmon.ResmonCfg [2013.04.28 22:56:46 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2013.04.28 22:56:46 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2013.04.28 22:56:44 | 000,002,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.04.28 21:49:39 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.28 20:56:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.28 20:23:06 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.04.28 20:11:54 | 000,001,233 | ---- | C] () -- C:\Users\Manuela\Desktop\Revo Uninstaller.lnk [2013.04.19 16:06:33 | 095,023,320 | ---- | C] () -- C:\ProgramData\o4ej1.pad [2013.04.19 15:59:36 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.15 17:10:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01009.Wdf [2013.04.15 17:10:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ggflt_01009.Wdf [2012.11.16 21:53:26 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.11.16 21:53:26 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.04.18 18:39:06 | 000,028,672 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.01.25 19:37:39 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.06.20 17:49:02 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.03.14 19:53:10 | 000,000,025 | ---- | C] () -- C:\Users\Manuela\AppData\Roaming\bdfvconp.ini [2010.01.14 15:41:00 | 000,001,024 | ---- | C] () -- C:\Users\Manuela\.rnd ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.28 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\AVG2013 [2010.01.14 13:11:00 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\BitDefender [2010.01.20 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TeamViewer [2011.04.27 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\Tific [2013.04.28 22:53:06 | 000,000,000 | ---D | M] -- C:\Users\Manuela\AppData\Roaming\TuneUp Software [2013.02.22 17:53:58 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\.minecraft [2010.01.20 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\BitDefender [2011.08.27 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\HU2011 [2013.01.15 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Sony [2012.01.23 16:06:41 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Template [2010.01.20 14:06:09 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\TuneUp Software [2012.12.08 18:40:50 | 000,000,000 | ---D | M] -- C:\Users\Sven\AppData\Roaming\Unity ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.04.28 21:12:29 | 000,000,000 | -H-D | M] -- C:\$AVG [2013.04.28 17:55:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.04.29 01:13:18 | 000,000,000 | ---D | M] -- C:\AMD [2013.04.29 00:44:09 | 000,000,000 | -HSD | M] -- C:\Boot [2013.04.29 03:09:20 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2010.03.11 15:04:25 | 000,000,000 | ---D | M] -- C:\dafa9f63177c8d91e1431e [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.01.14 12:15:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.04.28 11:42:47 | 000,000,000 | ---D | M] -- C:\INST [2010.01.20 14:26:47 | 000,000,000 | ---D | M] -- C:\MAGIX [2012.01.23 20:28:05 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.04.29 04:02:14 | 000,000,000 | R--D | M] -- C:\Program Files [2013.04.29 03:07:06 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.01.14 12:15:26 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.14 12:15:27 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.04.29 03:15:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.10.16 20:01:46 | 000,000,000 | ---D | M] -- C:\temp [2013.04.28 19:53:42 | 000,000,000 | R--D | M] -- C:\Users [2013.04.29 15:21:58 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-04-29 01:01:32 < > [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2012.06.09 13:19:54 | 000,001,090 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.06.09 13:19:56 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.07.21 15:15:39 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < End of report > Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 17:01:12
-----------------------------
17:01:12.405 OS Version: Windows 6.1.7601 Service Pack 1
17:01:12.405 Number of processors: 2 586 0x602
17:01:12.405 ComputerName: MANUELA-PC UserName: Manuela
17:01:13.481 Initialize success
17:01:27.053 AVAST engine defs: 13042900
17:01:33.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:33.823 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
17:01:33.948 Disk 0 MBR read successfully
17:01:33.948 Disk 0 MBR scan
17:01:33.948 Disk 0 Windows 7 default MBR code
17:01:33.948 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
17:01:33.964 Disk 0 scanning sectors +976771056
17:01:34.042 Disk 0 scanning C:\Windows\system32\drivers
17:01:44.291 Service scanning
17:02:02.824 Modules scanning
17:02:06.022 Disk 0 trace - called modules:
17:02:06.053 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:02:06.053 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85891740]
17:02:06.069 3 CLASSPNP.SYS[8879a59e] -> nt!IofCallDriver -> [0x853eb900]
17:02:06.069 5 ACPI.sys[881ba3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857a0908]
17:02:07.442 AVAST engine scan C:\Windows
17:02:10.234 AVAST engine scan C:\Windows\system32
17:02:27.363 Disk 0 MBR has been saved successfully to "C:\Users\Manuela\Desktop\MBR.dat"
17:02:27.378 The log file has been saved successfully to "C:\Users\Manuela\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-29 17:08:13
-----------------------------
17:08:13.245 OS Version: Windows 6.1.7601 Service Pack 1
17:08:13.245 Number of processors: 2 586 0x602
17:08:13.245 ComputerName: MANUELA-PC UserName: Manuela
17:08:13.962 Initialize success
17:08:29.250 AVAST engine defs: 13042900
17:08:34.695 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:08:34.695 Disk 0 Vendor: WDC_WD5000AADS-00M2B0 01.00A01 Size: 476940MB BusType: 3
17:08:34.773 Disk 0 MBR read successfully
17:08:34.788 Disk 0 MBR scan
17:08:34.788 Disk 0 Windows 7 default MBR code
17:08:34.788 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
17:08:34.788 Disk 0 scanning sectors +976771056
17:08:34.851 Disk 0 scanning C:\Windows\system32\drivers
17:08:45.818 Service scanning
17:09:13.352 Modules scanning
17:09:15.489 Disk 0 trace - called modules:
17:09:15.505 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:09:15.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c7f8f0]
17:09:15.536 3 CLASSPNP.SYS[879af59e] -> nt!IofCallDriver -> [0x847db860]
17:09:15.536 5 ACPI.sys[8762a3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x847d1908]
17:09:16.721 AVAST engine scan C:\Windows
17:09:19.217 AVAST engine scan C:\Windows\system32
17:11:14.174 Disk 0 MBR has been saved successfully to "C:\Users\Manuela\Desktop\MBR.dat"
17:11:14.190 The log file has been saved successfully to "C:\Users\Manuela\Desktop\aswMBR.txt"
|
|
29.04.2013, 16:27
| #6 |
| | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten tdskiller : Code:
ATTFilter 17:15:20.0396 0208 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:15:20.0818 0208 ============================================================
