| |
| |||||||
Log-Analyse und Auswertung: 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.05.2013, 06:21
| #1 |
 | !['W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' - Standard](images/icons/icon1.gif){kind=icon} 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Liebes Trojaner-Board-Team, leider habe ich es offenbar heute trotz aller Vorsicht doch geschafft, meinen Rechner mit einem Trojaner zu infizieren. Der Echtzeit-Scanner meines Virenprogramms Avira free Antivirus schlug plötzlich mehrmals hintereinander Alarm. (häufigste Meldung: "W32/patched.UC in C:\windows\system32\services.exe", s. log) Kurz zuvor hatte ich ein Update des Adobe-Flash-Player bestätigt, was im Nachhinein betrachtet jedoch wohl ein täuschend echt aussehendes Fake war. Während einer vollständigen Systemprüfung mit Avira free Antivirus, die ebenfalls den Fund meldete, meldete der Echtzeit-Scanner immer wieder die selben Funde. Zudem sollte immer wieder die Datei "services.exe" in die Quarantäne verschoben werden, was jedoch offenbar nicht gelang. Eine kurze Recherche im Netz sorgte für Ernüchterung: Das Ding ist richtig fies; die häufigste empfohlene Vorgehensweise ist die Neuinstallation. Allerdings konnte ich nirgends eine detaillierte Funktionsbeschreibung des Virus finden, die mich danach vor erneuter Infektion schützt. Dabei interessiert mich v.a. folgendes: - Wenn sich der Virus auch im MBR niederschlägt, reicht eine Formatierung der Systempartition überhaupt aus? - Wie kann ich feststellen, ob nicht auch meine Datenpartition betroffen ist? - Wie kann ich Daten von der Systempartition sichern (Outlook-Daten, Programmeinstellungen...) und später wieder zurückspielen, ohne mir dabei gleich wieder den Virus zu holen? - Inwieweit kann ich feststellen, ob USB-Sticks bereits infiziert wurden, falls ich den Virus doch schon länger habe? - Welche Informationen sind durch den Befall komprimitiert und wie (Email-Konto, Online-Banking, social networks...)? Auf jeden Fall erscheint es mir sinnvoll, den Rechner zunächst so sauber wie möglich zu machen, bevor ich versuche, Daten von infizierten Partitionen zu sichern, um nicht noch mehr/weitläufiger Schaden anzurichten. Auf dem Trojaner-Board habe ich dann unfassbar viele Informationen und viele kompetente Ratschläge gefunden. Unfassbar, was hier freiwillig geleistet wird! Großer Respekt! Daher bin ich sehr zuversichtlich, dass ich hier für Antworten richtig bin. Seit klar war, dass Avira den Trojaner nicht entfernen kann, verwende ich Windows nur noch offline. Da auf einer weiteren Partition ubuntu installiert ist, kann ich damit online arbeiten, z.B. hier im Forum. Ich würde mich sehr freuen, wenn Ihr mir helfen könntet! Viele Grüße Patrick ---------------- LOGFILES ---------------- Aufgrund der Zeicheneinschränkung wurde der Ereignis-Log von Avira free Antivirus mit den Funden von Echtzeit- und System-Scanner sowie der Report der vollständigen Systemprüfung mit Avira free Antivirus (nach wiederholtem Neustart, offline) als Archiv angehängt. Seither meldet der Echtzeit-Scanner in regelmäßigen Abständen auch "TR/ATRAPS.Gen2 in c:\windows\assembly\GAC_64\Desktop.ini" Defogger -> Disable wurde ohne Fehlermeldung ausgeführt. OTL -> Quick Scan produzierte folgendes: OTL.txt: Code:
ATTFilter OTL logfile created on: 08.05.2013 03:27:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free 10,00 Gb Paging File | 8,19 Gb Available in Paging File | 81,97% Paging File free Paging file location(s): c:\pagefile.sys 6142 6142 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488,18 Gb Total Space | 352,55 Gb Free Space | 72,22% Space Free | Partition Type: NTFS Drive E: | 151,29 Gb Total Space | 85,86 Gb Free Space | 56,75% Space Free | Partition Type: FAT32 Computer Name: PLEY-L50 | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.08 00:33:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2013.05.07 21:17:12 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.07 15:00:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.07 14:59:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.17 15:12:48 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.02.18 18:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2009.09.25 09:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe PRC - [2009.09.15 17:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.08.19 20:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe PRC - [2009.08.17 09:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe PRC - [2009.05.18 15:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe PRC - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe PRC - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Programme\ATKGFNEX\GFNEXSrv.exe PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe PRC - [2007.07.23 15:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.02.23 00:03:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.13 04:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 04:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2013.01.11 17:53:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b8d2fc383ad15b68f5837e831ac303bc\IAStorCommon.ni.dll MOD - [2013.01.11 17:53:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\641f67f6ff095508b04d624e85695005\IAStorUtil.ni.dll MOD - [2013.01.11 17:50:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.11 17:50:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 17:50:08 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 17:50:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 17:50:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 17:50:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 17:49:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2010.11.20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.22 16:45:00 | 000,181,760 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.12.29 16:50:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL MOD - [2009.09.15 17:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.25 14:35:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.07 15:00:46 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.07 14:59:16 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.11.09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.16 10:32:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.09.16 10:31:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.02.23 12:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.10.17 15:12:52 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.09.22 22:07:34 | 058,345,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2011.09.22 22:07:34 | 000,154,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.09.22 22:06:04 | 000,431,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.21 02:42:38 | 000,061,976 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.07.01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService) SRV - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr) SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.07 15:01:44 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.07 15:01:44 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.07 15:01:44 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012.10.18 12:12:06 | 001,111,856 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.06 00:00:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.25 16:11:20 | 000,030,528 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sef3x1.sys -- (sef3x1) DRV:64bit: - [2012.03.25 16:10:03 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.03.25 16:10:03 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2012.03.25 13:57:49 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2012.03.24 21:29:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.03.24 21:29:11 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 17:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.12.12 18:19:16 | 008,616,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.10.17 14:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.09.22 22:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011.09.13 14:45:06 | 001,588,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 15:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 13:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010.11.20 13:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.15 20:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.07.20 17:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2009.06.25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2009.06.25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009.06.18 12:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 09:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.03.09 16:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.08.03 20:26:48 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio) DRV - [2007.07.24 11:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Programme\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\..\SearchScopes,DefaultScope = {C6379DB5-CC9D-459E-89EC-DBAF4AFCDADA} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{14C927A3-1B78-497A-A166-8D1EEE8799E8}: "URL" = hxxp://www.youtube.com/results?search_query={searchTerms} IE - HKCU\..\SearchScopes\{980B9BF6-AF0C-4AF0-BDF0-7A6CDC8EADEE}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=amznsearch.de.ms-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{AC151396-3DBF-42D6-BDB2-014EC3BF320A}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\..\SearchScopes\{C6379DB5-CC9D-459E-89EC-DBAF4AFCDADA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{DA49B8EC-062B-49E4-917B-EFBA3FA4B0AA}: "URL" = hxxp://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Patrick\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.03.24 21:14:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.02.22 00:45:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 14:35:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.05 01:24:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.25 14:35:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.05 01:24:30 | 000,000,000 | ---D | M] [2012.03.28 23:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2012.10.28 23:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\xvh1nron.default\extensions [2012.07.15 22:56:51 | 000,035,720 | ---- | M] () (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\xvh1nron.default\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi [2013.04.30 20:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.25 14:35:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.04.25 14:35:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.04.25 14:35:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.25 14:27:36 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Java Plug-in 1.7.0_17) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF119365-FF7C-4D71-A639-BBB450DF672E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEAC6D19-1BA2-4998-818B-37926823A73A}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F653C897-FA70-48DE-BF15-271A639E7497}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 21:18:04 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 01:03:23 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\ElevatedDiagnostics [2013.05.04 18:19:06 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\Amazon MP3 [2013.05.04 18:19:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon [2013.05.04 18:19:04 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Program Files [2013.04.30 20:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.04.30 20:50:27 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Oracle [2013.04.30 16:58:18 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\AdobeUM [2013.04.30 16:23:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.04.29 16:18:41 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\SimCity 4 [2013.04.25 16:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Syscon [2013.04.25 14:35:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.23 05:02:00 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Documents\hdl [2008.08.11 21:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.08 03:24:42 | 000,000,168 | ---- | M] () -- C:\Users\Patrick\defogger_reenable [2013.05.08 02:46:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.08 00:50:25 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 00:50:25 | 000,013,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 00:49:19 | 001,799,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.08 00:49:19 | 000,764,936 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.08 00:49:19 | 000,718,878 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.08 00:49:19 | 000,174,050 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.08 00:49:19 | 000,146,900 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.08 00:41:30 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 00:41:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 00:41:12 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 22:45:26 | 000,000,004 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\skype.ini [2013.05.07 21:17:52 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 01:24:31 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.05 01:09:27 | 000,445,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.04 13:34:10 | 000,006,026 | ---- | M] () -- C:\Users\Patrick\.recently-used.xbel [2013.05.03 21:01:58 | 662,658,339 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.30 20:10:41 | 000,000,930 | ---- | M] () -- C:\Users\Patrick\Desktop\TeXnicCenter.lnk [2013.04.30 19:07:38 | 000,001,536 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_0_0.ini [2013.04.30 19:07:17 | 000,000,095 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_0_0.sta [2013.04.30 16:23:55 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk [2013.04.09 21:44:32 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.08 03:24:42 | 000,000,168 | ---- | C] () -- C:\Users\Patrick\defogger_reenable [2013.05.07 22:44:10 | 000,000,004 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\skype.ini [2013.05.05 01:24:31 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.05 01:24:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.04 13:34:10 | 000,006,026 | ---- | C] () -- C:\Users\Patrick\.recently-used.xbel [2013.05.03 21:01:58 | 662,658,339 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.30 19:06:49 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk [2013.04.30 19:06:49 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk [2013.04.30 19:06:49 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk [2013.04.30 16:59:50 | 000,001,536 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_0_0.ini [2013.04.30 16:59:50 | 000,000,095 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_0_0.sta [2013.04.30 16:23:55 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk [2012.12.08 11:53:06 | 000,000,042 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\default.pls [2012.09.16 10:35:08 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.09.16 10:35:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.09.16 10:34:51 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini [2012.07.06 00:20:29 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\pxhpinst.exe [2012.03.25 18:47:06 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.03.25 18:47:06 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.03.25 16:59:56 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2012.03.25 16:59:34 | 000,001,024 | ---- | C] () -- C:\Users\Patrick\.rnd [2012.03.25 14:48:20 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2012.03.25 13:31:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.03.24 19:42:39 | 001,780,848 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.24 15:02:39 | 000,058,368 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\skype.dat [2009.04.08 10:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 08:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\@ [2013.05.08 02:08:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\L [2013.05.08 02:08:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U [2013.05.07 22:40:33 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U\00000008.@ [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.05.08 00:41:17 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.05.08 00:41:17 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2212639840-2740075087-3811639980-1000\$12d2498644f15ee6708743b2affdc3a5\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.07.19 21:13:07 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Amazon [2012.03.25 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\BSW [2012.03.25 21:02:49 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\capella-software [2012.07.06 00:18:40 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\DAEMON Tools Lite [2012.07.29 10:38:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dropbox [2012.03.28 23:16:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\elsterformular [2012.03.25 16:01:17 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\EPSON [2013.05.04 13:34:10 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\gtk-2.0 [2013.01.14 23:47:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\mathegrafix [2012.03.25 16:24:57 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\OpenOffice.org [2013.04.30 20:50:27 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Oracle [2012.07.03 01:45:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SMRecorder [2012.03.25 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Subversion [2012.03.25 13:41:57 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Synaptics [2012.03.25 18:30:45 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TeamViewer [2012.03.24 22:39:43 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.05.2013 03:27:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,85% Memory free
10,00 Gb Paging File | 8,19 Gb Available in Paging File | 81,97% Paging File free
Paging file location(s): c:\pagefile.sys 6142 6142 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,18 Gb Total Space | 352,55 Gb Free Space | 72,22% Space Free | Partition Type: NTFS
Drive E: | 151,29 Gb Total Space | 85,86 Gb Free Space | 56,75% Space Free | Partition Type: FAT32
Computer Name: PLEY-L50 | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0D432429-C79C-462D-ABD8-4D82B83A954B}" = Microsoft SQL Server System CLR Types (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{12FE6AA6-65D2-40EE-B925-62193128A0E6}" = Microsoft SQL Server 2008 Native Client
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2A6823CE-23A8-35B3-8342-162A973CDD5B}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5ADA62BD-2FC0-4ECE-93AA-C933E69B2AB5}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6B13A3F1-F66A-42FB-9E62-98952D582187}" = TortoiseSVN 1.7.11.23600 (64 bit)
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9E62002-BD74-30EC-9049-93E0E003C736}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{D8125A39-ADEE-4187-B04D-DB6CF489AF61}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"15E1EDE2CE17DE99E8C3FB1D4001D9929D4BFD2E" = Windows-Treiberpaket - KEIL - Tools By ARM (WinUSB) USB (12/19/2009 1.0.0.2)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"MiKTeX 2.9" = MiKTeX 2.9
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"TeXnicCenter_is1" = TeXnicCenter Version 2.0 Beta 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}" = Sound Blaster X-Fi Surround 5.1 Pro
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{103A5E44-DD5B-46D5-AD1E-9DF2260CA023}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1AA5BD63-6614-44B2-88A7-605191EDB835}" = Dotfuscator Software Services - Community Edition
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44E8EB3D-935F-496C-9799-23AD27F3FD7E}" = STM32 ST-LINK Utility
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59AD5D9B-C4E7-40D0-AA58-C9EF41000795}" = capella-scan 7.0
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{803910CC-3A39-45E3-A594-0D5512A60A86}" = Microsoft Silverlight 4 SDK - Deutsch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85467CBC-7A39-33C9-8940-D72D9269B84F}" = Microsoft Visual F# 2.0 Runtime
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D95C42C-6853-441A-9F8E-A6C856D0E5F3}" = STLinkDriver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ULTIMATER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ULTIMATER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ULTIMATER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ULTIMATER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{919E5477-D20B-4F64-AE8B-8199469F7817}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-1033-F400-7760-100000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B001BC87-1A45-3656-AD07-213ED52F13E2}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BB1E119E-CF4B-4183-910E-A8C2B379F2C6}" = Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C668416A-9213-4058-B7F2-01A42D85559D}" = Microsoft SQL Server System CLR Types
"{C956D350-CC58-4649-8902-FCEC7FCA6244}" = capella 7
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E9089B6A-1FDE-47F3-8D29-175F5B7A0722}" = Microsoft SQL Server 2008 R2 Management Objects
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 7.0 Professional - English, Français, Deutsch - V" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE
"Avira AntiVir Desktop" = Avira Free Antivirus
"BSW" = BrettspielWelt
"Calc 3D Pro_is1" = Calc 3D Pro 2.1.10
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DVD Shrink_is1" = DVD Shrink 3.2
"ElsterFormular 13.1.1.8531p" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"InstallShield_{44E8EB3D-935F-496C-9799-23AD27F3FD7E}" = STM32 ST-LINK Utility
"Keil µVision4" = Keil µVision4
"MatheGrafix 9_is1" = MatheGrafix (Version 9.50)
"MatlabR2009a" = MATLAB Student R2009a
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.VISIOR" = Microsoft Visio Professional 2010
"Steam App 12210" = Grand Theft Auto IV
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 570" = Dota 2
"Steam App 9340" = Company of Heroes: Opposing Fronts
"SysInfo" = Creative Systeminformationen
"TeamViewer 7" = TeamViewer 7
"ULTIMATER" = Microsoft Office Ultimate 2007
"Update Service" = Sony Ericsson Update Service
"VLC media player" = VLC media player 2.0.1
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft AutoScreenRecorder 3.1 Free" = Wisdom-soft AutoScreenRecorder 3.1 Free
"xp-AntiSpy" = xp-AntiSpy 3.98-2
"Xvid Video Codec 1.3.2" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
"Dropbox" = Dropbox
"GeoGebra 5.0 JOGL1 Beta" = GeoGebra 5.0 JOGL1 Beta
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.04.2013 04:44:21 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 26.04.2013 04:44:22 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 26.04.2013 04:44:22 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 28.04.2013 04:54:46 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 28.04.2013 04:54:47 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 28.04.2013 04:54:47 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.04.2013 03:39:42 | Computer Name = PLey-L50 | Source = RapiMgr | ID = 8
Description = communication (0x8007274a)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
Error - 29.04.2013 16:31:40 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 29.04.2013 16:31:42 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 29.04.2013 16:31:42 | Computer Name = PLey-L50 | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in Manifest- oder Richtliniendatei
"" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:.
