Brief von Telekom

moxito · 28.05.2013, 20:36

Guten Abend allerseits,

ich habe zum wiederholten Mal einen Brief von Telekom erhalten, in dem mir mitgeteilt wird, daß Port 25 gesperrt ist, wegen Spam-Verdacht.

Klar , daß ich keinen Spam versende.

Trotzdem verhält sich mein System (Windows 7) merkwürdig. Manche Fenster lassen sich nicht schliessen, andere nicht öffnen, jedenfalls nich t ohne Wartezeit von einigen Minuten.

hjt ist unerwünscht, also spare ich mir ein Log, interessant aber ist, dass catchme mehrere Fehler in ntdll.dll findet.

Könnt Ihr mir vielleicht helfen?

markusg · 28.05.2013, 20:38

Hi, den Spam versendest du wohl eher auch nicht freiwillig, das wird Schadsoftware für dich erledigen :-)

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

moxito · 28.05.2013, 20:46

Hallo Markus, das ging ja schnell...

Beim Klick auf OTL bekomme ich eine Fehlermeldung:

Not Found

The requested URL /OTL.exe<br /> <br /> was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

--------------------------------------------------------------------------------

Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at oldtimer.geekstogo.com Port 80

Hat sich die Adresse geändert?

Ich suche nicht blind, sondern hätte gerne verläßliche Adressen.

Gruß

markusg · 28.05.2013, 20:52

den zweiten Link bitte nemen

moxito · 28.05.2013, 20:53

ach, und nochwas, ich bekomme seit Tagen eine mail auf qq.com mit einer .rar oder .7z Datei, ich habe die Datei einmal gespeichert, ein Virus wurde angezeigt und ich habe sie gelöscht, ohne sie auszuführen.

markusg · 28.05.2013, 20:55

hi
spammails kannst du bitte immer an die adresse in meiner Signatur weiterleiten

moxito · 28.05.2013, 21:13

der Anhang weigert sich, weitergeschickt zu werden. Ich versuche nochmal

markusg · 28.05.2013, 21:27

habs bekommen, dann man weiter mit otl

moxito · 28.05.2013, 21:55

scan dauert noch... ich abe sehr viele Sprachen installiert, WG- Rechner, wir sind sehr international

ok, otl berichtet:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.05.2013 22:34:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dk\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,22 Gb Total Physical Memory | 5,52 Gb Available Physical Memory | 76,46% Memory free
14,43 Gb Paging File | 12,66 Gb Available in Paging File | 87,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,61 Gb Total Space | 244,39 Gb Free Space | 65,59% Space Free | Partition Type: NTFS
 