17:15:20.0818 0208 Current date / time: 2013/04/29 17:15:20.0818
17:15:20.0818 0208 SystemInfo:
17:15:20.0818 0208
17:15:20.0818 0208 OS Version: 6.1.7601 ServicePack: 1.0
17:15:20.0818 0208 Product type: Workstation
17:15:20.0818 0208 ComputerName: MANUELA-PC
17:15:20.0818 0208 UserName: Manuela
17:15:20.0818 0208 Windows directory: C:\Windows
17:15:20.0818 0208 System windows directory: C:\Windows
17:15:20.0818 0208 Processor architecture: Intel x86
17:15:20.0818 0208 Number of processors: 2
17:15:20.0818 0208 Page size: 0x1000
17:15:20.0818 0208 Boot type: Normal boot
17:15:20.0818 0208 ============================================================
17:15:22.0534 0208 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:15:22.0565 0208 ============================================================
17:15:22.0565 0208 \Device\Harddisk0\DR0:
17:15:22.0565 0208 MBR partitions:
17:15:22.0565 0208 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384FF0
17:15:22.0565 0208 ============================================================
17:15:22.0627 0208 C: <-> \Device\Harddisk0\DR0\Partition1
17:15:22.0627 0208 ============================================================
17:15:22.0627 0208 Initialize success
17:15:22.0627 0208 ============================================================
17:15:24.0858 0196 ============================================================
17:15:24.0858 0196 Scan started
17:15:24.0858 0196 Mode: Manual;
17:15:24.0858 0196 ============================================================
17:15:25.0966 0196 ================ Scan system memory ========================
17:15:25.0966 0196 System memory - ok
17:15:25.0966 0196 ================ Scan services =============================
17:15:26.0122 0196 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:15:26.0137 0196 1394ohci - ok
17:15:26.0169 0196 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:15:26.0169 0196 ACPI - ok
17:15:26.0184 0196 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:15:26.0184 0196 AcpiPmi - ok
17:15:26.0293 0196 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:15:26.0293 0196 AdobeARMservice - ok
17:15:26.0340 0196 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:15:26.0340 0196 AdobeFlashPlayerUpdateSvc - ok
17:15:26.0387 0196 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:15:26.0387 0196 adp94xx - ok
17:15:26.0418 0196 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:15:26.0418 0196 adpahci - ok
17:15:26.0465 0196 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:15:26.0496 0196 adpu320 - ok
17:15:26.0512 0196 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:15:26.0527 0196 AeLookupSvc - ok
17:15:26.0543 0196 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:15:26.0543 0196 AFD - ok
17:15:26.0574 0196 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:15:26.0574 0196 agp440 - ok
17:15:26.0590 0196 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:15:26.0590 0196 aic78xx - ok
17:15:26.0605 0196 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:15:26.0605 0196 ALG - ok
17:15:26.0637 0196 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:15:26.0652 0196 aliide - ok
17:15:26.0683 0196 [ F9491B157A8CD70557745FA0312C1EEE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:15:26.0683 0196 AMD External Events Utility - ok
17:15:26.0699 0196 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:15:26.0699 0196 amdagp - ok
17:15:26.0761 0196 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:15:26.0761 0196 amdide - ok
17:15:26.0777 0196 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:15:26.0777 0196 AmdK8 - ok
17:15:27.0651 0196 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:15:27.0838 0196 amdkmdag - ok
17:15:27.0916 0196 [ 3DEA9B1D1B274C739C9367FB1E56185F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:15:27.0916 0196 amdkmdap - ok
17:15:27.0931 0196 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:15:27.0947 0196 AmdPPM - ok
17:15:27.0978 0196 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:15:27.0978 0196 amdsata - ok
17:15:27.0978 0196 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:15:27.0994 0196 amdsbs - ok
17:15:28.0009 0196 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:15:28.0009 0196 amdxata - ok
17:15:28.0025 0196 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:15:28.0041 0196 AppID - ok
17:15:28.0056 0196 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:15:28.0056 0196 AppIDSvc - ok
17:15:28.0103 0196 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:15:28.0103 0196 Appinfo - ok
17:15:28.0103 0196 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:15:28.0103 0196 arc - ok
17:15:28.0134 0196 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:15:28.0134 0196 arcsas - ok
17:15:28.0165 0196 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:15:28.0165 0196 AsyncMac - ok
17:15:28.0181 0196 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:15:28.0181 0196 atapi - ok
17:15:28.0618 0196 [ F53B89A4B976B534DAA8AEDAFEAF8EA3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:15:28.0665 0196 atikmdag - ok
17:15:28.0789 0196 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:15:28.0805 0196 AudioEndpointBuilder - ok
17:15:28.0821 0196 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:15:28.0821 0196 Audiosrv - ok
17:15:29.0242 0196 [ 0D8244A9DB70BC6C36E2FB56F6039AB6 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
17:15:29.0289 0196 AVGIDSAgent - ok
17:15:29.0351 0196 [ 1A2213B7D94944861449CB07BF2D099E ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:15:29.0367 0196 AVGIDSDriver - ok
17:15:29.0398 0196 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
17:15:29.0413 0196 AVGIDSHX - ok
17:15:29.0445 0196 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:15:29.0445 0196 AVGIDSShim - ok
17:15:29.0491 0196 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
17:15:29.0491 0196 Avgldx86 - ok
17:15:29.0523 0196 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
17:15:29.0523 0196 Avglogx - ok
17:15:29.0569 0196 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
17:15:29.0601 0196 Avgmfx86 - ok
17:15:29.0679 0196 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
17:15:29.0710 0196 Avgrkx86 - ok
17:15:29.0772 0196 [ 52448A41CF1769CB3627677A0509627B ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
17:15:29.0835 0196 Avgtdix - ok
17:15:29.0913 0196 [ DC98337F0D2A9F6C0B6FB682297ECE3B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
17:15:29.0928 0196 avgwd - ok
17:15:29.0959 0196 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:15:29.0959 0196 AxInstSV - ok
17:15:29.0975 0196 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:15:29.0975 0196 b06bdrv - ok
17:15:30.0006 0196 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:15:30.0006 0196 b57nd60x - ok
17:15:30.0053 0196 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:15:30.0069 0196 BDESVC - ok
17:15:30.0084 0196 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:15:30.0084 0196 Beep - ok
17:15:30.0131 0196 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:15:30.0131 0196 BFE - ok