Komponente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 15.10.2012 04:27:07 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 16.10.2012 18:28:22 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 18.10.2012 18:07:10 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 19.10.2012 02:12:52 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 19.10.2012 06:10:46 | Computer Name = PLey-L50 | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?10.?2012 um 12:09:43 unerwartet heruntergefahren.
Error - 19.10.2012 06:13:05 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 19.10.2012 17:30:03 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 19.10.2012 17:39:01 | Computer Name = PLey-L50 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.139.124.0)
Error - 19.10.2012 19:29:12 | Computer Name = PLey-L50 | Source = WMPNetworkSvc | ID = 866287
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-08 06:40:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST750LX0 rev.SM12 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Patrick\AppData\Local\Temp\kxriapob.sys
---- User code sections - GMER 2.1 ----
.reloc C:\Windows\system32\services.exe [580] section is executable [0x4A8, 0xA0000020] 0000000100052000
.text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe[4108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [580:720] 00000000001a1e58
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [516] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [912] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [980] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [572] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [600] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1364] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1604] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [3520] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3584] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [3684] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [3752] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [3844] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [4140] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:06) 000000006db90000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [4860] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation SIGNED)(2012-03-24 14:43:18) 000007fefce10000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243a4409d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243a4409d@0001e341d450 0x8A 0xF2 0xEC 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243a4409d@00234530a9dc 0xE1 0xEB 0x24 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243a4409d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243a4409d@0001e341d450 0x8A 0xF2 0xEC 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243a4409d@00234530a9dc 0xE1 0xEB 0x24 0x1E ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
---- EOF - GMER 2.1 ----
|
|
08.05.2013, 07:09
| #2 |
| /// Malwareteam / Visitor  | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Hi Patrick
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
09.05.2013, 23:00
| #3 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Hallo Smeenk,
__________________vielen Dank für die schnelle Antwort und Danke, dass Du mir hilftst und Dir dafür Zeit nimmst. Leider war ich die letzten beiden Tage geschäftlich unterwegs und antworte daher erst so spät. zoek-results.log: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 30-04-2013
Tool run by Patrick on 09.05.2013 at 22:36:18,10.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
==== Possible Rootkit Infection ======================
C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\L
C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U
C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\@
C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U\00000008.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2212639840-2740075087-3811639980-1000\Software\Microsoft\Internet Explorer\SearchScopes\{980B9BF6-AF0C-4AF0-BDF0-7A6CDC8EADEE} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\$Recycle.Bin\S-1-5-18\$12d2498644f15ee6708743b2affdc3a5" not found
"C:\Users\Patrick\AppData\Roaming\skype.dat" deleted
"C:\Users\Patrick\AppData\Roaming\skype.ini" deleted
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\@" deleted
"C:\$Recycle.Bin\S-1-5-21-2212639840-2740075087-3811639980-1000\$12d2498644f15ee6708743b2affdc3a5\@" deleted
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U\00000008.@" deleted
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}" not deleted
"C:\$Recycle.Bin\S-1-5-21-2212639840-2740075087-3811639980-1000\$12d2498644f15ee6708743b2affdc3a5" deleted
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\L" deleted
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}\U" not deleted
"C:\$Recycle.Bin\S-1-5-21-2212639840-2740075087-3811639980-1000\$12d2498644f15ee6708743b2affdc3a5\L" deleted
"C:\$Recycle.Bin\S-1-5-21-2212639840-2740075087-3811639980-1000\$12d2498644f15ee6708743b2affdc3a5\U" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\Users\Patrick\AppData\LocalLow\boost_interprocess" deleted
==== Registry Search Results for "$12d2498644f15ee6708743b2affdc3a5" ======================
No instances of string "$12d2498644f15ee6708743b2affdc3a5" found.
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-03 19:01:58 EA786C983D936656C53259FEB65FD102 662658339 ----a-w- C:\Windows\MEMORY.DMP
====== C:\Users\Patrick\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-30 18:53:08 315781E506D97F08E22F164B36EB5C11 108448 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-07 19:18:04 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
2013-04-27 11:58:07 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-10 18:12:19 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
====== C:\Users\Patrick\AppData\Roaming ======
2013-05-04 23:03:23 -------- d-----w- C:\users\Patrick\AppData\Local\ElevatedDiagnostics
2013-05-04 16:19:05 -------- d-----w- C:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2013-05-04 16:19:04 -------- d-----w- C:\users\Patrick\AppData\Local\Program Files
2013-04-30 18:50:27 -------- d-----w- C:\users\Patrick\AppData\Roaming\Oracle
2013-04-30 14:58:18 -------- d-----w- C:\users\Patrick\AppData\Roaming\AdobeUM
====== C:\Users\Patrick ======
2013-05-08 01:24:42 D28291D3F8CFD0BDA58BE1B77C4FE556 168 ----a-w- C:\Users\Patrick\defogger_reenable
2013-05-04 11:34:10 1321979BEF246B86385BE0405339CBCC 6026 ----a-w- C:\Users\Patrick\.recently-used.xbel
2013-04-25 14:36:30 -------- d-----w- C:\ProgramData\Syscon
====== C: exe-files ==
2013-05-07 19:18:02 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-07 19:18:02 5FF8FFD589DA25F43C4FE944A4B2AE0A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-07 19:16:51 8C2C2E5119E844B43085CBC73106754B 597560 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
2013-05-07 19:16:51 22DC787A09D2EC7E3F1138A26C41083C 46960 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
2013-05-04 23:02:33 10F4163F0EDDC031100180787D5F696F 347424 ----a-w- C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FTI4Z3A1\MicrosoftFixit.IEPerformance.MATSKB.Run.exe
2013-05-04 16:19:05 0BAC6AC0E8166A57E581D8B7E8C405C4 80571 ----a-w- C:\Users\Patrick\AppData\Local\Program Files\Amazon\MP3 Downloader\Uninstall.exe
=== C: other files ==
2013-05-07 19:18:04 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-07 19:18:02 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2212639840-2740075087-3811639980-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"VolPanel"="C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe /r"
"Module Loader"="C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"LogiScrollApp"="C:\Program Files\Logitech\FlowScroll\KhalScroll.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrobat Assistant 7.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ADSMTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADSMTray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\ASUS Data Security Manager\\ADSMTray.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AmazonMP3DownloaderHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AmazonMP3DownloaderHelper"
"hkey"="HKCU"
"command"="C:\\Users\\Patrick\\AppData\\Local\\Program Files\\Amazon\\MP3 Downloader\\AmazonMP3DownloaderHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GrooveMonitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GrooveMonitor"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IAStorIcon"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Intel\\Intel(R) Rapid Storage Technology\\IAStorIcon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Common Files\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBKeyScan]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBKeyScan"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="updateMgr"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Wisdom-soft AutoScreenRecorder 3.1 Pro"
"hkey"="HKCU"
"command"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Xvid"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Acrobat - Schnellstart.lnk"
"backup"="C:\\Windows\\pss\\Adobe Acrobat - Schnellstart.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\Windows\\Installer\\{AC76BA86-1033-F400-7760-100000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat - Schnellstart"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\Windows\\pss\\Adobe Gamma.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Patrick^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
"path"="C:\\Users\\Patrick\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk"
"backup"="C:\\Windows\\pss\\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\PROGRA~2\\MICROS~1\\Office12\\ONENOTEM.EXE /tsr"
"item"="OneNote 2007 Bildschirmausschnitt- und Startprogramm"
==== Startup Folders ======================
2012-03-25 11:51:10 834 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03.07.2012 01:22]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [03.07.2012 01:22]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xvh1nron.default
- Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- AP Suggestor - %ProfilePath%\extensions\{7F23E3F4-F72E-4f4f-8761-854C8942708F}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
==== Firefox Plugins ======================
Profilepath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\xvh1nron.default
F7E72D3A281F922BACEC1A71A826D4C2 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll - Shockwave Flash
9DD8C537203802975519927F596124B0 - C:\Users\Patrick\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll - AmazonMP3DownloaderPlugin
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
546A28FBC44B984FD92530227BF6F5C2 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
geooogfhpjdpeiphckpbgkhpbeobcaoi - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[08.02.2012 21:07]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07.02.2013 07:47]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{C6379DB5-CC9D-459E-89EC-DBAF4AFCDADA}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{14C927A3-1B78-497A-A166-8D1EEE8799E8} Youtube Url="hxxp://www.youtube.com/results?search_query={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AC151396-3DBF-42D6-BDB2-014EC3BF320A} Wikipedia (de) Url="hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}"
{C6379DB5-CC9D-459E-89EC-DBAF4AFCDADA} Google Url="hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"
{DA49B8EC-062B-49E4-917B-EFBA3FA4B0AA} eBay Deutschland Url="hxxp://rover.ebay.com/rover/1/707-53477-19255-0/1?icep_ff3=9&pub=5574640706&toolid=10001&campid=5336449492&customid=&icep_uq={searchTerms}&icep_sellerId=&icep_ex_kw=&icep_sortBy=12&icep_catId=&icep_minPrice=&icep_maxPrice=&ipn=psmain&icep_vectorid=229487&kwid=902099&mtid=824&kw=lg"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Patrick\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Patrick\AppData\Local\Mozilla\Firefox\Profiles\xvh1nron.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Patrick\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Windows\installer\{12d24986-44f1-5ee6-7087-43b2affdc3a5}" not found
TDSSKiller.2.8.16.0_09.05.2013_23.38.35_log: Code:
ATTFilter 23:38:35.0645 5104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:38:35.0661 5104 ============================================================
23:38:35.0661 5104 Current date / time: 2013/05/09 23:38:35.0661
23:38:35.0661 5104 SystemInfo:
23:38:35.0661 5104
23:38:35.0661 5104 OS Version: 6.1.7601 ServicePack: 1.0
23:38:35.0661 5104 Product type: Workstation
23:38:35.0661 5104 ComputerName: PLEY-L50
23:38:35.0661 5104 UserName: Patrick
23:38:35.0661 5104 Windows directory: C:\Windows
23:38:35.0661 5104 System windows directory: C:\Windows
23:38:35.0661 5104 Running under WOW64
23:38:35.0661 5104 Processor architecture: Intel x64
23:38:35.0661 5104 Number of processors: 2
23:38:35.0661 5104 Page size: 0x1000
23:38:35.0661 5104 Boot type: Normal boot
23:38:35.0661 5104 ============================================================
23:38:37.0143 5104 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:38:37.0159 5104 ============================================================
23:38:37.0159 5104 \Device\Harddisk0\DR0:
23:38:37.0159 5104 MBR partitions:
23:38:37.0159 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:38:37.0159 5104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
23:38:37.0159 5104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x3D090000, BlocksNum 0x12EBC000
23:38:37.0159 5104 ============================================================
23:38:37.0159 5104 C: <-> \Device\Harddisk0\DR0\Partition2
23:38:37.0159 5104 E: <-> \Device\Harddisk0\DR0\Partition3
23:38:37.0159 5104 ============================================================
23:38:37.0159 5104 Initialize success
23:38:37.0159 5104 ============================================================
23:39:07.0376 3144 ============================================================
23:39:07.0376 3144 Scan started
23:39:07.0376 3144 Mode: Manual; SigCheck; TDLFS;
23:39:07.0376 3144 ============================================================
23:39:07.0563 3144 ================ Scan system memory ========================
23:39:07.0563 3144 System memory - ok
23:39:07.0563 3144 ================ Scan services =============================
23:39:07.0704 3144 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:39:07.0766 3144 1394ohci - ok
23:39:07.0766 3144 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:39:07.0782 3144 ACPI - ok
23:39:07.0782 3144 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:39:07.0860 3144 AcpiPmi - ok
23:39:07.0860 3144 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:39:07.0875 3144 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:39:07.0875 3144 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:39:07.0891 3144 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:39:07.0906 3144 AdobeARMservice - ok
23:39:07.0906 3144 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:39:07.0938 3144 adp94xx - ok
23:39:07.0938 3144 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:39:07.0969 3144 adpahci - ok
23:39:07.0969 3144 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:39:07.0984 3144 adpu320 - ok
23:39:08.0000 3144 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
23:39:08.0000 3144 ADSMService ( UnsignedFile.Multi.Generic ) - warning
23:39:08.0000 3144 ADSMService - detected UnsignedFile.Multi.Generic (1)
23:39:08.0016 3144 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:39:08.0078 3144 AeLookupSvc - ok
23:39:08.0109 3144 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:39:08.0125 3144 AFD - ok
23:39:08.0140 3144 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:39:08.0156 3144 agp440 - ok
23:39:08.0156 3144 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:39:08.0187 3144 ALG - ok
23:39:08.0187 3144 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:39:08.0203 3144 aliide - ok
23:39:08.0218 3144 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:39:08.0234 3144 amdide - ok
23:39:08.0234 3144 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:39:08.0265 3144 AmdK8 - ok
23:39:08.0265 3144 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:39:08.0281 3144 AmdPPM - ok
23:39:08.0281 3144 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:39:08.0296 3144 amdsata - ok
23:39:08.0312 3144 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:39:08.0328 3144 amdsbs - ok
23:39:08.0328 3144 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:39:08.0343 3144 amdxata - ok
23:39:08.0359 3144 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:39:08.0374 3144 AntiVirSchedulerService - ok
23:39:08.0374 3144 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:39:08.0390 3144 AntiVirService - ok
23:39:08.0390 3144 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:39:08.0468 3144 AppID - ok
23:39:08.0468 3144 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:39:08.0515 3144 AppIDSvc - ok
23:39:08.0515 3144 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:39:08.0546 3144 Appinfo - ok
23:39:08.0562 3144 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:39:08.0608 3144 AppMgmt - ok
23:39:08.0608 3144 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:39:08.0624 3144 arc - ok
23:39:08.0624 3144 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:39:08.0640 3144 arcsas - ok
23:39:08.0655 3144 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
23:39:08.0671 3144 AsDsm - ok
23:39:08.0671 3144 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
23:39:08.0686 3144 ASLDRService - ok
23:39:08.0702 3144 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
23:39:08.0718 3144 ASMMAP64 - ok
23:39:08.0733 3144 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:39:08.0749 3144 aspnet_state - ok
23:39:08.0749 3144 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:39:08.0796 3144 AsyncMac - ok
23:39:08.0796 3144 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:39:08.0811 3144 atapi - ok
23:39:08.0811 3144 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
23:39:08.0827 3144 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
23:39:08.0827 3144 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
23:39:08.0827 3144 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:39:08.0858 3144 atksgt - ok
23:39:08.0889 3144 [ 225FB1C90CF88CD478D25940B3930873 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
23:39:08.0920 3144 ATSwpWDF - ok
23:39:08.0936 3144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:39:08.0983 3144 AudioEndpointBuilder - ok
23:39:08.0998 3144 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:39:09.0030 3144 AudioSrv - ok
23:39:09.0030 3144 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:39:09.0061 3144 avgntflt - ok
23:39:09.0061 3144 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:39:09.0076 3144 avipbb - ok
23:39:09.0092 3144 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:39:09.0108 3144 avkmgr - ok
23:39:09.0108 3144 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:39:09.0154 3144 AxInstSV - ok
23:39:09.0154 3144 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:39:09.0186 3144 b06bdrv - ok
23:39:09.0201 3144 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:39:09.0217 3144 b57nd60a - ok
23:39:09.0232 3144 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:39:09.0248 3144 BDESVC - ok
23:39:09.0248 3144 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:39:09.0279 3144 Beep - ok
23:39:09.0295 3144 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:39:09.0310 3144 blbdrive - ok
23:39:09.0310 3144 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:39:09.0326 3144 bowser - ok
23:39:09.0326 3144 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:39:09.0373 3144 BrFiltLo - ok
23:39:09.0420 3144 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:39:09.0560 3144 BrFiltUp - ok
23:39:09.0700 3144 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:39:09.0716 3144 Browser - ok
23:39:09.0732 3144 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:39:09.0747 3144 Brserid - ok
23:39:09.0763 3144 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:39:09.0778 3144 BrSerWdm - ok
23:39:09.0778 3144 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:39:09.0794 3144 BrUsbMdm - ok
23:39:09.0794 3144 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:39:09.0810 3144 BrUsbSer - ok
23:39:09.0825 3144 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:39:09.0841 3144 BthEnum - ok
23:39:09.0841 3144 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:39:09.0856 3144 BTHMODEM - ok
23:39:09.0872 3144 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:39:09.0888 3144 BthPan - ok
23:39:09.0903 3144 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:39:09.0919 3144 BTHPORT - ok
23:39:09.0934 3144 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:39:09.0966 3144 bthserv - ok
23:39:09.0966 3144 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:39:09.0997 3144 BTHUSB - ok
23:39:09.0997 3144 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:39:10.0012 3144 btwaudio - ok
23:39:10.0012 3144 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:39:10.0044 3144 btwavdt - ok
23:39:10.0059 3144 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:39:10.0075 3144 btwdins - ok
23:39:10.0090 3144 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:39:10.0090 3144 btwl2cap - ok
23:39:10.0106 3144 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:39:10.0122 3144 btwrchid - ok
23:39:10.0122 3144 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:39:10.0168 3144 cdfs - ok
23:39:10.0168 3144 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:39:10.0184 3144 cdrom - ok
23:39:10.0200 3144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:39:10.0231 3144 CertPropSvc - ok
23:39:10.0231 3144 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:39:10.0246 3144 circlass - ok
23:39:10.0262 3144 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:39:10.0293 3144 CLFS - ok
23:39:10.0293 3144 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:10.0309 3144 clr_optimization_v2.0.50727_32 - ok
23:39:10.0324 3144 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:39:10.0340 3144 clr_optimization_v2.0.50727_64 - ok
23:39:10.0356 3144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:39:10.0371 3144 clr_optimization_v4.0.30319_32 - ok
23:39:10.0371 3144 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:39:10.0387 3144 clr_optimization_v4.0.30319_64 - ok
23:39:10.0387 3144 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:39:10.0402 3144 CmBatt - ok
23:39:10.0418 3144 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:39:10.0418 3144 cmdide - ok
23:39:10.0449 3144 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:39:10.0480 3144 CNG - ok
23:39:10.0480 3144 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:39:10.0496 3144 Compbatt - ok
23:39:10.0496 3144 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:39:10.0512 3144 CompositeBus - ok
23:39:10.0527 3144 COMSysApp - ok
23:39:10.0527 3144 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:39:10.0543 3144 crcdisk - ok
23:39:10.0590 3144 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:39:10.0605 3144 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:39:10.0605 3144 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:39:10.0605 3144 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:39:10.0621 3144 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:39:10.0621 3144 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:39:10.0621 3144 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:39:10.0652 3144 CryptSvc - ok
23:39:10.0652 3144 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:39:10.0683 3144 CSC - ok
23:39:10.0699 3144 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:39:10.0730 3144 CscService - ok
23:39:10.0730 3144 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:39:10.0746 3144 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
23:39:10.0746 3144 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
23:39:10.0761 3144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:39:10.0792 3144 DcomLaunch - ok
23:39:10.0808 3144 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:39:10.0839 3144 defragsvc - ok
23:39:10.0855 3144 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:39:10.0886 3144 DfsC - ok
23:39:10.0917 3144 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:39:10.0948 3144 Dhcp - ok
23:39:10.0964 3144 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:39:11.0042 3144 discache - ok
23:39:11.0058 3144 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:39:11.0073 3144 Disk - ok
23:39:11.0089 3144 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:39:11.0136 3144 Dnscache - ok
23:39:11.0151 3144 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:39:11.0214 3144 dot3svc - ok
23:39:11.0214 3144 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:39:11.0245 3144 DPS - ok
23:39:11.0245 3144 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:39:11.0323 3144 drmkaud - ok
23:39:11.0416 3144 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:39:11.0432 3144 dtsoftbus01 - ok
23:39:11.0479 3144 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:39:11.0510 3144 DXGKrnl - ok
23:39:11.0526 3144 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:39:11.0557 3144 EapHost - ok
23:39:11.0619 3144 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:39:11.0713 3144 ebdrv - ok
23:39:11.0713 3144 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:39:11.0744 3144 EFS - ok
23:39:11.0760 3144 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:39:11.0791 3144 ehRecvr - ok
23:39:11.0806 3144 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:39:11.0822 3144 ehSched - ok
23:39:11.0838 3144 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:39:11.0869 3144 elxstor - ok
23:39:11.0869 3144 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:39:11.0884 3144 ErrDev - ok
23:39:11.0900 3144 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:39:11.0931 3144 EventSystem - ok
23:39:11.0947 3144 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:39:11.0978 3144 exfat - ok
23:39:11.0994 3144 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:39:12.0025 3144 fastfat - ok
23:39:12.0056 3144 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:39:12.0072 3144 Fax - ok
23:39:12.0087 3144 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:39:12.0103 3144 fdc - ok
23:39:12.0103 3144 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:39:12.0134 3144 fdPHost - ok
23:39:12.0150 3144 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:39:12.0181 3144 FDResPub - ok
23:39:12.0181 3144 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:39:12.0196 3144 FileInfo - ok
23:39:12.0212 3144 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:39:12.0243 3144 Filetrace - ok
23:39:12.0243 3144 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:39:12.0259 3144 flpydisk - ok
23:39:12.0274 3144 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:39:12.0290 3144 FltMgr - ok
23:39:12.0384 3144 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
23:39:12.0430 3144 FontCache - ok
23:39:12.0446 3144 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:39:12.0446 3144 FontCache3.0.0.0 - ok
23:39:12.0462 3144 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:39:12.0477 3144 FsDepends - ok
23:39:12.0477 3144 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:39:12.0493 3144 Fs_Rec - ok
23:39:12.0493 3144 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:39:12.0524 3144 fvevol - ok
23:39:12.0524 3144 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:39:12.0540 3144 gagp30kx - ok
23:39:12.0555 3144 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
23:39:12.0571 3144 ggflt - ok
23:39:12.0571 3144 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
23:39:12.0602 3144 ggsemc - ok
23:39:12.0602 3144 [ 7D66EBDE8B7F9B4E00BEEFEEE82670D4 ] ghaio C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys
23:39:12.0618 3144 ghaio - ok
23:39:12.0649 3144 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:39:12.0696 3144 gpsvc - ok
23:39:12.0696 3144 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:39:12.0711 3144 gupdate - ok
23:39:12.0711 3144 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:39:12.0727 3144 gupdatem - ok
23:39:12.0727 3144 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:39:12.0742 3144 hcw85cir - ok
23:39:12.0758 3144 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:39:12.0789 3144 HdAudAddService - ok
23:39:12.0789 3144 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:39:12.0805 3144 HDAudBus - ok
23:39:12.0805 3144 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:39:12.0820 3144 HidBatt - ok
23:39:12.0836 3144 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:39:12.0852 3144 HidBth - ok
23:39:12.0852 3144 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:39:12.0867 3144 HidIr - ok
23:39:12.0883 3144 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:39:12.0914 3144 hidserv - ok
23:39:12.0914 3144 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:39:12.0930 3144 HidUsb - ok
23:39:12.0945 3144 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:39:12.0976 3144 hkmsvc - ok
23:39:12.0976 3144 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:39:13.0008 3144 HomeGroupListener - ok
23:39:13.0008 3144 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:39:13.0039 3144 HomeGroupProvider - ok
23:39:13.0039 3144 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:39:13.0054 3144 HpSAMD - ok
23:39:13.0070 3144 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:39:13.0117 3144 HTTP - ok
23:39:13.0132 3144 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:39:13.0148 3144 hwpolicy - ok
23:39:13.0148 3144 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:39:13.0164 3144 i8042prt - ok
23:39:13.0179 3144 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:39:13.0195 3144 iaStor - ok
23:39:13.0210 3144 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:39:13.0226 3144 IAStorDataMgrSvc - ok
23:39:13.0242 3144 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:39:13.0257 3144 iaStorV - ok
23:39:13.0288 3144 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:39:13.0320 3144 idsvc - ok
23:39:13.0320 3144 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:39:13.0335 3144 iirsp - ok
23:39:13.0366 3144 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:39:13.0413 3144 IKEEXT - ok
23:39:13.0429 3144 [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:39:13.0476 3144 IntcAzAudAddService - ok
23:39:13.0491 3144 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:39:13.0507 3144 intelide - ok
23:39:13.0507 3144 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:39:13.0522 3144 intelppm - ok
23:39:13.0522 3144 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:39:13.0569 3144 IPBusEnum - ok
23:39:13.0569 3144 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:39:13.0600 3144 IpFilterDriver - ok
23:39:13.0616 3144 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:39:13.0632 3144 IPMIDRV - ok
23:39:13.0632 3144 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:39:13.0678 3144 IPNAT - ok
23:39:13.0678 3144 ipswuio - ok
23:39:13.0678 3144 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:39:13.0756 3144 IRENUM - ok
23:39:13.0756 3144 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:39:13.0772 3144 isapnp - ok
23:39:13.0834 3144 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:39:13.0866 3144 iScsiPrt - ok
23:39:13.0866 3144 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
23:39:13.0881 3144 itecir - ok
23:39:13.0881 3144 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:39:13.0897 3144 kbdclass - ok
23:39:13.0912 3144 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:39:13.0959 3144 kbdhid - ok
23:39:13.0959 3144 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
23:39:13.0975 3144 kbfiltr - ok
23:39:13.0990 3144 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:39:13.0990 3144 KeyIso - ok
23:39:14.0037 3144 [ 66B56468A44AE974EA2B098724439AA7 ] ksaud C:\Windows\system32\drivers\ksaud.sys
23:39:14.0084 3144 ksaud - ok
23:39:14.0100 3144 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:39:14.0115 3144 KSecDD - ok
23:39:14.0115 3144 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:39:14.0146 3144 KSecPkg - ok
23:39:14.0146 3144 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:39:14.0178 3144 ksthunk - ok
23:39:14.0193 3144 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:39:14.0240 3144 KtmRm - ok
23:39:14.0240 3144 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:39:14.0287 3144 LanmanServer - ok
23:39:14.0287 3144 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:39:14.0318 3144 LanmanWorkstation - ok
23:39:14.0334 3144 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:39:14.0365 3144 LBTServ - ok
23:39:14.0365 3144 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:39:14.0396 3144 LHidFilt - ok
23:39:14.0568 3144 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:39:14.0583 3144 lirsgt - ok
23:39:14.0739 3144 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:39:14.0770 3144 lltdio - ok
23:39:14.0770 3144 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:39:14.0817 3144 lltdsvc - ok
23:39:14.0833 3144 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:39:14.0864 3144 lmhosts - ok
23:39:14.0864 3144 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:39:14.0895 3144 LMouFilt - ok
23:39:14.0895 3144 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:39:14.0911 3144 LSI_FC - ok
23:39:14.0926 3144 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:39:14.0942 3144 LSI_SAS - ok
23:39:14.0942 3144 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:39:14.0958 3144 LSI_SAS2 - ok
23:39:14.0973 3144 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:39:14.0989 3144 LSI_SCSI - ok
23:39:14.0989 3144 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:39:15.0020 3144 luafv - ok
23:39:15.0020 3144 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
23:39:15.0051 3144 lullaby - ok
23:39:15.0051 3144 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
23:39:15.0067 3144 LUsbFilt - ok
23:39:15.0067 3144 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:39:15.0098 3144 Mcx2Svc - ok
23:39:15.0098 3144 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:39:15.0114 3144 megasas - ok
23:39:15.0160 3144 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:39:15.0176 3144 MegaSR - ok
23:39:15.0192 3144 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:39:15.0207 3144 Microsoft Office Groove Audit Service - ok
23:39:15.0207 3144 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:39:15.0254 3144 MMCSS - ok
23:39:15.0254 3144 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:39:15.0285 3144 Modem - ok
23:39:15.0285 3144 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:39:15.0301 3144 monitor - ok
23:39:15.0316 3144 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:39:15.0332 3144 mouclass - ok
23:39:15.0332 3144 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:39:15.0348 3144 mouhid - ok
23:39:15.0348 3144 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:39:15.0363 3144 mountmgr - ok
23:39:15.0379 3144 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:39:15.0394 3144 MozillaMaintenance - ok
23:39:15.0394 3144 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:39:15.0410 3144 mpio - ok
23:39:15.0426 3144 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:39:15.0457 3144 mpsdrv - ok
23:39:15.0457 3144 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:39:15.0488 3144 MRxDAV - ok
23:39:15.0504 3144 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:39:15.0519 3144 mrxsmb - ok
23:39:15.0535 3144 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:39:15.0550 3144 mrxsmb10 - ok
23:39:15.0566 3144 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:39:15.0582 3144 mrxsmb20 - ok
23:39:15.0582 3144 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:39:15.0597 3144 msahci - ok
23:39:15.0597 3144 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:39:15.0613 3144 msdsm - ok
23:39:15.0628 3144 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:39:15.0644 3144 MSDTC - ok
23:39:15.0660 3144 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:39:15.0691 3144 Msfs - ok
23:39:15.0691 3144 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:39:15.0722 3144 mshidkmdf - ok
23:39:15.0722 3144 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:39:15.0738 3144 msisadrv - ok
23:39:15.0753 3144 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:39:15.0784 3144 MSiSCSI - ok
23:39:15.0784 3144 msiserver - ok
23:39:15.0800 3144 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:39:15.0831 3144 MSKSSRV - ok
23:39:15.0847 3144 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:39:15.0894 3144 MSPCLOCK - ok
23:39:15.0894 3144 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:39:15.0940 3144 MSPQM - ok
23:39:15.0956 3144 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:39:15.0987 3144 MsRPC - ok
23:39:15.0987 3144 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:39:16.0003 3144 mssmbios - ok
23:39:16.0003 3144 MSSQL$SQLEXPRESS - ok
23:39:16.0018 3144 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:39:16.0034 3144 MSSQLServerADHelper100 - ok