17:15:30.0162 0196 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:15:30.0193 0196 BITS - ok
17:15:30.0225 0196 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:15:30.0225 0196 blbdrive - ok
17:15:30.0256 0196 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:15:30.0256 0196 bowser - ok
17:15:30.0287 0196 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:15:30.0287 0196 BrFiltLo - ok
17:15:30.0287 0196 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:15:30.0287 0196 BrFiltUp - ok
17:15:30.0334 0196 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:15:30.0334 0196 Browser - ok
17:15:30.0365 0196 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:15:30.0365 0196 Brserid - ok
17:15:30.0381 0196 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:15:30.0381 0196 BrSerWdm - ok
17:15:30.0396 0196 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:15:30.0396 0196 BrUsbMdm - ok
17:15:30.0412 0196 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:15:30.0412 0196 BrUsbSer - ok
17:15:30.0443 0196 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:15:30.0443 0196 BTHMODEM - ok
17:15:30.0474 0196 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:15:30.0474 0196 bthserv - ok
17:15:30.0490 0196 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:15:30.0490 0196 cdfs - ok
17:15:30.0521 0196 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:15:30.0552 0196 cdrom - ok
17:15:30.0583 0196 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:15:30.0583 0196 CertPropSvc - ok
17:15:30.0599 0196 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:15:30.0599 0196 circlass - ok
17:15:30.0630 0196 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:15:30.0630 0196 CLFS - ok
17:15:30.0849 0196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:15:30.0911 0196 clr_optimization_v2.0.50727_32 - ok
17:15:31.0098 0196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:15:31.0597 0196 clr_optimization_v4.0.30319_32 - ok
17:15:31.0644 0196 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:15:31.0675 0196 CmBatt - ok
17:15:31.0769 0196 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:15:31.0769 0196 cmdide - ok
17:15:31.0878 0196 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:15:31.0878 0196 CNG - ok
17:15:31.0941 0196 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:15:31.0956 0196 Compbatt - ok
17:15:32.0003 0196 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:15:32.0003 0196 CompositeBus - ok
17:15:32.0019 0196 COMSysApp - ok
17:15:32.0050 0196 cpuz132 - ok
17:15:32.0081 0196 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:15:32.0097 0196 crcdisk - ok
17:15:32.0143 0196 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:15:32.0143 0196 CryptSvc - ok
17:15:32.0190 0196 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:15:32.0190 0196 DcomLaunch - ok
17:15:32.0237 0196 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:15:32.0237 0196 defragsvc - ok
17:15:32.0284 0196 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:15:32.0299 0196 DfsC - ok
17:15:32.0346 0196 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:15:32.0362 0196 Dhcp - ok
17:15:32.0424 0196 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:15:32.0440 0196 discache - ok
17:15:32.0440 0196 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:15:32.0440 0196 Disk - ok
17:15:32.0487 0196 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:15:32.0502 0196 Dnscache - ok
17:15:32.0580 0196 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:15:32.0596 0196 dot3svc - ok
17:15:32.0674 0196 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:15:32.0674 0196 DPS - ok
17:15:32.0705 0196 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:15:32.0705 0196 drmkaud - ok
17:15:32.0752 0196 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
17:15:32.0752 0196 DrvAgent32 - ok
17:15:32.0939 0196 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:15:32.0970 0196 DXGKrnl - ok
17:15:33.0001 0196 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:15:33.0017 0196 EapHost - ok
17:15:33.0547 0196 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:15:33.0594 0196 ebdrv - ok
17:15:33.0625 0196 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:15:33.0625 0196 EFS - ok
17:15:33.0735 0196 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:15:33.0750 0196 ehRecvr - ok
17:15:33.0781 0196 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:15:33.0813 0196 ehSched - ok
17:15:33.0891 0196 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:15:33.0891 0196 elxstor - ok
17:15:33.0922 0196 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:15:33.0953 0196 ErrDev - ok
17:15:34.0000 0196 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:15:34.0000 0196 EventSystem - ok
17:15:34.0031 0196 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:15:34.0062 0196 exfat - ok
17:15:34.0093 0196 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:15:34.0109 0196 fastfat - ok
17:15:34.0234 0196 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:15:34.0249 0196 Fax - ok
17:15:34.0296 0196 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:15:34.0296 0196 fdc - ok
17:15:34.0312 0196 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:15:34.0312 0196 fdPHost - ok
17:15:34.0327 0196 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:15:34.0327 0196 FDResPub - ok
17:15:34.0343 0196 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:15:34.0343 0196 FileInfo - ok
17:15:34.0390 0196 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:15:34.0405 0196 Filetrace - ok
17:15:34.0421 0196 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:15:34.0437 0196 flpydisk - ok
17:15:34.0499 0196 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:15:34.0515 0196 FltMgr - ok
17:15:34.0702 0196 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:15:34.0702 0196 FontCache - ok
17:15:34.0858 0196 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:15:34.0858 0196 FontCache3.0.0.0 - ok
17:15:34.0889 0196 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:15:34.0905 0196 FsDepends - ok
17:15:34.0936 0196 [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:15:34.0936 0196 fssfltr - ok
17:15:35.0076 0196 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
17:15:35.0092 0196 fsssvc - ok
17:15:35.0123 0196 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:15:35.0139 0196 Fs_Rec - ok
17:15:35.0185 0196 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:15:35.0201 0196 fvevol - ok
17:15:35.0217 0196 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:15:35.0232 0196 gagp30kx - ok
17:15:35.0279 0196 [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
17:15:35.0310 0196 ggflt - ok
17:15:35.0357 0196 [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
17:15:35.0357 0196 ggsemc - ok
17:15:35.0482 0196 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:15:35.0497 0196 gpsvc - ok
17:15:35.0607 0196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:35.0622 0196 gupdate - ok
17:15:35.0638 0196 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:15:35.0638 0196 gupdatem - ok