23:39:16.0034 3144 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:39:16.0081 3144 MSTEE - ok
23:39:16.0081 3144 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:39:16.0096 3144 MTConfig - ok
23:39:16.0096 3144 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:39:16.0112 3144 MTsensor - ok
23:39:16.0112 3144 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:39:16.0128 3144 Mup - ok
23:39:16.0143 3144 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:39:16.0190 3144 napagent - ok
23:39:16.0206 3144 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:39:16.0237 3144 NativeWifiP - ok
23:39:16.0252 3144 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:39:16.0284 3144 NDIS - ok
23:39:16.0284 3144 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:39:16.0330 3144 NdisCap - ok
23:39:16.0330 3144 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:39:16.0362 3144 NdisTapi - ok
23:39:16.0377 3144 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:39:16.0408 3144 Ndisuio - ok
23:39:16.0408 3144 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:39:16.0455 3144 NdisWan - ok
23:39:16.0455 3144 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:39:16.0486 3144 NDProxy - ok
23:39:16.0518 3144 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
23:39:16.0549 3144 Nero BackItUp Scheduler 3 - ok
23:39:16.0549 3144 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:39:16.0580 3144 NetBIOS - ok
23:39:16.0596 3144 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:39:16.0642 3144 NetBT - ok
23:39:16.0642 3144 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:39:16.0658 3144 Netlogon - ok
23:39:16.0658 3144 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:39:16.0705 3144 Netman - ok
23:39:16.0720 3144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:16.0752 3144 NetMsmqActivator - ok
23:39:16.0767 3144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:16.0767 3144 NetPipeActivator - ok
23:39:16.0798 3144 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:39:16.0845 3144 netprofm - ok
23:39:16.0845 3144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:16.0861 3144 NetTcpActivator - ok
23:39:16.0861 3144 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:39:16.0876 3144 NetTcpPortSharing - ok
23:39:16.0986 3144 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
23:39:17.0126 3144 NETw5s64 - ok
23:39:17.0235 3144 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:39:17.0344 3144 netw5v64 - ok
23:39:17.0469 3144 [ B25FE0FA523579B6FA327311A579866E ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
23:39:17.0594 3144 NETwNs64 - ok
23:39:17.0594 3144 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:39:17.0610 3144 nfrd960 - ok
23:39:17.0625 3144 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:39:17.0641 3144 NlaSvc - ok
23:39:17.0672 3144 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
23:39:17.0688 3144 NMIndexingService - ok
23:39:17.0703 3144 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:39:17.0734 3144 Npfs - ok
23:39:17.0734 3144 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:39:17.0781 3144 nsi - ok
23:39:17.0781 3144 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:39:17.0828 3144 nsiproxy - ok
23:39:17.0844 3144 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:39:17.0906 3144 Ntfs - ok
23:39:17.0906 3144 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:39:17.0937 3144 Null - ok
23:39:17.0953 3144 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:39:17.0984 3144 NVHDA - ok
23:39:18.0234 3144 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:39:18.0405 3144 nvlddmkm - ok
23:39:18.0421 3144 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:39:18.0436 3144 nvraid - ok
23:39:18.0436 3144 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:39:18.0452 3144 nvstor - ok
23:39:18.0514 3144 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
23:39:18.0546 3144 nvsvc - ok
23:39:18.0608 3144 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:39:18.0670 3144 nvUpdatusService - ok
23:39:18.0670 3144 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:39:18.0686 3144 nv_agp - ok
23:39:18.0748 3144 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:39:18.0764 3144 odserv - ok
23:39:18.0780 3144 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:39:18.0795 3144 ohci1394 - ok
23:39:18.0811 3144 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:39:18.0811 3144 ose - ok
23:39:18.0889 3144 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:39:19.0045 3144 osppsvc - ok
23:39:19.0045 3144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:39:19.0060 3144 p2pimsvc - ok
23:39:19.0107 3144 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:39:19.0138 3144 p2psvc - ok
23:39:19.0138 3144 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:39:19.0185 3144 Parport - ok
23:39:19.0201 3144 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:39:19.0248 3144 partmgr - ok
23:39:19.0279 3144 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:39:19.0294 3144 PcaSvc - ok
23:39:19.0294 3144 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:39:19.0326 3144 pci - ok
23:39:19.0326 3144 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:39:19.0341 3144 pciide - ok
23:39:19.0357 3144 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:39:19.0606 3144 pcmcia - ok
23:39:19.0731 3144 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:39:19.0747 3144 pcw - ok
23:39:19.0747 3144 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:39:19.0794 3144 PEAUTH - ok
23:39:19.0825 3144 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:39:19.0872 3144 PeerDistSvc - ok
23:39:19.0950 3144 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:39:19.0965 3144 PerfHost - ok
23:39:20.0043 3144 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:39:20.0090 3144 pla - ok
23:39:20.0106 3144 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
23:39:20.0121 3144 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:39:20.0121 3144 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:39:20.0121 3144 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:39:20.0152 3144 PlugPlay - ok
23:39:20.0152 3144 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:39:20.0168 3144 PNRPAutoReg - ok
23:39:20.0184 3144 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:39:20.0199 3144 PNRPsvc - ok
23:39:20.0215 3144 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:39:20.0262 3144 PolicyAgent - ok
23:39:20.0277 3144 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:39:20.0308 3144 Power - ok
23:39:20.0308 3144 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:39:20.0355 3144 PptpMiniport - ok
23:39:20.0355 3144 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:39:20.0371 3144 Processor - ok
23:39:20.0386 3144 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:39:20.0402 3144 ProfSvc - ok
23:39:20.0402 3144 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:39:20.0418 3144 ProtectedStorage - ok
23:39:20.0433 3144 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:39:20.0464 3144 Psched - ok
23:39:20.0496 3144 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:39:20.0542 3144 ql2300 - ok
23:39:20.0542 3144 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:39:20.0558 3144 ql40xx - ok
23:39:20.0574 3144 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:39:20.0605 3144 QWAVE - ok
23:39:20.0605 3144 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:39:20.0636 3144 QWAVEdrv - ok
23:39:20.0636 3144 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:39:20.0698 3144 RapiMgr - ok
23:39:20.0714 3144 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:39:20.0745 3144 RasAcd - ok
23:39:20.0745 3144 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:39:20.0776 3144 RasAgileVpn - ok
23:39:20.0792 3144 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:39:20.0823 3144 RasAuto - ok
23:39:20.0854 3144 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:39:20.0886 3144 Rasl2tp - ok
23:39:20.0901 3144 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:39:20.0948 3144 RasMan - ok
23:39:20.0948 3144 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:39:20.0979 3144 RasPppoe - ok
23:39:20.0995 3144 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:39:21.0026 3144 RasSstp - ok
23:39:21.0042 3144 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:39:21.0088 3144 rdbss - ok
23:39:21.0088 3144 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:39:21.0104 3144 rdpbus - ok
23:39:21.0104 3144 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:39:21.0151 3144 RDPCDD - ok
23:39:21.0151 3144 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:39:21.0166 3144 RDPDR - ok
23:39:21.0182 3144 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:39:21.0213 3144 RDPENCDD - ok
23:39:21.0213 3144 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:39:21.0244 3144 RDPREFMP - ok
23:39:21.0260 3144 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:39:21.0276 3144 RdpVideoMiniport - ok
23:39:21.0291 3144 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:39:21.0322 3144 RDPWD - ok
23:39:21.0338 3144 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:39:21.0354 3144 rdyboost - ok
23:39:21.0354 3144 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:39:21.0400 3144 RemoteAccess - ok
23:39:21.0400 3144 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:39:21.0447 3144 RemoteRegistry - ok
23:39:21.0463 3144 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:39:21.0478 3144 RFCOMM - ok
23:39:21.0478 3144 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
23:39:21.0494 3144 rimmptsk - ok
23:39:21.0494 3144 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
23:39:21.0510 3144 rimsptsk - ok
23:39:21.0525 3144 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
23:39:21.0525 3144 rismxdp - ok
23:39:21.0541 3144 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:39:21.0572 3144 RpcEptMapper - ok
23:39:21.0588 3144 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:39:21.0603 3144 RpcLocator - ok
23:39:21.0603 3144 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:39:21.0650 3144 RpcSs - ok
23:39:21.0650 3144 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
23:39:21.0681 3144 RsFx0105 - ok
23:39:21.0697 3144 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:39:21.0744 3144 rspndr - ok
23:39:21.0775 3144 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:39:21.0790 3144 RTL8167 - ok
23:39:21.0806 3144 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:39:21.0822 3144 s3cap - ok
23:39:21.0822 3144 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:39:21.0837 3144 SamSs - ok
23:39:21.0837 3144 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:39:21.0853 3144 sbp2port - ok
23:39:21.0868 3144 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:39:21.0915 3144 SCardSvr - ok
23:39:21.0915 3144 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:39:21.0946 3144 scfilter - ok
23:39:21.0962 3144 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:39:22.0024 3144 Schedule - ok
23:39:22.0024 3144 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:39:22.0056 3144 SCPolicySvc - ok
23:39:22.0071 3144 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:39:22.0087 3144 sdbus - ok
23:39:22.0087 3144 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:39:22.0118 3144 SDRSVC - ok
23:39:22.0118 3144 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:39:22.0165 3144 secdrv - ok
23:39:22.0165 3144 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:39:22.0196 3144 seclogon - ok
23:39:22.0212 3144 [ EBE15FC8524C8AAD53F7C17FD37C5DFE ] sef3x1 C:\Windows\system32\DRIVERS\sef3x1.sys
23:39:22.0227 3144 sef3x1 - ok
23:39:22.0227 3144 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:39:22.0274 3144 SENS - ok
23:39:22.0274 3144 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:39:22.0305 3144 SensrSvc - ok
23:39:22.0305 3144 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:39:22.0321 3144 Serenum - ok
23:39:22.0321 3144 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:39:22.0336 3144 Serial - ok
23:39:22.0352 3144 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:39:22.0368 3144 sermouse - ok
23:39:22.0368 3144 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:39:22.0414 3144 SessionEnv - ok
23:39:22.0414 3144 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:39:22.0430 3144 sffdisk - ok
23:39:22.0430 3144 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:39:22.0446 3144 sffp_mmc - ok
23:39:22.0446 3144 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:39:22.0461 3144 sffp_sd - ok
23:39:22.0477 3144 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:39:22.0492 3144 sfloppy - ok
23:39:22.0492 3144 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:39:22.0539 3144 ShellHWDetection - ok
23:39:22.0539 3144 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:39:22.0555 3144 SiSRaid2 - ok
23:39:22.0570 3144 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:39:22.0586 3144 SiSRaid4 - ok
23:39:22.0586 3144 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:39:22.0633 3144 SkypeUpdate - ok
23:39:22.0648 3144 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:39:22.0680 3144 Smb - ok
23:39:22.0680 3144 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:39:22.0695 3144 SNMPTRAP - ok
23:39:22.0711 3144 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:39:22.0726 3144 spldr - ok
23:39:22.0726 3144 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
23:39:22.0758 3144 spmgr - ok
23:39:22.0758 3144 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:39:22.0789 3144 Spooler - ok
23:39:22.0851 3144 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:39:22.0929 3144 sppsvc - ok
23:39:22.0945 3144 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:39:22.0976 3144 sppuinotify - ok
23:39:22.0992 3144 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:39:23.0023 3144 SQLAgent$SQLEXPRESS - ok
23:39:23.0023 3144 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:39:23.0038 3144 SQLBrowser - ok
23:39:23.0054 3144 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:39:23.0070 3144 SQLWriter - ok
23:39:23.0070 3144 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:39:23.0101 3144 srv - ok
23:39:23.0116 3144 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:39:23.0132 3144 srv2 - ok
23:39:23.0148 3144 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:39:23.0163 3144 srvnet - ok
23:39:23.0179 3144 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:39:23.0210 3144 SSDPSRV - ok
23:39:23.0226 3144 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:39:23.0257 3144 SstpSvc - ok
23:39:23.0257 3144 Steam Client Service - ok
23:39:23.0272 3144 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:39:23.0304 3144 Stereo Service - ok
23:39:23.0304 3144 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:39:23.0319 3144 stexstor - ok
23:39:23.0335 3144 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:39:23.0366 3144 stisvc - ok
23:39:23.0382 3144 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:39:23.0397 3144 storflt - ok
23:39:23.0397 3144 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:39:23.0413 3144 StorSvc - ok
23:39:23.0413 3144 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:39:23.0428 3144 storvsc - ok
23:39:23.0444 3144 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:39:23.0460 3144 swenum - ok
23:39:23.0460 3144 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:39:23.0522 3144 swprv - ok
23:39:23.0538 3144 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:39:23.0584 3144 SysMain - ok
23:39:23.0584 3144 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:39:23.0616 3144 TabletInputService - ok
23:39:23.0631 3144 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:39:23.0678 3144 TapiSrv - ok
23:39:23.0678 3144 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:39:23.0709 3144 TBS - ok
23:39:23.0740 3144 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:39:23.0803 3144 Tcpip - ok
23:39:23.0818 3144 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:39:23.0865 3144 TCPIP6 - ok
23:39:23.0865 3144 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:39:23.0881 3144 tcpipreg - ok
23:39:23.0896 3144 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:39:23.0912 3144 TDPIPE - ok
23:39:23.0912 3144 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:39:23.0928 3144 TDTCP - ok
23:39:23.0928 3144 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:39:23.0974 3144 tdx - ok
23:39:24.0021 3144 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
23:39:24.0068 3144 TeamViewer7 - ok
23:39:24.0068 3144 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:39:24.0084 3144 teamviewervpn - ok
23:39:24.0084 3144 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:39:24.0099 3144 TermDD - ok
23:39:24.0130 3144 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:39:24.0162 3144 TermService - ok
23:39:24.0177 3144 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:39:24.0193 3144 Themes - ok
23:39:24.0208 3144 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:39:24.0240 3144 THREADORDER - ok
23:39:24.0240 3144 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:39:24.0286 3144 TrkWks - ok
23:39:24.0286 3144 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:39:24.0349 3144 TrustedInstaller - ok
23:39:24.0380 3144 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:39:24.0489 3144 tssecsrv - ok
23:39:24.0754 3144 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:39:24.0786 3144 TsUsbFlt - ok
23:39:24.0801 3144 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:39:24.0832 3144 tunnel - ok
23:39:24.0848 3144 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:39:24.0864 3144 uagp35 - ok
23:39:24.0864 3144 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:39:24.0910 3144 udfs - ok
23:39:24.0910 3144 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:39:24.0926 3144 UI0Detect - ok
23:39:24.0926 3144 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:39:24.0942 3144 uliagpkx - ok
23:39:24.0957 3144 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:39:24.0973 3144 umbus - ok
23:39:24.0973 3144 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:39:24.0988 3144 UmPass - ok
23:39:25.0004 3144 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:39:25.0020 3144 UmRdpService - ok
23:39:25.0035 3144 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:39:25.0082 3144 upnphost - ok
23:39:25.0082 3144 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:39:25.0098 3144 usbaudio - ok
23:39:25.0113 3144 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:39:25.0129 3144 usbccgp - ok
23:39:25.0129 3144 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:39:25.0144 3144 usbcir - ok