17:15:35.0685 0196 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:15:35.0685 0196 hcw85cir - ok
17:15:35.0763 0196 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:15:35.0763 0196 HdAudAddService - ok
17:15:35.0794 0196 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:15:35.0809 0196 HDAudBus - ok
17:15:35.0856 0196 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:15:35.0887 0196 HidBatt - ok
17:15:35.0919 0196 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:15:35.0934 0196 HidBth - ok
17:15:36.0012 0196 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:15:36.0059 0196 HidIr - ok
17:15:36.0090 0196 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:15:36.0090 0196 hidserv - ok
17:15:36.0168 0196 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:15:36.0184 0196 HidUsb - ok
17:15:36.0231 0196 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:15:36.0246 0196 hkmsvc - ok
17:15:36.0324 0196 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:15:36.0340 0196 HomeGroupListener - ok
17:15:36.0402 0196 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:15:36.0402 0196 HomeGroupProvider - ok
17:15:36.0449 0196 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:15:36.0465 0196 HpSAMD - ok
17:15:36.0558 0196 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:15:36.0574 0196 HTTP - ok
17:15:36.0621 0196 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:15:36.0652 0196 hwpolicy - ok
17:15:36.0714 0196 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:15:36.0714 0196 i8042prt - ok
17:15:36.0792 0196 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:15:36.0792 0196 iaStorV - ok
17:15:36.0995 0196 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:15:37.0011 0196 idsvc - ok
17:15:37.0042 0196 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:15:37.0057 0196 iirsp - ok
17:15:37.0104 0196 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:15:37.0120 0196 IKEEXT - ok
17:15:37.0588 0196 [ 0A0E3C041C20C4175E1CC6580138CA38 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:15:37.0635 0196 IntcAzAudAddService - ok
17:15:37.0666 0196 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:15:37.0666 0196 intelide - ok
17:15:37.0697 0196 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:15:37.0713 0196 intelppm - ok
17:15:37.0759 0196 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:15:37.0759 0196 IPBusEnum - ok
17:15:37.0806 0196 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:15:37.0853 0196 IpFilterDriver - ok
17:15:37.0993 0196 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:15:38.0056 0196 iphlpsvc - ok
17:15:38.0103 0196 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:15:38.0118 0196 IPMIDRV - ok
17:15:38.0149 0196 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:15:38.0149 0196 IPNAT - ok
17:15:38.0149 0196 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:15:38.0181 0196 IRENUM - ok
17:15:38.0243 0196 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:15:38.0243 0196 isapnp - ok
17:15:38.0337 0196 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:15:38.0368 0196 iScsiPrt - ok
17:15:38.0415 0196 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:15:38.0461 0196 kbdclass - ok
17:15:38.0493 0196 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:15:38.0508 0196 kbdhid - ok
17:15:38.0524 0196 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:15:38.0539 0196 KeyIso - ok
17:15:38.0586 0196 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:15:38.0602 0196 KSecDD - ok
17:15:38.0680 0196 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:15:38.0695 0196 KSecPkg - ok
17:15:38.0883 0196 [ 0036D3D626D8D186365688E43EFE5F47 ] ksupmgr C:\Windows\system32\ksupmgr.exe
17:15:38.0898 0196 ksupmgr - ok
17:15:39.0070 0196 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:15:39.0117 0196 KtmRm - ok
17:15:39.0195 0196 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:15:39.0195 0196 LanmanServer - ok
17:15:39.0241 0196 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:15:39.0273 0196 LanmanWorkstation - ok
17:15:39.0335 0196 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:15:39.0351 0196 lltdio - ok
17:15:39.0413 0196 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:15:39.0460 0196 lltdsvc - ok
17:15:39.0491 0196 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:15:39.0507 0196 lmhosts - ok
17:15:39.0600 0196 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:15:39.0631 0196 LSI_FC - ok
17:15:39.0709 0196 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:15:39.0725 0196 LSI_SAS - ok
17:15:39.0756 0196 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:15:39.0787 0196 LSI_SAS2 - ok
17:15:39.0865 0196 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:15:39.0881 0196 LSI_SCSI - ok
17:15:39.0897 0196 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:15:39.0912 0196 luafv - ok
17:15:39.0990 0196 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:15:40.0021 0196 MBAMProtector - ok
17:15:40.0162 0196 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:15:40.0162 0196 MBAMScheduler - ok
17:15:40.0255 0196 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:15:40.0255 0196 MBAMService - ok
17:15:40.0287 0196 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:15:40.0287 0196 Mcx2Svc - ok
17:15:40.0302 0196 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:15:40.0302 0196 megasas - ok
17:15:40.0349 0196 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:15:40.0380 0196 MegaSR - ok
17:15:40.0411 0196 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:15:40.0427 0196 MMCSS - ok
17:15:40.0443 0196 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:15:40.0443 0196 Modem - ok
17:15:40.0458 0196 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:15:40.0458 0196 monitor - ok
17:15:40.0489 0196 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:15:40.0521 0196 mouclass - ok
17:15:40.0536 0196 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:15:40.0536 0196 mouhid - ok
17:15:40.0599 0196 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:15:40.0614 0196 mountmgr - ok
17:15:40.0645 0196 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:15:40.0645 0196 mpio - ok
17:15:40.0661 0196 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:15:40.0661 0196 mpsdrv - ok
17:15:40.0739 0196 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:15:40.0755 0196 MpsSvc - ok
17:15:40.0770 0196 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:15:40.0770 0196 MRxDAV - ok
17:15:40.0817 0196 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:15:40.0817 0196 mrxsmb - ok
17:15:40.0864 0196 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:15:40.0879 0196 mrxsmb10 - ok
17:15:40.0895 0196 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:15:40.0911 0196 mrxsmb20 - ok
17:15:40.0942 0196 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:15:40.0973 0196 msahci - ok
17:15:41.0051 0196 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:15:41.0067 0196 msdsm - ok