23:39:25.0144 3144 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:39:25.0160 3144 usbehci - ok
23:39:25.0176 3144 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:39:25.0191 3144 usbhub - ok
23:39:25.0207 3144 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:39:25.0222 3144 usbohci - ok
23:39:25.0222 3144 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:39:25.0238 3144 usbprint - ok
23:39:25.0254 3144 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:39:25.0269 3144 USBSTOR - ok
23:39:25.0269 3144 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:39:25.0285 3144 usbuhci - ok
23:39:25.0300 3144 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:39:25.0316 3144 usbvideo - ok
23:39:25.0316 3144 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
23:39:25.0332 3144 usb_rndisx - ok
23:39:25.0347 3144 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:39:25.0378 3144 UxSms - ok
23:39:25.0378 3144 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:39:25.0394 3144 VaultSvc - ok
23:39:25.0410 3144 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:39:25.0425 3144 vdrvroot - ok
23:39:25.0456 3144 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:39:25.0503 3144 vds - ok
23:39:25.0519 3144 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:39:25.0534 3144 vga - ok
23:39:25.0550 3144 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:39:25.0581 3144 VgaSave - ok
23:39:25.0597 3144 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:39:25.0612 3144 vhdmp - ok
23:39:25.0628 3144 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:39:25.0644 3144 viaide - ok
23:39:25.0644 3144 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:39:25.0659 3144 vmbus - ok
23:39:25.0659 3144 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:39:25.0675 3144 VMBusHID - ok
23:39:25.0690 3144 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:39:25.0706 3144 volmgr - ok
23:39:25.0706 3144 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:39:25.0737 3144 volmgrx - ok
23:39:25.0737 3144 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:39:25.0768 3144 volsnap - ok
23:39:25.0768 3144 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:39:25.0784 3144 vpcbus - ok
23:39:25.0800 3144 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:39:25.0815 3144 vpcnfltr - ok
23:39:25.0815 3144 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:39:25.0831 3144 vpcusb - ok
23:39:25.0846 3144 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
23:39:25.0862 3144 vpcuxd - ok
23:39:25.0862 3144 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:39:25.0878 3144 vpcvmm - ok
23:39:25.0893 3144 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:39:25.0909 3144 vsmraid - ok
23:39:25.0909 3144 [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
23:39:25.0924 3144 VSPerfDrv100 - ok
23:39:25.0956 3144 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:39:26.0034 3144 VSS - ok
23:39:26.0034 3144 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:39:26.0049 3144 vwifibus - ok
23:39:26.0049 3144 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:39:26.0080 3144 vwififlt - ok
23:39:26.0080 3144 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:39:26.0096 3144 vwifimp - ok
23:39:26.0112 3144 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:39:26.0158 3144 W32Time - ok
23:39:26.0174 3144 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:39:26.0190 3144 WacomPen - ok
23:39:26.0205 3144 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:39:26.0236 3144 WANARP - ok
23:39:26.0252 3144 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:39:26.0283 3144 Wanarpv6 - ok
23:39:26.0314 3144 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:39:26.0377 3144 WatAdminSvc - ok
23:39:26.0408 3144 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:39:26.0455 3144 wbengine - ok
23:39:26.0470 3144 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:39:26.0486 3144 WbioSrvc - ok
23:39:26.0502 3144 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:39:26.0517 3144 WcesComm - ok
23:39:26.0533 3144 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:39:26.0548 3144 wcncsvc - ok
23:39:26.0564 3144 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:39:26.0580 3144 WcsPlugInService - ok
23:39:26.0580 3144 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:39:26.0595 3144 Wd - ok
23:39:26.0611 3144 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:39:26.0642 3144 Wdf01000 - ok
23:39:26.0642 3144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:39:26.0720 3144 WdiServiceHost - ok
23:39:26.0720 3144 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:39:26.0736 3144 WdiSystemHost - ok
23:39:26.0751 3144 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:39:26.0782 3144 WebClient - ok
23:39:26.0782 3144 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:39:26.0814 3144 Wecsvc - ok
23:39:26.0814 3144 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:39:26.0845 3144 wercplsupport - ok
23:39:26.0892 3144 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:39:26.0923 3144 WerSvc - ok
23:39:26.0938 3144 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:39:26.0970 3144 WfpLwf - ok
23:39:26.0985 3144 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:39:26.0985 3144 WIMMount - ok
23:39:27.0001 3144 WinHttpAutoProxySvc - ok
23:39:27.0016 3144 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:39:27.0032 3144 Winmgmt - ok
23:39:27.0079 3144 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
23:39:27.0157 3144 WinRM - ok
23:39:27.0172 3144 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:39:27.0188 3144 WinUSB - ok
23:39:27.0204 3144 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:39:27.0250 3144 Wlansvc - ok
23:39:27.0282 3144 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:39:27.0344 3144 wlidsvc - ok
23:39:27.0344 3144 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:39:27.0360 3144 WmiAcpi - ok
23:39:27.0360 3144 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:39:27.0391 3144 wmiApSrv - ok
23:39:27.0391 3144 WMPNetworkSvc - ok
23:39:27.0391 3144 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:39:27.0406 3144 WPCSvc - ok
23:39:27.0422 3144 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:39:27.0453 3144 WPDBusEnum - ok
23:39:27.0453 3144 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:39:27.0500 3144 ws2ifsl - ok
23:39:27.0500 3144 WSearch - ok
23:39:27.0500 3144 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:39:27.0516 3144 WudfPf - ok
23:39:27.0531 3144 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:39:27.0547 3144 WUDFRd - ok
23:39:27.0562 3144 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:39:27.0578 3144 wudfsvc - ok
23:39:27.0578 3144 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:39:27.0609 3144 WwanSvc - ok
23:39:27.0625 3144 ================ Scan global ===============================
23:39:27.0656 3144 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:39:27.0656 3144 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:39:27.0672 3144 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:39:27.0687 3144 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:39:27.0703 3144 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
23:39:27.0703 3144 Suspicious file (NoAccess): C:\Windows\system32\services.exe. md5: 50BEA589F7D7958BDD2528A8F69D05CC
23:39:27.0703 3144 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
23:39:27.0703 3144 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
23:39:27.0703 3144 ================ Scan MBR ==================================
23:39:27.0703 3144 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
23:39:27.0828 3144 \Device\Harddisk0\DR0 - ok
23:39:27.0828 3144 ================ Scan VBR ==================================
23:39:27.0828 3144 [ D3458C8C66A0B79F4D28FB4EA9D0A021 ] \Device\Harddisk0\DR0\Partition1
23:39:27.0828 3144 \Device\Harddisk0\DR0\Partition1 - ok
23:39:27.0828 3144 [ 62AB6E19FB98996EE5BCAAD73533EBC7 ] \Device\Harddisk0\DR0\Partition2
23:39:27.0828 3144 \Device\Harddisk0\DR0\Partition2 - ok
23:39:27.0828 3144 [ 18494A01EA11881EEEB7A498E5A4D853 ] \Device\Harddisk0\DR0\Partition3
23:39:27.0828 3144 \Device\Harddisk0\DR0\Partition3 - ok
23:39:27.0828 3144 ============================================================
23:39:27.0828 3144 Scan finished
23:39:27.0828 3144 ============================================================
23:39:27.0843 4888 Detected object count: 8
23:39:27.0843 4888 Actual detected object count: 8
23:39:59.0574 4888 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0574 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:39:59.0574 4888 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:39:59.0823 4888 C:\Windows\system32\services.exe - copied to quarantine
23:40:00.0057 4888 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
23:40:00.0057 4888 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
23:40:09.0885 4888 Backup copy not found, trying to cure infected file..
23:40:09.0885 4888 Cure success, using it..
23:40:09.0932 4888 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
23:40:09.0932 4888 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
23:40:09.0948 4888 C:\Windows\system32\services.exe - will be cured on reboot
23:40:09.0948 4888 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
23:40:20.0415 3444 Deinitialize success
|
|
09.05.2013, 23:01
| #4 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Nach dem Neustart: TDSSKiller.2.8.16.0_09.05.2013_23.41.36_log: Code:
ATTFilter 23:41:36.0620 3612 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:41:36.0698 3612 ============================================================
23:41:36.0698 3612 Current date / time: 2013/05/09 23:41:36.0698
23:41:36.0698 3612 SystemInfo:
23:41:36.0698 3612
23:41:36.0698 3612 OS Version: 6.1.7601 ServicePack: 1.0
23:41:36.0698 3612 Product type: Workstation
23:41:36.0698 3612 ComputerName: PLEY-L50
23:41:36.0698 3612 UserName: Patrick
23:41:36.0698 3612 Windows directory: C:\Windows
23:41:36.0698 3612 System windows directory: C:\Windows
23:41:36.0698 3612 Running under WOW64
23:41:36.0698 3612 Processor architecture: Intel x64
23:41:36.0698 3612 Number of processors: 2
23:41:36.0698 3612 Page size: 0x1000
23:41:36.0698 3612 Boot type: Normal boot
23:41:36.0698 3612 ============================================================
23:41:36.0745 3612 BG loaded
23:41:37.0135 3612 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:41:37.0135 3612 ============================================================
23:41:37.0135 3612 \Device\Harddisk0\DR0:
23:41:37.0135 3612 MBR partitions:
23:41:37.0135 3612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:41:37.0135 3612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
23:41:37.0135 3612 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xB, StartLBA 0x3D090000, BlocksNum 0x12EBC000
23:41:37.0135 3612 ============================================================
23:41:37.0150 3612 C: <-> \Device\Harddisk0\DR0\Partition2
23:41:37.0150 3612 E: <-> \Device\Harddisk0\DR0\Partition3
23:41:37.0150 3612 ============================================================
23:41:37.0150 3612 Initialize success
23:41:37.0150 3612 ============================================================
23:41:51.0598 4956 ============================================================
23:41:51.0598 4956 Scan started
23:41:51.0598 4956 Mode: Manual; SigCheck; TDLFS;
23:41:51.0598 4956 ============================================================
23:41:51.0817 4956 ================ Scan system memory ========================
23:41:51.0817 4956 System memory - ok
23:41:51.0817 4956 ================ Scan services =============================
23:41:51.0895 4956 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:41:53.0174 4956 1394ohci - ok
23:41:53.0189 4956 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:41:53.0205 4956 ACPI - ok
23:41:53.0205 4956 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:41:53.0252 4956 AcpiPmi - ok
23:41:53.0252 4956 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:41:53.0267 4956 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:41:53.0267 4956 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:41:53.0283 4956 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:41:53.0299 4956 AdobeARMservice - ok
23:41:53.0299 4956 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:41:53.0330 4956 adp94xx - ok
23:41:53.0330 4956 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:41:53.0361 4956 adpahci - ok
23:41:53.0361 4956 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:41:53.0377 4956 adpu320 - ok
23:41:53.0392 4956 [ C0BF554D2277F7A4C735D475ADE2E3B2 ] ADSMService C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
23:41:53.0408 4956 ADSMService ( UnsignedFile.Multi.Generic ) - warning
23:41:53.0408 4956 ADSMService - detected UnsignedFile.Multi.Generic (1)
23:41:53.0408 4956 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:41:53.0486 4956 AeLookupSvc - ok
23:41:53.0501 4956 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:41:53.0517 4956 AFD - ok
23:41:53.0533 4956 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:41:53.0548 4956 agp440 - ok
23:41:53.0548 4956 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:41:53.0564 4956 ALG - ok
23:41:53.0579 4956 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:41:53.0595 4956 aliide - ok
23:41:53.0595 4956 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:41:53.0611 4956 amdide - ok
23:41:53.0611 4956 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:41:53.0642 4956 AmdK8 - ok
23:41:53.0829 4956 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:41:53.0969 4956 AmdPPM - ok
23:41:53.0969 4956 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:41:53.0985 4956 amdsata - ok
23:41:54.0001 4956 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:41:54.0016 4956 amdsbs - ok
23:41:54.0016 4956 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:41:54.0032 4956 amdxata - ok
23:41:54.0047 4956 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:41:54.0063 4956 AntiVirSchedulerService - ok
23:41:54.0063 4956 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:41:54.0079 4956 AntiVirService - ok
23:41:54.0094 4956 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:41:54.0188 4956 AppID - ok
23:41:54.0203 4956 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:41:54.0235 4956 AppIDSvc - ok
23:41:54.0250 4956 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:41:54.0281 4956 Appinfo - ok
23:41:54.0281 4956 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:41:54.0313 4956 AppMgmt - ok
23:41:54.0313 4956 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:41:54.0328 4956 arc - ok
23:41:54.0344 4956 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:41:54.0359 4956 arcsas - ok
23:41:54.0359 4956 [ 88FBC8BEBFD38566235EAA5E4DBC4E05 ] AsDsm C:\Windows\system32\drivers\AsDsm.sys
23:41:54.0375 4956 AsDsm - ok
23:41:54.0391 4956 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
23:41:54.0406 4956 ASLDRService - ok
23:41:54.0406 4956 [ 2DB34EDD17D3A8DA7105A19C95A3DD68 ] ASMMAP64 C:\Program Files\ATKGFNEX\ASMMAP64.sys
23:41:54.0422 4956 ASMMAP64 - ok
23:41:54.0453 4956 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:41:54.0484 4956 aspnet_state - ok
23:41:54.0484 4956 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:41:54.0531 4956 AsyncMac - ok
23:41:54.0547 4956 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:41:54.0547 4956 atapi - ok
23:41:54.0562 4956 [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv C:\Program Files\ATKGFNEX\GFNEXSrv.exe
23:41:54.0562 4956 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
23:41:54.0562 4956 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
23:41:54.0578 4956 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:41:54.0593 4956 atksgt - ok
23:41:54.0640 4956 [ 225FB1C90CF88CD478D25940B3930873 ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
23:41:54.0671 4956 ATSwpWDF - ok
23:41:54.0687 4956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:41:54.0734 4956 AudioEndpointBuilder - ok
23:41:54.0734 4956 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:41:54.0781 4956 AudioSrv - ok
23:41:54.0781 4956 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:41:54.0796 4956 avgntflt - ok
23:41:54.0796 4956 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:41:54.0827 4956 avipbb - ok
23:41:54.0827 4956 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:41:54.0859 4956 avkmgr - ok
23:41:54.0859 4956 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:41:54.0905 4956 AxInstSV - ok
23:41:54.0921 4956 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:41:54.0952 4956 b06bdrv - ok
23:41:54.0968 4956 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:41:54.0999 4956 b57nd60a - ok
23:41:55.0015 4956 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:41:55.0030 4956 BDESVC - ok
23:41:55.0061 4956 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:41:55.0139 4956 Beep - ok
23:41:55.0155 4956 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:41:55.0171 4956 blbdrive - ok
23:41:55.0171 4956 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:41:55.0217 4956 bowser - ok
23:41:55.0217 4956 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:41:55.0280 4956 BrFiltLo - ok
23:41:55.0295 4956 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:41:55.0311 4956 BrFiltUp - ok
23:41:55.0311 4956 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:41:55.0342 4956 Browser - ok
23:41:55.0342 4956 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:41:55.0373 4956 Brserid - ok
23:41:55.0373 4956 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:41:55.0389 4956 BrSerWdm - ok
23:41:55.0405 4956 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:41:55.0420 4956 BrUsbMdm - ok
23:41:55.0436 4956 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:41:55.0451 4956 BrUsbSer - ok
23:41:55.0451 4956 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:41:55.0467 4956 BthEnum - ok
23:41:55.0467 4956 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:41:55.0498 4956 BTHMODEM - ok
23:41:55.0498 4956 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:41:55.0514 4956 BthPan - ok
23:41:55.0529 4956 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:41:55.0561 4956 BTHPORT - ok
23:41:55.0561 4956 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:41:55.0592 4956 bthserv - ok
23:41:55.0607 4956 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:41:55.0623 4956 BTHUSB - ok
23:41:55.0639 4956 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:41:55.0670 4956 btwaudio - ok
23:41:55.0701 4956 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:41:55.0732 4956 btwavdt - ok