17:15:41.0113 0196 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:15:41.0129 0196 MSDTC - ok
17:15:41.0176 0196 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:15:41.0191 0196 Msfs - ok
17:15:41.0207 0196 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:15:41.0207 0196 mshidkmdf - ok
17:15:41.0223 0196 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:15:41.0223 0196 msisadrv - ok
17:15:41.0269 0196 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:15:41.0269 0196 MSiSCSI - ok
17:15:41.0269 0196 msiserver - ok
17:15:41.0285 0196 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:15:41.0285 0196 MSKSSRV - ok
17:15:41.0316 0196 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:15:41.0332 0196 MSPCLOCK - ok
17:15:41.0332 0196 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:15:41.0347 0196 MSPQM - ok
17:15:41.0410 0196 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:15:41.0410 0196 MsRPC - ok
17:15:41.0441 0196 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:15:41.0457 0196 mssmbios - ok
17:15:41.0472 0196 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:15:41.0488 0196 MSTEE - ok
17:15:41.0535 0196 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:15:41.0550 0196 MTConfig - ok
17:15:41.0566 0196 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:15:41.0597 0196 Mup - ok
17:15:41.0644 0196 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:15:41.0659 0196 napagent - ok
17:15:41.0675 0196 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:15:41.0691 0196 NativeWifiP - ok
17:15:41.0769 0196 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:15:41.0769 0196 NDIS - ok
17:15:41.0784 0196 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:15:41.0784 0196 NdisCap - ok
17:15:41.0831 0196 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:15:41.0831 0196 NdisTapi - ok
17:15:41.0862 0196 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:15:41.0893 0196 Ndisuio - ok
17:15:41.0909 0196 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:15:41.0909 0196 NdisWan - ok
17:15:41.0925 0196 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:15:41.0925 0196 NDProxy - ok
17:15:42.0049 0196 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
17:15:42.0096 0196 Nero BackItUp Scheduler 3 - ok
17:15:42.0143 0196 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:15:42.0159 0196 NetBIOS - ok
17:15:42.0174 0196 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:15:42.0174 0196 NetBT - ok
17:15:42.0190 0196 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:15:42.0190 0196 Netlogon - ok
17:15:42.0221 0196 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:15:42.0221 0196 Netman - ok
17:15:42.0237 0196 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:15:42.0252 0196 netprofm - ok
17:15:42.0283 0196 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:15:42.0283 0196 NetTcpPortSharing - ok
17:15:42.0299 0196 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:15:42.0299 0196 nfrd960 - ok
17:15:42.0330 0196 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:15:42.0330 0196 NlaSvc - ok
17:15:42.0502 0196 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
17:15:42.0517 0196 NMIndexingService - ok
17:15:42.0533 0196 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:15:42.0564 0196 Npfs - ok
17:15:42.0627 0196 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:15:42.0627 0196 nsi - ok
17:15:42.0642 0196 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:15:42.0642 0196 nsiproxy - ok
17:15:42.0689 0196 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:15:42.0720 0196 Ntfs - ok
17:15:42.0736 0196 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:15:42.0736 0196 Null - ok
17:15:42.0767 0196 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:15:42.0783 0196 nvraid - ok
17:15:42.0845 0196 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:15:42.0845 0196 nvstor - ok
17:15:42.0907 0196 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:15:42.0923 0196 nv_agp - ok
17:15:42.0939 0196 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:15:42.0939 0196 ohci1394 - ok
17:15:43.0001 0196 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:15:43.0017 0196 ose - ok
17:15:43.0812 0196 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:15:43.0875 0196 osppsvc - ok
17:15:43.0953 0196 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:15:43.0968 0196 p2pimsvc - ok
17:15:44.0077 0196 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:15:44.0109 0196 p2psvc - ok
17:15:44.0140 0196 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:15:44.0140 0196 Parport - ok
17:15:44.0155 0196 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:15:44.0171 0196 partmgr - ok
17:15:44.0171 0196 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:15:44.0171 0196 Parvdm - ok
17:15:44.0202 0196 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:15:44.0218 0196 PcaSvc - ok
17:15:44.0233 0196 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:15:44.0233 0196 pci - ok
17:15:44.0249 0196 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:15:44.0249 0196 pciide - ok
17:15:44.0311 0196 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:15:44.0327 0196 pcmcia - ok
17:15:44.0374 0196 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:15:44.0374 0196 pcw - ok
17:15:44.0483 0196 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:15:44.0499 0196 PEAUTH - ok
17:15:44.0686 0196 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:15:44.0717 0196 pla - ok
17:15:44.0764 0196 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
17:15:44.0764 0196 PLFlash DeviceIoControl Service - ok
17:15:44.0795 0196 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:15:44.0795 0196 PlugPlay - ok
17:15:44.0826 0196 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:15:44.0842 0196 PNRPAutoReg - ok
17:15:44.0857 0196 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:15:44.0857 0196 PNRPsvc - ok
17:15:44.0904 0196 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:15:44.0920 0196 PolicyAgent - ok
17:15:44.0967 0196 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:15:44.0982 0196 Power - ok
17:15:45.0013 0196 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:15:45.0029 0196 PptpMiniport - ok
17:15:45.0045 0196 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:15:45.0060 0196 Processor - ok
17:15:45.0123 0196 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:15:45.0138 0196 ProfSvc - ok
17:15:45.0169 0196 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:15:45.0169 0196 ProtectedStorage - ok
17:15:45.0216 0196 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:15:45.0232 0196 Psched - ok
17:15:45.0357 0196 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:15:45.0388 0196 ql2300 - ok
17:15:45.0419 0196 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:15:45.0419 0196 ql40xx - ok
17:15:45.0497 0196 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:15:45.0497 0196 QWAVE - ok
17:15:45.0528 0196 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:15:45.0528 0196 QWAVEdrv - ok