23:41:55.0748 4956 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:41:55.0763 4956 btwdins - ok
23:41:55.0779 4956 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:41:55.0795 4956 btwl2cap - ok
23:41:55.0795 4956 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:41:55.0810 4956 btwrchid - ok
23:41:55.0826 4956 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:41:55.0873 4956 cdfs - ok
23:41:55.0873 4956 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:41:55.0919 4956 cdrom - ok
23:41:55.0935 4956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:41:55.0982 4956 CertPropSvc - ok
23:41:55.0982 4956 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:41:55.0997 4956 circlass - ok
23:41:56.0013 4956 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:41:56.0029 4956 CLFS - ok
23:41:56.0044 4956 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:41:56.0060 4956 clr_optimization_v2.0.50727_32 - ok
23:41:56.0075 4956 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:41:56.0091 4956 clr_optimization_v2.0.50727_64 - ok
23:41:56.0107 4956 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:41:56.0138 4956 clr_optimization_v4.0.30319_32 - ok
23:41:56.0138 4956 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:41:56.0153 4956 clr_optimization_v4.0.30319_64 - ok
23:41:56.0169 4956 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:41:56.0185 4956 CmBatt - ok
23:41:56.0185 4956 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:41:56.0216 4956 cmdide - ok
23:41:56.0216 4956 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
23:41:56.0263 4956 CNG - ok
23:41:56.0294 4956 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:41:56.0309 4956 Compbatt - ok
23:41:56.0309 4956 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:41:56.0325 4956 CompositeBus - ok
23:41:56.0325 4956 COMSysApp - ok
23:41:56.0341 4956 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:41:56.0356 4956 crcdisk - ok
23:41:56.0356 4956 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
23:41:56.0372 4956 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:41:56.0372 4956 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:41:56.0387 4956 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
23:41:56.0387 4956 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
23:41:56.0387 4956 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
23:41:56.0403 4956 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:41:56.0419 4956 CryptSvc - ok
23:41:56.0434 4956 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:41:56.0465 4956 CSC - ok
23:41:56.0481 4956 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:41:56.0497 4956 CscService - ok
23:41:56.0543 4956 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
23:41:56.0559 4956 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
23:41:56.0559 4956 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
23:41:56.0575 4956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:41:56.0606 4956 DcomLaunch - ok
23:41:56.0621 4956 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:41:56.0653 4956 defragsvc - ok
23:41:56.0668 4956 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:41:56.0699 4956 DfsC - ok
23:41:56.0715 4956 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:41:56.0731 4956 Dhcp - ok
23:41:56.0731 4956 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:41:56.0777 4956 discache - ok
23:41:56.0777 4956 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:41:56.0793 4956 Disk - ok
23:41:56.0793 4956 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:41:56.0824 4956 Dnscache - ok
23:41:56.0824 4956 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:41:56.0871 4956 dot3svc - ok
23:41:56.0871 4956 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:41:56.0918 4956 DPS - ok
23:41:56.0918 4956 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:41:56.0933 4956 drmkaud - ok
23:41:56.0933 4956 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:41:56.0965 4956 dtsoftbus01 - ok
23:41:56.0980 4956 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:41:57.0011 4956 DXGKrnl - ok
23:41:57.0011 4956 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:41:57.0043 4956 EapHost - ok
23:41:57.0105 4956 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:41:57.0199 4956 ebdrv - ok
23:41:57.0199 4956 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:41:57.0214 4956 EFS - ok
23:41:57.0245 4956 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:41:57.0277 4956 ehRecvr - ok
23:41:57.0277 4956 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:41:57.0308 4956 ehSched - ok
23:41:57.0339 4956 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:41:57.0355 4956 elxstor - ok
23:41:57.0370 4956 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:41:57.0386 4956 ErrDev - ok
23:41:57.0401 4956 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:41:57.0448 4956 EventSystem - ok
23:41:57.0464 4956 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:41:57.0495 4956 exfat - ok
23:41:57.0511 4956 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:41:57.0542 4956 fastfat - ok
23:41:57.0573 4956 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:41:57.0604 4956 Fax - ok
23:41:57.0604 4956 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:41:57.0620 4956 fdc - ok
23:41:57.0620 4956 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:41:57.0667 4956 fdPHost - ok
23:41:57.0667 4956 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:41:57.0698 4956 FDResPub - ok
23:41:57.0713 4956 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:41:57.0729 4956 FileInfo - ok
23:41:57.0729 4956 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:41:57.0760 4956 Filetrace - ok
23:41:57.0776 4956 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:41:57.0791 4956 flpydisk - ok
23:41:57.0791 4956 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:41:57.0807 4956 FltMgr - ok
23:41:57.0823 4956 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
23:41:57.0854 4956 FontCache - ok
23:41:57.0869 4956 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:41:57.0885 4956 FontCache3.0.0.0 - ok
23:41:57.0885 4956 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:41:57.0901 4956 FsDepends - ok
23:41:57.0916 4956 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:41:57.0932 4956 Fs_Rec - ok
23:41:57.0932 4956 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:41:57.0963 4956 fvevol - ok
23:41:57.0963 4956 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:41:57.0979 4956 gagp30kx - ok
23:41:57.0994 4956 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
23:41:58.0010 4956 ggflt - ok
23:41:58.0025 4956 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
23:41:58.0041 4956 ggsemc - ok
23:41:58.0041 4956 [ 7D66EBDE8B7F9B4E00BEEFEEE82670D4 ] ghaio C:\Program Files (x86)\ASUS\NB Probe\SPM\ghaio.sys
23:41:58.0057 4956 ghaio - ok
23:41:58.0072 4956 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:41:58.0119 4956 gpsvc - ok
23:41:58.0135 4956 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:41:58.0150 4956 gupdate - ok
23:41:58.0150 4956 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:41:58.0166 4956 gupdatem - ok
23:41:58.0166 4956 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:41:58.0213 4956 hcw85cir - ok
23:41:58.0228 4956 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:41:58.0244 4956 HdAudAddService - ok
23:41:58.0259 4956 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:41:58.0275 4956 HDAudBus - ok
23:41:58.0275 4956 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:41:58.0291 4956 HidBatt - ok
23:41:58.0306 4956 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:41:58.0322 4956 HidBth - ok
23:41:58.0322 4956 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:41:58.0337 4956 HidIr - ok
23:41:58.0353 4956 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:41:58.0384 4956 hidserv - ok
23:41:58.0400 4956 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:41:58.0415 4956 HidUsb - ok
23:41:58.0415 4956 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:41:58.0462 4956 hkmsvc - ok
23:41:58.0462 4956 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:41:58.0509 4956 HomeGroupListener - ok
23:41:58.0509 4956 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:41:58.0540 4956 HomeGroupProvider - ok
23:41:58.0556 4956 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:41:58.0571 4956 HpSAMD - ok
23:41:58.0587 4956 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:41:58.0634 4956 HTTP - ok
23:41:58.0649 4956 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:41:58.0665 4956 hwpolicy - ok
23:41:59.0024 4956 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:41:59.0164 4956 i8042prt - ok
23:41:59.0180 4956 [ 8180A2392E732E8871589B54FAB6991F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:41:59.0195 4956 iaStor - ok
23:41:59.0211 4956 [ 17125B7D2F56B4B35441561C780C2CCB ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:41:59.0242 4956 IAStorDataMgrSvc - ok
23:41:59.0289 4956 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:41:59.0305 4956 iaStorV - ok
23:41:59.0367 4956 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:41:59.0476 4956 idsvc - ok
23:41:59.0476 4956 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:41:59.0492 4956 iirsp - ok
23:41:59.0554 4956 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:41:59.0617 4956 IKEEXT - ok
23:41:59.0663 4956 [ 58A60DF2B6D0D6B09E44CAC7F1D2AB6A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:41:59.0710 4956 IntcAzAudAddService - ok
23:41:59.0726 4956 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:41:59.0741 4956 intelide - ok
23:41:59.0741 4956 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:41:59.0757 4956 intelppm - ok
23:41:59.0788 4956 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:41:59.0835 4956 IPBusEnum - ok
23:41:59.0835 4956 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:41:59.0866 4956 IpFilterDriver - ok
23:41:59.0882 4956 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:41:59.0897 4956 IPMIDRV - ok
23:41:59.0897 4956 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:41:59.0929 4956 IPNAT - ok
23:41:59.0944 4956 ipswuio - ok
23:41:59.0944 4956 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:41:59.0975 4956 IRENUM - ok
23:41:59.0991 4956 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:42:00.0007 4956 isapnp - ok
23:42:00.0038 4956 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:42:00.0053 4956 iScsiPrt - ok
23:42:00.0053 4956 [ 9291643B494F87BFDAC95A524F69E737 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
23:42:00.0069 4956 itecir - ok
23:42:00.0085 4956 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:42:00.0100 4956 kbdclass - ok
23:42:00.0100 4956 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:42:00.0116 4956 kbdhid - ok
23:42:00.0131 4956 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
23:42:00.0147 4956 kbfiltr - ok
23:42:00.0163 4956 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:42:00.0178 4956 KeyIso - ok
23:42:00.0241 4956 [ 66B56468A44AE974EA2B098724439AA7 ] ksaud C:\Windows\system32\drivers\ksaud.sys
23:42:00.0303 4956 ksaud - ok
23:42:00.0319 4956 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:42:00.0334 4956 KSecDD - ok
23:42:00.0334 4956 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:42:00.0350 4956 KSecPkg - ok
23:42:00.0365 4956 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:42:00.0397 4956 ksthunk - ok
23:42:00.0397 4956 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:42:00.0443 4956 KtmRm - ok
23:42:00.0475 4956 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:42:00.0506 4956 LanmanServer - ok
23:42:00.0521 4956 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:42:00.0568 4956 LanmanWorkstation - ok
23:42:00.0615 4956 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:42:00.0646 4956 LBTServ - ok
23:42:00.0677 4956 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:42:00.0693 4956 LHidFilt - ok
23:42:00.0724 4956 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:42:00.0740 4956 lirsgt - ok
23:42:00.0755 4956 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:42:00.0787 4956 lltdio - ok
23:42:00.0802 4956 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:42:00.0849 4956 lltdsvc - ok
23:42:00.0880 4956 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:42:00.0927 4956 lmhosts - ok
23:42:00.0927 4956 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:42:00.0943 4956 LMouFilt - ok
23:42:00.0974 4956 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:42:00.0989 4956 LSI_FC - ok
23:42:01.0021 4956 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:42:01.0036 4956 LSI_SAS - ok
23:42:01.0052 4956 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:42:01.0067 4956 LSI_SAS2 - ok
23:42:01.0083 4956 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:42:01.0099 4956 LSI_SCSI - ok
23:42:01.0114 4956 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:42:01.0161 4956 luafv - ok
23:42:01.0177 4956 [ 085435AE1A124361304044029B5CC644 ] lullaby C:\Windows\system32\DRIVERS\lullaby.sys
23:42:01.0192 4956 lullaby - ok
23:42:01.0192 4956 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
23:42:01.0223 4956 LUsbFilt - ok
23:42:01.0239 4956 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:42:01.0255 4956 Mcx2Svc - ok
23:42:01.0270 4956 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:42:01.0286 4956 megasas - ok
23:42:01.0301 4956 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:42:01.0941 4956 MegaSR - ok
23:42:01.0957 4956 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
23:42:01.0988 4956 Microsoft Office Groove Audit Service - ok
23:42:01.0988 4956 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:42:02.0035 4956 MMCSS - ok
23:42:02.0035 4956 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:42:02.0066 4956 Modem - ok
23:42:02.0081 4956 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:42:02.0097 4956 monitor - ok
23:42:02.0097 4956 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:42:02.0113 4956 mouclass - ok
23:42:02.0128 4956 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:42:02.0144 4956 mouhid - ok
23:42:02.0159 4956 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:42:02.0175 4956 mountmgr - ok
23:42:02.0175 4956 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:42:02.0206 4956 MozillaMaintenance - ok
23:42:02.0222 4956 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:42:02.0237 4956 mpio - ok
23:42:02.0253 4956 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:42:02.0284 4956 mpsdrv - ok
23:42:02.0300 4956 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:42:02.0315 4956 MRxDAV - ok
23:42:02.0331 4956 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:42:02.0347 4956 mrxsmb - ok
23:42:02.0362 4956 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:42:02.0378 4956 mrxsmb10 - ok
23:42:02.0393 4956 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:42:02.0409 4956 mrxsmb20 - ok
23:42:02.0425 4956 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:42:02.0440 4956 msahci - ok
23:42:02.0456 4956 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:42:02.0471 4956 msdsm - ok
23:42:02.0487 4956 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:42:02.0503 4956 MSDTC - ok
23:42:02.0518 4956 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:42:02.0565 4956 Msfs - ok
23:42:02.0581 4956 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:42:02.0627 4956 mshidkmdf - ok
23:42:02.0627 4956 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:42:02.0643 4956 msisadrv - ok
23:42:02.0643 4956 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:42:02.0690 4956 MSiSCSI - ok
23:42:02.0690 4956 msiserver - ok
23:42:02.0690 4956 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:42:02.0737 4956 MSKSSRV - ok
23:42:02.0737 4956 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:42:02.0783 4956 MSPCLOCK - ok
23:42:02.0783 4956 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:42:02.0815 4956 MSPQM - ok
23:42:02.0830 4956 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:42:02.0846 4956 MsRPC - ok
23:42:02.0861 4956 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:42:02.0877 4956 mssmbios - ok
23:42:02.0877 4956 MSSQL$SQLEXPRESS - ok
23:42:02.0877 4956 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
23:42:02.0893 4956 MSSQLServerADHelper100 - ok
23:42:02.0908 4956 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:42:02.0939 4956 MSTEE - ok
23:42:02.0939 4956 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:42:02.0955 4956 MTConfig - ok
23:42:02.0955 4956 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:42:02.0971 4956 MTsensor - ok
23:42:02.0986 4956 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:42:03.0002 4956 Mup - ok
23:42:03.0002 4956 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:42:03.0049 4956 napagent - ok
23:42:03.0064 4956 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:42:03.0080 4956 NativeWifiP - ok
23:42:03.0142 4956 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:42:03.0220 4956 NDIS - ok
23:42:03.0251 4956 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:42:03.0298 4956 NdisCap - ok
23:42:03.0314 4956 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:42:03.0345 4956 NdisTapi - ok
23:42:03.0361 4956 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:42:03.0423 4956 Ndisuio - ok
23:42:03.0454 4956 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:42:03.0517 4956 NdisWan - ok
23:42:03.0532 4956 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:42:03.0563 4956 NDProxy - ok
23:42:03.0595 4956 [ 78073F606AE3B24F6C1F555759AA8511 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
23:42:03.0626 4956 Nero BackItUp Scheduler 3 - ok
23:42:03.0626 4956 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:42:03.0673 4956 NetBIOS - ok
23:42:03.0688 4956 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:42:03.0719 4956 NetBT - ok
23:42:03.0751 4956 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:42:03.0766 4956 Netlogon - ok
23:42:03.0938 4956 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:42:03.0969 4956 Netman - ok
23:42:03.0985 4956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:42:04.0063 4956 NetMsmqActivator - ok
23:42:04.0094 4956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:42:04.0094 4956 NetPipeActivator - ok
23:42:04.0141 4956 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:42:04.0172 4956 netprofm - ok
23:42:04.0187 4956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:42:04.0203 4956 NetTcpActivator - ok
23:42:04.0234 4956 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:42:04.0234 4956 NetTcpPortSharing - ok
23:42:04.0390 4956 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