17:15:45.0559 0196 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:15:45.0559 0196 RasAcd - ok
17:15:45.0591 0196 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:15:45.0591 0196 RasAgileVpn - ok
17:15:45.0606 0196 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:15:45.0606 0196 RasAuto - ok
17:15:45.0606 0196 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:15:45.0606 0196 Rasl2tp - ok
17:15:45.0653 0196 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:15:45.0669 0196 RasMan - ok
17:15:45.0684 0196 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:15:45.0684 0196 RasPppoe - ok
17:15:45.0731 0196 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:15:45.0731 0196 RasSstp - ok
17:15:45.0793 0196 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:15:45.0809 0196 rdbss - ok
17:15:45.0825 0196 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:15:45.0840 0196 rdpbus - ok
17:15:45.0856 0196 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:15:45.0856 0196 RDPCDD - ok
17:15:45.0887 0196 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:15:45.0887 0196 RDPENCDD - ok
17:15:45.0918 0196 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:15:45.0918 0196 RDPREFMP - ok
17:15:45.0965 0196 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:15:45.0981 0196 RDPWD - ok
17:15:46.0012 0196 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:15:46.0012 0196 rdyboost - ok
17:15:46.0090 0196 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:15:46.0090 0196 RemoteAccess - ok
17:15:46.0121 0196 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:15:46.0121 0196 RemoteRegistry - ok
17:15:46.0137 0196 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:15:46.0152 0196 RpcEptMapper - ok
17:15:46.0183 0196 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:15:46.0199 0196 RpcLocator - ok
17:15:46.0215 0196 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:15:46.0215 0196 RpcSs - ok
17:15:46.0246 0196 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:15:46.0261 0196 rspndr - ok
17:15:46.0308 0196 [ 05C2613F661584190C752F6184D1C8EF ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
17:15:46.0324 0196 RTL8167 - ok
17:15:46.0339 0196 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:15:46.0339 0196 SamSs - ok
17:15:46.0371 0196 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:15:46.0371 0196 sbp2port - ok
17:15:46.0402 0196 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:15:46.0402 0196 SCardSvr - ok
17:15:46.0433 0196 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:15:46.0449 0196 scfilter - ok
17:15:46.0573 0196 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:15:46.0605 0196 Schedule - ok
17:15:46.0620 0196 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:15:46.0620 0196 SCPolicySvc - ok
17:15:46.0667 0196 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:15:46.0683 0196 SDRSVC - ok
17:15:46.0714 0196 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:15:46.0714 0196 secdrv - ok
17:15:46.0729 0196 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:15:46.0729 0196 seclogon - ok
17:15:46.0761 0196 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:15:46.0776 0196 SENS - ok
17:15:46.0792 0196 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:15:46.0807 0196 SensrSvc - ok
17:15:46.0823 0196 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:15:46.0823 0196 Serenum - ok
17:15:46.0854 0196 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:15:46.0854 0196 Serial - ok
17:15:46.0917 0196 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:15:46.0917 0196 sermouse - ok
17:15:46.0963 0196 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:15:46.0979 0196 SessionEnv - ok
17:15:47.0026 0196 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:15:47.0026 0196 sffdisk - ok
17:15:47.0073 0196 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:15:47.0073 0196 sffp_mmc - ok
17:15:47.0119 0196 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:15:47.0151 0196 sffp_sd - ok
17:15:47.0182 0196 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:15:47.0197 0196 sfloppy - ok
17:15:47.0260 0196 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:15:47.0275 0196 SharedAccess - ok
17:15:47.0400 0196 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:15:47.0416 0196 ShellHWDetection - ok
17:15:47.0447 0196 [ 1644C3814E0DAE66CD68E39FFB97D869 ] SipIMNDI C:\Windows\system32\DRIVERS\SipIMNDI.sys
17:15:47.0478 0196 SipIMNDI - ok
17:15:47.0509 0196 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:15:47.0525 0196 sisagp - ok
17:15:47.0603 0196 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:15:47.0619 0196 SiSRaid2 - ok
17:15:47.0650 0196 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:15:47.0665 0196 SiSRaid4 - ok
17:15:47.0697 0196 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:15:47.0697 0196 Smb - ok
17:15:47.0790 0196 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:15:47.0806 0196 SNMPTRAP - ok
17:15:47.0884 0196 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:15:47.0884 0196 Sony PC Companion - ok
17:15:47.0899 0196 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:15:47.0931 0196 spldr - ok
17:15:47.0962 0196 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:15:47.0977 0196 Spooler - ok
17:15:48.0102 0196 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:15:48.0165 0196 sppsvc - ok
17:15:48.0211 0196 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:15:48.0227 0196 sppuinotify - ok
17:15:48.0258 0196 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:15:48.0258 0196 srv - ok
17:15:48.0258 0196 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:15:48.0274 0196 srv2 - ok
17:15:48.0274 0196 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:15:48.0289 0196 srvnet - ok
17:15:48.0321 0196 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:15:48.0321 0196 SSDPSRV - ok
17:15:48.0336 0196 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:15:48.0352 0196 SstpSvc - ok
17:15:48.0383 0196 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
17:15:48.0399 0196 ss_bbus - ok
17:15:48.0430 0196 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:15:48.0445 0196 ss_bmdfl - ok
17:15:48.0461 0196 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:15:48.0477 0196 ss_bmdm - ok
17:15:48.0492 0196 [ 994D2E5378CC337EC7DD73C1E04FCAA4 ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
17:15:48.0492 0196 ss_bserd - ok
17:15:48.0523 0196 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:15:48.0523 0196 stexstor - ok
17:15:48.0586 0196 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:15:48.0586 0196 StiSvc - ok
17:15:48.0617 0196 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:15:48.0617 0196 swenum - ok
17:15:48.0633 0196 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:15:48.0633 0196 swprv - ok
17:15:48.0679 0196 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:15:48.0695 0196 SysMain - ok
17:15:48.0726 0196 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:15:48.0726 0196 TabletInputService - ok
17:15:48.0773 0196 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:15:48.0789 0196 TapiSrv - ok