23:42:04.0546 4956 NETw5s64 - ok
23:42:04.0655 4956 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:42:04.0796 4956 netw5v64 - ok
23:42:04.0999 4956 [ B25FE0FA523579B6FA327311A579866E ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
23:42:05.0108 4956 NETwNs64 - ok
23:42:05.0123 4956 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:42:05.0155 4956 nfrd960 - ok
23:42:05.0186 4956 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:42:05.0233 4956 NlaSvc - ok
23:42:05.0295 4956 [ 62F68443D244024845B875B44D76A92F ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
23:42:05.0357 4956 NMIndexingService - ok
23:42:05.0389 4956 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:42:05.0435 4956 Npfs - ok
23:42:05.0435 4956 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:42:05.0482 4956 nsi - ok
23:42:05.0513 4956 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:42:05.0545 4956 nsiproxy - ok
23:42:05.0623 4956 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:42:05.0669 4956 Ntfs - ok
23:42:05.0669 4956 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:42:05.0701 4956 Null - ok
23:42:05.0763 4956 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:42:05.0794 4956 NVHDA - ok
23:42:05.0935 4956 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:42:06.0106 4956 nvlddmkm - ok
23:42:06.0137 4956 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:42:06.0153 4956 nvraid - ok
23:42:06.0184 4956 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:42:06.0231 4956 nvstor - ok
23:42:06.0293 4956 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe
23:42:06.0340 4956 nvsvc - ok
23:42:06.0371 4956 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:42:06.0449 4956 nvUpdatusService - ok
23:42:06.0449 4956 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:42:06.0481 4956 nv_agp - ok
23:42:06.0496 4956 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:42:06.0527 4956 odserv - ok
23:42:06.0543 4956 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:42:06.0559 4956 ohci1394 - ok
23:42:06.0559 4956 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:42:06.0574 4956 ose - ok
23:42:06.0668 4956 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:42:06.0793 4956 osppsvc - ok
23:42:06.0808 4956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:42:06.0824 4956 p2pimsvc - ok
23:42:06.0855 4956 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:42:06.0886 4956 p2psvc - ok
23:42:06.0886 4956 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:42:06.0917 4956 Parport - ok
23:42:06.0917 4956 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:42:06.0933 4956 partmgr - ok
23:42:06.0933 4956 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:42:06.0964 4956 PcaSvc - ok
23:42:06.0980 4956 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:42:06.0995 4956 pci - ok
23:42:07.0058 4956 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:42:07.0058 4956 pciide - ok
23:42:07.0136 4956 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:42:07.0183 4956 pcmcia - ok
23:42:07.0183 4956 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:42:07.0198 4956 pcw - ok
23:42:07.0245 4956 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:42:07.0292 4956 PEAUTH - ok
23:42:07.0339 4956 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:42:07.0417 4956 PeerDistSvc - ok
23:42:07.0666 4956 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:42:07.0682 4956 PerfHost - ok
23:42:07.0713 4956 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:42:07.0775 4956 pla - ok
23:42:07.0791 4956 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
23:42:07.0791 4956 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:42:07.0791 4956 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:42:07.0807 4956 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:42:07.0822 4956 PlugPlay - ok
23:42:07.0838 4956 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:42:07.0853 4956 PNRPAutoReg - ok
23:42:07.0869 4956 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:42:07.0885 4956 PNRPsvc - ok
23:42:07.0931 4956 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:42:07.0978 4956 PolicyAgent - ok
23:42:07.0994 4956 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:42:08.0025 4956 Power - ok
23:42:08.0041 4956 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:42:08.0150 4956 PptpMiniport - ok
23:42:08.0150 4956 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:42:08.0197 4956 Processor - ok
23:42:08.0212 4956 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:42:08.0243 4956 ProfSvc - ok
23:42:08.0243 4956 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:42:08.0259 4956 ProtectedStorage - ok
23:42:08.0275 4956 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:42:08.0306 4956 Psched - ok
23:42:08.0353 4956 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:42:08.0399 4956 ql2300 - ok
23:42:08.0415 4956 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:42:08.0431 4956 ql40xx - ok
23:42:08.0431 4956 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:42:08.0462 4956 QWAVE - ok
23:42:08.0477 4956 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:42:08.0493 4956 QWAVEdrv - ok
23:42:08.0493 4956 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:42:08.0540 4956 RapiMgr - ok
23:42:08.0540 4956 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:42:08.0587 4956 RasAcd - ok
23:42:08.0587 4956 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:42:08.0618 4956 RasAgileVpn - ok
23:42:08.0633 4956 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:42:08.0680 4956 RasAuto - ok
23:42:08.0852 4956 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:42:09.0008 4956 Rasl2tp - ok
23:42:09.0086 4956 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:42:09.0133 4956 RasMan - ok
23:42:09.0148 4956 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:42:09.0179 4956 RasPppoe - ok
23:42:09.0195 4956 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:42:09.0273 4956 RasSstp - ok
23:42:09.0289 4956 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:42:09.0351 4956 rdbss - ok
23:42:09.0398 4956 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:42:09.0491 4956 rdpbus - ok
23:42:09.0491 4956 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:42:09.0538 4956 RDPCDD - ok
23:42:09.0538 4956 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:42:09.0569 4956 RDPDR - ok
23:42:09.0585 4956 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:42:09.0616 4956 RDPENCDD - ok
23:42:09.0632 4956 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:42:09.0663 4956 RDPREFMP - ok
23:42:09.0663 4956 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:42:09.0679 4956 RdpVideoMiniport - ok
23:42:09.0694 4956 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:42:09.0725 4956 RDPWD - ok
23:42:09.0725 4956 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:42:09.0757 4956 rdyboost - ok
23:42:09.0757 4956 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:42:09.0803 4956 RemoteAccess - ok
23:42:09.0850 4956 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:42:09.0897 4956 RemoteRegistry - ok
23:42:09.0928 4956 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:42:09.0991 4956 RFCOMM - ok
23:42:10.0006 4956 [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
23:42:10.0037 4956 rimmptsk - ok
23:42:10.0053 4956 [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
23:42:10.0069 4956 rimsptsk - ok
23:42:10.0147 4956 [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
23:42:10.0178 4956 rismxdp - ok
23:42:10.0193 4956 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:42:10.0240 4956 RpcEptMapper - ok
23:42:10.0240 4956 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:42:10.0256 4956 RpcLocator - ok
23:42:10.0271 4956 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:42:10.0303 4956 RpcSs - ok
23:42:10.0303 4956 [ C9FE05A63C500ABE3AFA5786504C4D36 ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
23:42:10.0334 4956 RsFx0105 - ok
23:42:10.0334 4956 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:42:10.0381 4956 rspndr - ok
23:42:10.0427 4956 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:42:10.0459 4956 RTL8167 - ok
23:42:10.0474 4956 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:42:10.0490 4956 s3cap - ok
23:42:10.0505 4956 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:42:10.0521 4956 SamSs - ok
23:42:10.0537 4956 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:42:10.0568 4956 sbp2port - ok
23:42:10.0583 4956 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:42:10.0646 4956 SCardSvr - ok
23:42:10.0646 4956 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:42:10.0677 4956 scfilter - ok
23:42:10.0724 4956 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:42:10.0786 4956 Schedule - ok
23:42:10.0802 4956 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:42:10.0833 4956 SCPolicySvc - ok
23:42:10.0849 4956 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:42:10.0864 4956 sdbus - ok
23:42:10.0895 4956 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:42:10.0989 4956 SDRSVC - ok
23:42:11.0036 4956 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:42:11.0067 4956 secdrv - ok
23:42:11.0083 4956 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:42:11.0145 4956 seclogon - ok
23:42:11.0176 4956 [ EBE15FC8524C8AAD53F7C17FD37C5DFE ] sef3x1 C:\Windows\system32\DRIVERS\sef3x1.sys
23:42:11.0192 4956 sef3x1 - ok
23:42:11.0223 4956 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:42:11.0270 4956 SENS - ok
23:42:11.0270 4956 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:42:11.0317 4956 SensrSvc - ok
23:42:11.0317 4956 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:42:11.0363 4956 Serenum - ok
23:42:11.0395 4956 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:42:11.0426 4956 Serial - ok
23:42:11.0441 4956 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:42:11.0488 4956 sermouse - ok
23:42:11.0504 4956 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:42:11.0551 4956 SessionEnv - ok
23:42:11.0566 4956 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:42:11.0597 4956 sffdisk - ok
23:42:11.0629 4956 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:42:11.0644 4956 sffp_mmc - ok
23:42:11.0644 4956 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:42:11.0660 4956 sffp_sd - ok
23:42:11.0675 4956 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:42:11.0691 4956 sfloppy - ok
23:42:11.0707 4956 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:42:11.0785 4956 ShellHWDetection - ok
23:42:11.0785 4956 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:42:11.0800 4956 SiSRaid2 - ok
23:42:11.0816 4956 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:42:11.0863 4956 SiSRaid4 - ok
23:42:11.0941 4956 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:42:11.0987 4956 SkypeUpdate - ok
23:42:12.0003 4956 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:42:12.0097 4956 Smb - ok
23:42:12.0128 4956 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:42:12.0159 4956 SNMPTRAP - ok
23:42:12.0190 4956 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:42:12.0206 4956 spldr - ok
23:42:12.0221 4956 [ 739DB668DBD812285ECC553E64A5E212 ] spmgr C:\Program Files (x86)\ASUS\NB Probe\SPM\spmgr.exe
23:42:12.0237 4956 spmgr - ok
23:42:12.0315 4956 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:42:12.0346 4956 Spooler - ok
23:42:12.0393 4956 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:42:12.0502 4956 sppsvc - ok
23:42:12.0518 4956 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:42:12.0580 4956 sppuinotify - ok
23:42:12.0611 4956 [ 45E65FB17A4CD5FACBD3CA16C8334C82 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
23:42:12.0627 4956 SQLAgent$SQLEXPRESS - ok
23:42:12.0643 4956 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:42:12.0658 4956 SQLBrowser - ok
23:42:12.0689 4956 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:42:12.0705 4956 SQLWriter - ok
23:42:12.0736 4956 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:42:12.0767 4956 srv - ok
23:42:12.0830 4956 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:42:12.0861 4956 srv2 - ok
23:42:12.0877 4956 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:42:12.0892 4956 srvnet - ok
23:42:12.0955 4956 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:42:12.0986 4956 SSDPSRV - ok
23:42:13.0001 4956 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:42:13.0033 4956 SstpSvc - ok
23:42:13.0033 4956 Steam Client Service - ok
23:42:13.0048 4956 [ 0632004181860960CF6E10DE8DDEF78B ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:42:13.0079 4956 Stereo Service - ok
23:42:13.0095 4956 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:42:13.0111 4956 stexstor - ok
23:42:13.0189 4956 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:42:13.0220 4956 stisvc - ok
23:42:13.0251 4956 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:42:13.0267 4956 storflt - ok
23:42:13.0298 4956 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
23:42:13.0313 4956 StorSvc - ok
23:42:13.0345 4956 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:42:13.0360 4956 storvsc - ok
23:42:13.0376 4956 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:42:13.0391 4956 swenum - ok
23:42:13.0438 4956 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:42:13.0501 4956 swprv - ok
23:42:13.0532 4956 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:42:13.0579 4956 SysMain - ok
23:42:13.0625 4956 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:42:14.0281 4956 TabletInputService - ok
23:42:14.0296 4956 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:42:14.0343 4956 TapiSrv - ok
23:42:14.0374 4956 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:42:14.0405 4956 TBS - ok
23:42:14.0452 4956 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:42:14.0530 4956 Tcpip - ok
23:42:14.0593 4956 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:42:14.0624 4956 TCPIP6 - ok
23:42:14.0671 4956 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:42:14.0686 4956 tcpipreg - ok
23:42:14.0702 4956 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:42:14.0717 4956 TDPIPE - ok
23:42:14.0717 4956 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:42:14.0733 4956 TDTCP - ok
23:42:14.0749 4956 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:42:14.0780 4956 tdx - ok
23:42:14.0873 4956 [ 74FC70AE64A7B7DABEC9697CE0A1F4FA ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
23:42:14.0920 4956 TeamViewer7 - ok
23:42:14.0936 4956 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
23:42:14.0951 4956 teamviewervpn - ok
23:42:14.0967 4956 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:42:14.0983 4956 TermDD - ok
23:42:15.0014 4956 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:42:15.0061 4956 TermService - ok
23:42:15.0061 4956 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:42:15.0092 4956 Themes - ok
23:42:15.0092 4956 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:42:15.0123 4956 THREADORDER - ok
23:42:15.0139 4956 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:42:15.0185 4956 TrkWks - ok
23:42:15.0232 4956 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:42:15.0279 4956 TrustedInstaller - ok
23:42:15.0310 4956 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:42:15.0341 4956 tssecsrv - ok
23:42:15.0357 4956 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:42:15.0388 4956 TsUsbFlt - ok
23:42:15.0435 4956 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:42:15.0497 4956 tunnel - ok
23:42:15.0560 4956 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:42:15.0575 4956 uagp35 - ok
23:42:15.0607 4956 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:42:15.0685 4956 udfs - ok
23:42:15.0716 4956 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:42:15.0747 4956 UI0Detect - ok
23:42:15.0841 4956 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:42:15.0856 4956 uliagpkx - ok
23:42:15.0872 4956 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:42:15.0887 4956 umbus - ok
23:42:15.0903 4956 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:42:15.0919 4956 UmPass - ok
23:42:15.0981 4956 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:42:16.0012 4956 UmRdpService - ok
23:42:16.0075 4956 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:42:16.0199 4956 upnphost - ok
23:42:16.0231 4956 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:42:16.0371 4956 usbaudio - ok
23:42:16.0402 4956 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:42:16.0418 4956 usbccgp - ok
23:42:16.0449 4956 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:42:16.0527 4956 usbcir - ok
23:42:16.0574 4956 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:42:16.0589 4956 usbehci - ok
23:42:16.0605 4956 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:42:16.0636 4956 usbhub - ok
23:42:16.0667 4956 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:42:16.0683 4956 usbohci - ok
23:42:16.0699 4956 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:42:16.0714 4956 usbprint - ok
23:42:16.0745 4956 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:42:16.0823 4956 USBSTOR - ok
23:42:16.0839 4956 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:42:16.0855 4956 usbuhci - ok
23:42:16.0995 4956 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:42:17.0089 4956 usbvideo - ok
23:42:17.0135 4956 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
23:42:17.0151 4956 usb_rndisx - ok
23:42:17.0229 4956 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:42:17.0260 4956 UxSms - ok
23:42:17.0307 4956 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:42:17.0323 4956 VaultSvc - ok
23:42:17.0323 4956 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:42:17.0338 4956 vdrvroot - ok
23:42:17.0369 4956 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:42:17.0416 4956 vds - ok
23:42:17.0432 4956 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:42:17.0463 4956 vga - ok
23:42:17.0479 4956 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:42:17.0510 4956 VgaSave - ok
23:42:17.0541 4956 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:42:17.0557 4956 vhdmp - ok
23:42:17.0572 4956 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:42:17.0588 4956 viaide - ok
23:42:17.0603 4956 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:42:17.0619 4956 vmbus - ok
23:42:17.0635 4956 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:42:17.0650 4956 VMBusHID - ok
23:42:17.0650 4956 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:42:17.0666 4956 volmgr - ok
23:42:17.0681 4956 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:42:17.0697 4956 volmgrx - ok
23:42:17.0713 4956 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:42:17.0728 4956 volsnap - ok
23:42:17.0728 4956 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
23:42:17.0759 4956 vpcbus - ok
23:42:17.0759 4956 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
23:42:17.0775 4956 vpcnfltr - ok
23:42:17.0775 4956 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
23:42:17.0806 4956 vpcusb - ok
23:42:17.0806 4956 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\DRIVERS\vpcuxd.sys
23:42:17.0822 4956 vpcuxd - ok
23:42:17.0822 4956 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
23:42:17.0853 4956 vpcvmm - ok
23:42:17.0853 4956 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:42:17.0869 4956 vsmraid - ok
23:42:17.0884 4956 [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
23:42:17.0900 4956 VSPerfDrv100 - ok
23:42:17.0931 4956 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:42:17.0993 4956 VSS - ok
23:42:17.0993 4956 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:42:18.0025 4956 vwifibus - ok
23:42:18.0040 4956 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:42:18.0087 4956 vwififlt - ok
23:42:18.0165 4956 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:42:18.0212 4956 vwifimp - ok
23:42:18.0227 4956 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:42:18.0274 4956 W32Time - ok
23:42:18.0274 4956 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:42:18.0290 4956 WacomPen - ok
23:42:18.0290 4956 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:42:18.0337 4956 WANARP - ok
23:42:18.0337 4956 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:42:18.0368 4956 Wanarpv6 - ok
23:42:18.0415 4956 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:42:18.0477 4956 WatAdminSvc - ok
23:42:18.0555 4956 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:42:18.0633 4956 wbengine - ok
23:42:18.0664 4956 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:42:18.0695 4956 WbioSrvc - ok
23:42:18.0914 4956 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:42:18.0929 4956 WcesComm - ok
23:42:18.0961 4956 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:42:19.0070 4956 wcncsvc - ok
23:42:19.0148 4956 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:42:19.0210 4956 WcsPlugInService - ok
23:42:19.0226 4956 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:42:19.0288 4956 Wd - ok
23:42:19.0351 4956 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:42:19.0382 4956 Wdf01000 - ok
23:42:19.0429 4956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:42:19.0522 4956 WdiServiceHost - ok
23:42:19.0522 4956 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:42:19.0538 4956 WdiSystemHost - ok
23:42:19.0616 4956 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:42:19.0725 4956 WebClient - ok
23:42:19.0756 4956 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:42:19.0850 4956 Wecsvc - ok
23:42:19.0850 4956 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:42:19.0897 4956 wercplsupport - ok
23:42:19.0912 4956 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:42:19.0943 4956 WerSvc - ok
23:42:19.0959 4956 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:42:19.0990 4956 WfpLwf - ok
23:42:19.0990 4956 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:42:20.0006 4956 WIMMount - ok
23:42:20.0021 4956 WinHttpAutoProxySvc - ok
23:42:20.0037 4956 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:42:20.0053 4956 Winmgmt - ok
23:42:20.0115 4956 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
23:42:20.0193 4956 WinRM - ok
23:42:20.0209 4956 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:42:20.0224 4956 WinUSB - ok
23:42:20.0240 4956 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:42:20.0271 4956 Wlansvc - ok
23:42:20.0318 4956 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:42:20.0349 4956 wlidsvc - ok
23:42:20.0365 4956 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:42:20.0380 4956 WmiAcpi - ok
23:42:20.0380 4956 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:42:20.0411 4956 wmiApSrv - ok
23:42:20.0411 4956 WMPNetworkSvc - ok
23:42:20.0411 4956 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:42:20.0427 4956 WPCSvc - ok
23:42:20.0443 4956 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:42:20.0474 4956 WPDBusEnum - ok
23:42:20.0474 4956 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:42:20.0521 4956 ws2ifsl - ok
23:42:20.0521 4956 WSearch - ok
23:42:20.0521 4956 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:42:20.0536 4956 WudfPf - ok
23:42:20.0552 4956 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:42:20.0567 4956 WUDFRd - ok
23:42:20.0583 4956 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:42:20.0599 4956 wudfsvc - ok
23:42:20.0599 4956 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:42:20.0630 4956 WwanSvc - ok
23:42:20.0645 4956 ================ Scan global ===============================
23:42:20.0645 4956 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:42:20.0661 4956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:42:20.0677 4956 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
23:42:20.0677 4956 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:42:20.0692 4956 [ 2F46C1760C531EB2B181F9076E552E8A ] C:\Windows\system32\services.exe
23:42:20.0708 4956 [Global] - ok
23:42:20.0708 4956 ================ Scan MBR ==================================
23:42:20.0708 4956 [ 8E734BD7AA1D4F7E9AF58DF495F6CF9E ] \Device\Harddisk0\DR0
23:42:20.0755 4956 \Device\Harddisk0\DR0 - ok
23:42:20.0755 4956 ================ Scan VBR ==================================
23:42:20.0755 4956 [ D3458C8C66A0B79F4D28FB4EA9D0A021 ] \Device\Harddisk0\DR0\Partition1
23:42:20.0755 4956 \Device\Harddisk0\DR0\Partition1 - ok
23:42:20.0755 4956 [ 62AB6E19FB98996EE5BCAAD73533EBC7 ] \Device\Harddisk0\DR0\Partition2
23:42:20.0755 4956 \Device\Harddisk0\DR0\Partition2 - ok
23:42:20.0755 4956 [ BD634F38A6CD346642583B94B40FB77E ] \Device\Harddisk0\DR0\Partition3
23:42:20.0755 4956 \Device\Harddisk0\DR0\Partition3 - ok
23:42:20.0755 4956 ============================================================
23:42:20.0755 4956 Scan finished
23:42:20.0755 4956 ============================================================
23:42:20.0770 4948 Detected object count: 7
23:42:20.0770 4948 Actual detected object count: 7
23:42:34.0935 4948 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0935 4948 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0935 4948 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0935 4948 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0951 4948 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0951 4948 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0951 4948 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0951 4948 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0951 4948 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0951 4948 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0951 4948 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0951 4948 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:34.0951 4948 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:42:34.0951 4948 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:42:47.0134 3568 Deinitialize success
Viele Grüße Patrick |
|
09.05.2013, 23:11
| #5 |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Sieht jetzt eigentlich schon sehr gut aus  Merkst Du momentan noch einige Probleme? |
|
09.05.2013, 23:22
| #6 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Mann, bist Du schnell! :-) Damit, Probleme zu beurteilen, tue ich mich etwas schwer: Der Indikator für Probleme war zu Anfang lediglich die ständig wiederkehrende Meldung des Avira Echtzeitscanners. Dass bösartige Software unterwegs und in Aktion ist, hätte ich sonst gar nicht bemerkt. Da ich zuletzt während Deiner Hilfestellung Windows nur noch zum Ausführen der Tools bei deaktiviertem Echtzeitscanner und ohne Internetverbindung ausgeführt habe, kamen derartige Meldungen natürlich nicht mehr. Ich würde daher jetzt mal über Nacht einen Systemscan mit Avira free Antivirus durchführen und schauen, ob dabei noch was gefunden wird, falls das die von Dir weiterführende Prozedur nicht negativ beeinflusst. |
|
09.05.2013, 23:34
| #7 | |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'Zitat:
Vielleicht wird Dein Avira noch etwas finden im TDSSKiller_Quarantine-Ordner, aber das ist keine Problem |
|
10.05.2013, 09:06
| #8 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' So, das sieht tatsächlich ganz gut aus. Wie Du vermutet hattest, gab es noch drei Funde im Quarantäne-Verzeichnis des TDSSKillers; 2 davon wurden gelöscht, eine Datei "repariert": AVSCAN.LOG: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 10. Mai 2013 01:01
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Patrick
Computername : PLEY-L50
Versionsinformationen:
BUILD.DAT : 13.0.0.3640 54852 Bytes 18.04.2013 13:29:00
AVSCAN.EXE : 13.6.0.1262 636984 Bytes 07.05.2013 19:17:16
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 07.04.2013 12:59:30
LUKE.DLL : 13.6.0.1262 65080 Bytes 07.05.2013 19:17:44
AVSCPLR.DLL : 13.6.0.1262 92216 Bytes 07.05.2013 19:17:16
AVREG.DLL : 13.6.0.1262 247864 Bytes 07.05.2013 19:17:15
avlode.dll : 13.6.2.1262 432184 Bytes 07.05.2013 19:17:13
avlode.rdf : 13.0.0.46 15591 Bytes 07.04.2013 13:01:46
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 20:00:44
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 14:46:41
VBASE002.VDF : 7.11.74.227 2048 Bytes 30.04.2013 14:46:42
VBASE003.VDF : 7.11.74.228 2048 Bytes 30.04.2013 14:46:42
VBASE004.VDF : 7.11.74.229 2048 Bytes 30.04.2013 14:46:43
VBASE005.VDF : 7.11.74.230 2048 Bytes 30.04.2013 14:46:43
VBASE006.VDF : 7.11.74.231 2048 Bytes 30.04.2013 14:46:44
VBASE007.VDF : 7.11.74.232 2048 Bytes 30.04.2013 14:46:44
VBASE008.VDF : 7.11.74.233 2048 Bytes 30.04.2013 14:46:45
VBASE009.VDF : 7.11.74.234 2048 Bytes 30.04.2013 14:46:45
VBASE010.VDF : 7.11.74.235 2048 Bytes 30.04.2013 14:46:46
VBASE011.VDF : 7.11.74.236 2048 Bytes 30.04.2013 14:46:47
VBASE012.VDF : 7.11.74.237 2048 Bytes 30.04.2013 14:46:47
VBASE013.VDF : 7.11.74.238 2048 Bytes 30.04.2013 14:46:48
VBASE014.VDF : 7.11.75.97 181248 Bytes 02.05.2013 10:09:11
VBASE015.VDF : 7.11.75.183 217600 Bytes 03.05.2013 13:17:58
VBASE016.VDF : 7.11.76.27 183808 Bytes 04.05.2013 16:00:44
VBASE017.VDF : 7.11.76.101 194048 Bytes 06.05.2013 19:17:02
VBASE018.VDF : 7.11.76.213 163328 Bytes 07.05.2013 22:41:40
VBASE019.VDF : 7.11.77.41 134656 Bytes 08.05.2013 22:41:40
VBASE020.VDF : 7.11.77.42 2048 Bytes 08.05.2013 22:41:40
VBASE021.VDF : 7.11.77.43 2048 Bytes 08.05.2013 22:41:40
VBASE022.VDF : 7.11.77.44 2048 Bytes 08.05.2013 22:41:40
VBASE023.VDF : 7.11.77.45 2048 Bytes 08.05.2013 22:41:40
VBASE024.VDF : 7.11.77.46 2048 Bytes 08.05.2013 22:41:40
VBASE025.VDF : 7.11.77.47 2048 Bytes 08.05.2013 22:41:40
VBASE026.VDF : 7.11.77.48 2048 Bytes 08.05.2013 22:41:41
VBASE027.VDF : 7.11.77.49 2048 Bytes 08.05.2013 22:41:41
VBASE028.VDF : 7.11.77.50 2048 Bytes 08.05.2013 22:41:41
VBASE029.VDF : 7.11.77.51 2048 Bytes 08.05.2013 22:41:41
VBASE030.VDF : 7.11.77.52 2048 Bytes 08.05.2013 22:41:41
VBASE031.VDF : 7.11.77.124 109568 Bytes 09.05.2013 22:41:41
Engineversion : 8.2.12.38
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 20:33:16
AESCRIPT.DLL : 8.1.4.112 483709 Bytes 09.05.2013 22:41:44
AESCN.DLL : 8.1.10.4 131446 Bytes 27.03.2013 07:13:49
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 20:33:44
AERDL.DLL : 8.2.0.88 643444 Bytes 11.01.2013 11:18:08
AEPACK.DLL : 8.3.2.12 754040 Bytes 09.05.2013 22:41:44
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 22:32:30
AEHEUR.DLL : 8.1.4.348 5890425 Bytes 09.05.2013 22:41:43
AEHELP.DLL : 8.1.25.10 258425 Bytes 09.05.2013 22:41:41
AEGEN.DLL : 8.1.7.4 442741 Bytes 09.05.2013 22:41:41
AEEXP.DLL : 8.4.0.26 201078 Bytes 03.05.2013 13:18:07
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 20:33:15
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 23:37:05
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 19:07:39
AVWINLL.DLL : 13.6.0.480 26480 Bytes 07.04.2013 12:57:48
AVPREF.DLL : 13.6.0.480 51056 Bytes 07.04.2013 12:59:28
AVREP.DLL : 13.6.0.480 178544 Bytes 07.04.2013 13:01:46
AVARKT.DLL : 13.6.0.1262 258104 Bytes 07.05.2013 19:17:07
AVEVTLOG.DLL : 13.6.0.1262 164920 Bytes 07.05.2013 19:17:11
SQLITE3.DLL : 3.7.0.1 397704 Bytes 07.04.2013 13:01:04
AVSMTP.DLL : 13.6.0.480 62832 Bytes 07.04.2013 12:59:33
NETNT.DLL : 13.6.0.480 16240 Bytes 07.04.2013 13:00:31
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 07.04.2013 12:57:52
RCTEXT.DLL : 13.6.0.976 69344 Bytes 07.04.2013 12:57:52
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Freitag, 10. Mai 2013 01:01
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
c:\adsm_pdata_0150\dragwait.exe
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\_avt
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\si.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\ul.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\vl.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150\db\wal.db
[HINWEIS] Die Datei ist nicht sichtbar.
c:\adsm_pdata_0150
[HINWEIS] Das Verzeichnis ist nicht sichtbar.
c:\adsm_pdata_0150\db
[HINWEIS] Das Verzeichnis ist nicht sichtbar.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'ADSMSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '201' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmgr.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlwriter.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'aspg.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'BatteryLife.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'KhalScroll.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'TSVNCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVCpl64.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLLML.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '5891' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <SYSTEM>
C:\TDSSKiller_Quarantine\09.05.2013_23.38.35\zasubsys0000\file0000\tsk0000.dta
[FUND] Enthält Code des Windows-Virus W32/Patched.UC
[HINWEIS] Die Datei wurde repariert.
C:\TDSSKiller_Quarantine\09.05.2013_23.38.35\zasubsys0000\zafs0000\tsk0000.dta
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde gelöscht.
C:\TDSSKiller_Quarantine\09.05.2013_23.38.35\zasubsys0000\zafs0000\tsk0001.dta
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Die Datei wurde gelöscht.
Beginne mit der Suche in 'E:\' <DATEN >
[0] Archivtyp: RSRC
--> C:\Keil\ARM\ULINK\amd64\winusbcoinstaller2.dll
[1] Archivtyp: RSRC
--> C:\Keil\ARM\ULINK\amd64\WUDFUpdate_01009.dll
[2] Archivtyp: RSRC
--> C:\Keil\ARM\ULINK\x86\winusbcoinstaller2.dll
[3] Archivtyp: RSRC
--> C:\Keil\ARM\ULINK\x86\WUDFUpdate_01009.dll
[4] Archivtyp: RSRC
--> C:\Keil\Backup.001\ARM\ULINK\amd64\winusbcoinstaller2.dll
[5] Archivtyp: RSRC
--> C:\Keil\Backup.001\ARM\ULINK\amd64\WUDFUpdate_01009.dll
[6] Archivtyp: RSRC
--> C:\Keil\Backup.001\ARM\ULINK\x86\winusbcoinstaller2.dll
[7] Archivtyp: RSRC
--> C:\Keil\Backup.001\ARM\ULINK\x86\WUDFUpdate_01009.dll
[8] Archivtyp: RSRC
--> C:\Users\Patrick\AppData\LocalLow\Sun\Java\JRERunOnce.exe
[9] Archivtyp: Runtime Packed
--> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
[10] Archivtyp: RSRC
--> C:\Windows\System32\winusbcoinstaller2.dll
[11] Archivtyp: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\keilulx.inf_amd64_neutral_f1431195d21dbf7c\amd64\WinUSBCoInstaller2.dll
[12] Archivtyp: RSRC
--> C:\Windows\System32\DriverStore\FileRepository\keilulx.inf_amd64_neutral_f1431195d21dbf7c\amd64\WUDFUpdate_01009.dll
[13] Archivtyp: RSRC
--> E:\Studium\Werkstudent\DATA\DATENSICHERUNG\_Paper\Luna\Sensing Shape_ SPIE Newsroom_ SPIE.pdf
[14] Archivtyp: PDF
--> pdf_img_8.avp
[15] Archivtyp: MacBinary
--> ?
[WARNUNG] Die Datei konnte nicht gelesen werden!
Ende des Suchlaufs: Freitag, 10. Mai 2013 03:34
Benötigte Zeit: 2:32:36 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
185783 Verzeichnisse wurden überprüft
2737264 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
2 Dateien wurden gelöscht
1 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
2737261 Dateien ohne Befall
35504 Archive wurden durchsucht
0 Warnungen
11 Hinweise
1571562 Objekte wurden beim Rootkitscan durchsucht
8 Versteckte Objekte wurden gefunden
|
|
10.05.2013, 10:13
| #9 |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Ich glaube wir sind fast fertig Downloade Dir bitte  SecurityCheck und:
|
|
10.05.2013, 16:54
| #10 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.98-2
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Da ist wohl doch noch was im Argen... :-S |
|
10.05.2013, 18:47
| #11 |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Mach mal diese Check: https://www.mozilla.org/de/plugincheck/ Veraltete Plugins aktualisieren lassen. Zur Kontrolle erneut SecurityCheck drehen und mir der Log posten. |
|
11.05.2013, 09:28
| #12 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Die Plugins (Java, Shockwave, VLC) habe ich aktualisieren lassen. Sicherheitscenter-Dienst wurde durch den Befall wohl vollständig vom System entfernt (Defender-Dienst übrigens auch. Was sonst noch fehlt, konnte ich noch nicht feststellen.) checkup.txt: Code:
ATTFilter Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
xp-AntiSpy 3.98-2
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
11.05.2013, 13:12
| #13 |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Downloade dir bitte Farbar's Service Scanner
|
|
11.05.2013, 13:22
| #14 |
| | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' fss.txt: Code:
ATTFilter Farbar Service Scanner Version: 14-04-2013
Ran by Patrick (administrator) on 11-05-2013 at 14:18:16
Running from "E:\"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|
|
11.05.2013, 13:28
| #15 |
| /// Malwareteam / Visitor | 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' Eine Sache die manchmal bei verbogenen Diensten hilft ist diese: Service Repair von ESET Downloade dir bitte das Tool von folgendem Link: Service RepairPoste mir auch ein neues Log von Farbar Service Scanner |
|
| Themen zu 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe' |
| 7-zip, 80-100, antivirus, audiograbber, autorun, avira, bho, browser, desktop.ini, e-banking, entfernen, error, excel, firefox, flash player, grand theft auto, homepage, iexplore.exe, install.exe, mozilla, plug-in, realtek, recycle.bin, registry, richtlinie, rootkit, rundll, security, senden, server, services.exe, svchost.exe, system, tr/atraps.gen.2, updates, version., virus, visual studio, w32/patched.uc, w32/patched.uc' [virus] in 'c:\windows\system32\services.exe, windows, windows xp |
!['W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'](iconimages/log-analyse-auswertung/w32-patched-uc-virus-c-windows-system32-services-exe_ltr.gif)
Linear-Darstellung