17:15:48.0804 0196 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:15:48.0804 0196 TBS - ok
17:15:48.0851 0196 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:15:48.0867 0196 Tcpip - ok
17:15:48.0898 0196 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:15:48.0898 0196 TCPIP6 - ok
17:15:48.0945 0196 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:15:48.0945 0196 tcpipreg - ok
17:15:48.0976 0196 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:15:48.0976 0196 TDPIPE - ok
17:15:49.0007 0196 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:15:49.0007 0196 TDTCP - ok
17:15:49.0023 0196 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:15:49.0023 0196 tdx - ok
17:15:49.0054 0196 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:15:49.0054 0196 TermDD - ok
17:15:49.0069 0196 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:15:49.0085 0196 TermService - ok
17:15:49.0101 0196 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:15:49.0101 0196 Themes - ok
17:15:49.0163 0196 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:15:49.0163 0196 THREADORDER - ok
17:15:49.0194 0196 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:15:49.0210 0196 TrkWks - ok
17:15:49.0225 0196 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:15:49.0225 0196 TrustedInstaller - ok
17:15:49.0257 0196 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:15:49.0257 0196 tssecsrv - ok
17:15:49.0303 0196 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:15:49.0303 0196 TsUsbFlt - ok
17:15:49.0397 0196 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
17:15:49.0428 0196 TuneUp.UtilitiesSvc - ok
17:15:49.0444 0196 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
17:15:49.0459 0196 TuneUpUtilitiesDrv - ok
17:15:49.0475 0196 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:15:49.0475 0196 tunnel - ok
17:15:49.0491 0196 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:15:49.0491 0196 uagp35 - ok
17:15:49.0506 0196 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:15:49.0506 0196 udfs - ok
17:15:49.0537 0196 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:15:49.0537 0196 UI0Detect - ok
17:15:49.0553 0196 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:15:49.0553 0196 uliagpkx - ok
17:15:49.0584 0196 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
17:15:49.0584 0196 umbus - ok
17:15:49.0615 0196 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:15:49.0615 0196 UmPass - ok
17:15:49.0647 0196 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:15:49.0647 0196 upnphost - ok
17:15:49.0662 0196 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:15:49.0662 0196 usbccgp - ok
17:15:49.0693 0196 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:15:49.0693 0196 usbcir - ok
17:15:49.0725 0196 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:15:49.0725 0196 usbehci - ok
17:15:49.0771 0196 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:15:49.0771 0196 usbhub - ok
17:15:49.0803 0196 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:15:49.0803 0196 usbohci - ok
17:15:49.0818 0196 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:15:49.0818 0196 usbprint - ok
17:15:49.0849 0196 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:15:49.0849 0196 usbscan - ok
17:15:49.0881 0196 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:15:49.0881 0196 USBSTOR - ok
17:15:49.0896 0196 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:15:49.0896 0196 usbuhci - ok
17:15:49.0912 0196 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:15:49.0912 0196 usbvideo - ok
17:15:49.0927 0196 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:15:49.0943 0196 UxSms - ok
17:15:49.0959 0196 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:15:49.0959 0196 VaultSvc - ok
17:15:49.0974 0196 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:15:49.0974 0196 vdrvroot - ok
17:15:50.0005 0196 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:15:50.0021 0196 vds - ok
17:15:50.0052 0196 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:15:50.0052 0196 vga - ok
17:15:50.0083 0196 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:15:50.0083 0196 VgaSave - ok
17:15:50.0115 0196 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:15:50.0115 0196 vhdmp - ok
17:15:50.0130 0196 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:15:50.0130 0196 viaagp - ok
17:15:50.0130 0196 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:15:50.0130 0196 ViaC7 - ok
17:15:50.0161 0196 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:15:50.0161 0196 viaide - ok
17:15:50.0208 0196 [ 266474DB9CCCE39FFEF029714AE16FDD ] VMUVC C:\Windows\system32\Drivers\VMUVC.sys
17:15:50.0208 0196 VMUVC - ok
17:15:50.0224 0196 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:15:50.0224 0196 volmgr - ok
17:15:50.0239 0196 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:15:50.0239 0196 volmgrx - ok
17:15:50.0271 0196 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:15:50.0271 0196 volsnap - ok
17:15:50.0286 0196 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:15:50.0286 0196 vsmraid - ok
17:15:50.0349 0196 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:15:50.0349 0196 VSS - ok
17:15:50.0380 0196 [ 77D037C0DF3C5F0FE33E3D8DB32ACC1E ] vvftUVC C:\Windows\system32\drivers\vvftUVC.sys
17:15:50.0380 0196 vvftUVC - ok
17:15:50.0395 0196 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:15:50.0395 0196 vwifibus - ok
17:15:50.0427 0196 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:15:50.0427 0196 W32Time - ok
17:15:50.0458 0196 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:15:50.0458 0196 WacomPen - ok
17:15:50.0473 0196 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:15:50.0473 0196 WANARP - ok
17:15:50.0473 0196 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:15:50.0473 0196 Wanarpv6 - ok
17:15:50.0520 0196 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:15:50.0536 0196 wbengine - ok
17:15:50.0567 0196 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:15:50.0583 0196 WbioSrvc - ok
17:15:50.0629 0196 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:15:50.0629 0196 wcncsvc - ok
17:15:50.0629 0196 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:15:50.0629 0196 WcsPlugInService - ok
17:15:50.0661 0196 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:15:50.0661 0196 Wd - ok
17:15:50.0692 0196 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:15:50.0707 0196 Wdf01000 - ok
17:15:50.0723 0196 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:15:50.0723 0196 WdiServiceHost - ok
17:15:50.0723 0196 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:15:50.0723 0196 WdiSystemHost - ok
17:15:50.0785 0196 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:15:50.0785 0196 WebClient - ok
17:15:50.0801 0196 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:15:50.0801 0196 Wecsvc - ok
17:15:50.0817 0196 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:15:50.0817 0196 wercplsupport - ok
17:15:50.0832 0196 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:15:50.0832 0196 WerSvc - ok
17:15:50.0848 0196 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:15:50.0848 0196 WfpLwf - ok
17:15:50.0863 0196 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:15:50.0863 0196 WIMMount - ok
17:15:50.0910 0196 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:15:50.0926 0196 WinDefend - ok
17:15:50.0973 0196 [ 284C5F8C47F30EF7799D359BA7F8B0D4 ] Windows-CCHook-Service C:\Windows\system32\cchservice.exe
17:15:50.0988 0196 Windows-CCHook-Service - ok
17:15:51.0004 0196 WinHttpAutoProxySvc - ok
17:15:51.0004 0196 Winmgmt - ok
17:15:51.0051 0196 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:15:51.0066 0196 WinRM - ok
17:15:51.0113 0196 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:15:51.0129 0196 WinUsb - ok
17:15:51.0160 0196 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:15:51.0175 0196 Wlansvc - ok
17:15:51.0222 0196 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:15:51.0253 0196 wlidsvc - ok
17:15:51.0285 0196 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:15:51.0285 0196 WmiAcpi - ok
17:15:51.0347 0196 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:15:51.0363 0196 wmiApSrv - ok
17:15:51.0409 0196 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:15:51.0409 0196 WMPNetworkSvc - ok
17:15:51.0425 0196 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:15:51.0441 0196 WPCSvc - ok
17:15:51.0441 0196 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:15:51.0441 0196 WPDBusEnum - ok
17:15:51.0472 0196 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:15:51.0487 0196 ws2ifsl - ok
17:15:51.0487 0196 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:15:51.0503 0196 wscsvc - ok
17:15:51.0503 0196 WSearch - ok
17:15:51.0565 0196 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:15:51.0597 0196 wuauserv - ok
17:15:51.0659 0196 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:15:51.0659 0196 WudfPf - ok
17:15:51.0675 0196 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:15:51.0675 0196 WUDFRd - ok
17:15:51.0721 0196 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:15:51.0721 0196 wudfsvc - ok
17:15:51.0753 0196 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:15:51.0799 0196 WwanSvc - ok
17:15:51.0831 0196 [ 276842A27953BE204A2507096F09B1F3 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:15:51.0831 0196 xusb21 - ok
17:15:51.0831 0196 ================ Scan global ===============================
17:15:51.0877 0196 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:15:51.0909 0196 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:15:51.0909 0196 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:15:51.0924 0196 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:15:51.0940 0196 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:15:51.0940 0196 [Global] - ok
17:15:51.0940 0196 ================ Scan MBR ==================================
17:15:51.0940 0196 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:15:52.0735 0196 \Device\Harddisk0\DR0 - ok
17:15:52.0735 0196 ================ Scan VBR ==================================
17:15:52.0735 0196 [ 5EB7AD102C81606A7BC013AFE36C0815 ] \Device\Harddisk0\DR0\Partition1
17:15:52.0735 0196 \Device\Harddisk0\DR0\Partition1 - ok
17:15:52.0735 0196 ============================================================
17:15:52.0735 0196 Scan finished
17:15:52.0735 0196 ============================================================
17:15:52.0751 2216 Detected object count: 0
17:15:52.0751 2216 Actual detected object count: 0
17:16:07.0243 3876 Deinitialize success
Code:
ATTFilter Protokollname: Application
Quelle: Application Error
Datum: 29.04.2013 16:16:27
Ereignis-ID: 1000
Aufgabenkategorie:(100)
Ebene: Fehler
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: Manuela-PC
Beschreibung:
Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052d24
ID des fehlerhaften Prozesses: 0x2b0
Startzeit der fehlerhaften Anwendung: 0x01ce44e3367904c3
Pfad der fehlerhaften Anwendung: C:\Users\Manuela\Desktop\aswMBR.exe
Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung: 612e1639-b0d7-11e2-96ea-9767af5ab8ee
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-04-29T14:16:27.000000000Z" />
<EventRecordID>68420</EventRecordID>
<Channel>Application</Channel>
<Computer>Manuela-PC</Computer>
<Security />
</System>
<EventData>
<Data>aswMBR.exe</Data>
<Data>0.9.9.1771</Data>
<Data>5147644e</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec49b60</Data>
<Data>c0000005</Data>
<Data>00052d24</Data>
<Data>2b0</Data>
<Data>01ce44e3367904c3</Data>
<Data>C:\Users\Manuela\Desktop\aswMBR.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>612e1639-b0d7-11e2-96ea-9767af5ab8ee</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Service Control Manager
Datum: 29.04.2013 17:20:24
Ereignis-ID: 7023
Aufgabenkategorie:Keine
Ebene: Fehler
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: Manuela-PC
Beschreibung:
Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
Das angegebene Modul wurde nicht gefunden.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-04-29T15:20:24.052528200Z" />
<EventRecordID>374847</EventRecordID>
<Correlation />
<Execution ProcessID="756" ThreadID="860" />
<Channel>System</Channel>
<Computer>Manuela-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Windows-Verwaltungsinstrumentation</Data>
<Data Name="param2">%%126</Data>
</EventData>
</Event>
Code:
ATTFilter Protokollname: System
Quelle: Microsoft-Windows-DistributedCOM
Datum: 29.04.2013 17:20:54
Ereignis-ID: 10010
Aufgabenkategorie:Keine
Ebene: Fehler
Schlüsselwörter:Klassisch
Benutzer: Nicht zutreffend
Computer: Manuela-PC
Beschreibung:
Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Ereignis-XML:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-04-29T15:20:54.000000000Z" />
<EventRecordID>374848</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Manuela-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
</EventData>
</Event>
Geändert von Speedbones (29.04.2013 um 16:48 Uhr) Grund: Hinzugefügt |
|
30.04.2013, 06:37
| #7 |
| /// Malwareteam | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Ich rate dir dringend, ein Backup anzulegen und eine Neuinstallation vorzunehmen - hier eine Bereinigung zu versuchen hat wenig Aussicht auf Erfolg. Neu aufsetzen wäre in jedem Falle sicherer und deutlich schneller.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
08.05.2013, 06:14
| #8 |
| /// Malwareteam | Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten Dieses Thema scheint erledigt und wurde aus meinen Abos gelöscht. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und ein eigenes Thema erstellen!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Windows-Verwaltungsinstrumentation Dienst und Sicherheitscenter wieder starten |
| anti-malware, arten, avg, dateien, dienst, fertig, gefunde, gelöscht, gescannt, hallo zusammen, infizierte, java, konnte, laufen, malwarebytes, nachbarin, nichts, reagiert, sicherheitscenter, starte, starten, system, temp, thread, zusammen |
Textbox.
Linear-Darstellung