Computer Name: W7 | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.28 22:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dk\Downloads\OTL.exe
PRC - [2013.04.10 14:15:13 | 003,661,456 | ---- | M] (网易公司) -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\YodaoDict.exe
PRC - [2013.04.10 14:15:13 | 001,900,176 | ---- | M] (网易公司) -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\wordbook.exe
PRC - [2013.03.13 23:25:17 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.01.09 17:46:38 | 000,165,280 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ2012\Bin\TXPlatform.exe
PRC - [2013.01.08 00:25:59 | 000,128,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
PRC - [2013.01.07 10:04:46 | 000,132,472 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe
PRC - [2013.01.06 21:26:57 | 001,595,056 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2013.01.06 21:26:57 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2009.09.02 09:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2007.10.31 17:18:12 | 011,954,536 | ---- | M] (Ritlabs S.R.L.) -- C:\Program Files (x86)\The Bat!\thebat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.08 00:26:00 | 000,234,912 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll
MOD - [2013.01.08 00:26:00 | 000,157,088 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll
MOD - [2013.01.08 00:26:00 | 000,136,608 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll
MOD - [2013.01.08 00:26:00 | 000,087,456 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll
MOD - [2013.01.08 00:25:59 | 000,128,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
MOD - [2012.07.09 04:49:28 | 000,063,208 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\WordStrokeHelper32.dll
MOD - [2012.07.09 04:49:20 | 000,016,104 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\Stable\Acrobat2Dict.dll
MOD - [2012.07.05 13:37:26 | 000,095,936 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\CrashRpt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.26 18:23:32 | 000,230,416 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (QTService)
SRV - [2013.03.29 15:29:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.24 13:31:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.01.08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.06 21:26:57 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.02 09:46:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.03 21:20:19 | 000,163,920 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\TesSafe.sys -- (TesSafe)
DRV:64bit: - [2013.03.07 13:21:28 | 000,038,664 | ---- | M] (Spotflux, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013.01.09 05:46:34 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2013.01.06 21:27:01 | 000,210,296 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:64bit: - [2013.01.06 21:27:01 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.12.25 14:34:10 | 000,024,728 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\TSysCare64.sys -- (TSysCare)
DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.28 17:09:54 | 000,038,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.05 11:24:26 | 000,292,024 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.11.29 12:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.30 11:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010.04.29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.26 12:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.01 23:19:16 | 000,649,472 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.12.01 23:18:32 | 000,617,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.10.20 18:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.08.28 16:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009.08.28 16:04:44 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009.08.26 12:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (IvtPanBusSrv)
DRV:64bit: - [2009.08.26 12:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtAudioBusSrv)
DRV:64bit: - [2009.08.26 11:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 11:16:36 | 000,020,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV:64bit: - [2009.08.26 11:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009.06.17 14:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009.06.17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 05:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.06.12 08:40:13 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008.02.05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2008.01.10 20:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.12.04 09:31:00 | 003,249,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spc1000.sys -- (SPC1000)
DRV - [2013.01.06 21:27:01 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2013.01.06 21:26:58 | 000,018,296 | ---- | M] (Kingsoft Corporation) [Kernel | Disabled | Running] -- C:\Program Files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys -- (KUsbGuard)
DRV - [2012.12.26 12:47:40 | 000,073,784 | ---- | M] (Tencent) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\TsFltMgr.sys -- (TsFltMgr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004.05.05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 5A A2 E6 47 EC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=E6A500FF7A2C38D5
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.87\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\duowan.com/Checker: C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.23 11:21:47 | 000,000,000 | ---D | M]
 
[2013.05.02 22:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKCU..\Run: [QTalk] C:\Program Files (x86)\Tencent\QTalk\V3.8.6\Bin\QTalk.exe (Tencent)
O4 - HKCU..\Run: [YY] C:\Program Files (x86)\yy\yy-5\YY.exe (YY Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YNote\ieext_menu.htm ()
O8 - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YNote\ieext_menu.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: 收藏到有道云笔记 - {65D09F88-CE18-4A95-B8AF-311C3311DB03} - C:\Program Files (x86)\Youdao\YNote\ieext_btn.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {3ABECEEC-DD81-4511-A7FD-B3B657B64892} hxxp://3gsoft.gtimg.com/sd/resource/cobrahall/2013/01/17/15/QQGameAssist.cab (AXDownload Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34672EC1-93FF-4B33-A99E-DFEF97C19111}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2C38D5-A295-4C23-82EF-1F2A414AF71A}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 19:09:14 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\Notfall-CD-2.2
[2013.05.28 17:58:27 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\QuickStoresToolbar
[2013.05.28 17:58:24 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013.05.28 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.05.28 17:33:14 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\ntdll
[2013.05.28 17:05:11 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Diagnostics
[2013.05.26 01:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PartitionMagic 8.0
[2013.05.26 01:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013.05.23 23:26:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.22 21:23:17 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.05.18 20:50:55 | 005,191,704 | ---- | C] (Google Inc.) -- C:\Windows\SysNative\GooglePinyin2.ime
[2013.05.18 20:50:55 | 003,460,120 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GooglePinyin2.ime
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Google
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.18 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duowan.com
[2013.05.18 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yy
[2013.05.05 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2013.05.05 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.05.05 19:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.05.05 19:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter
[2013.05.05 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2013.05.05 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\NCH Swift Sound
[2013.05.05 18:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.05.05 11:34:17 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\bluesoleil
[2013.05.02 22:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.02 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Babylon
[2013.05.02 22:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.30 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\KRSHistory
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 22:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.28 21:24:39 | 000,005,139 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013.05.28 21:24:39 | 000,000,094 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013.05.28 21:24:37 | 000,000,991 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013.05.28 21:02:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 21:02:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 20:51:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.05.28 20:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 20:51:39 | 1517,686,783 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 19:04:04 | 548,011,982 | ---- | M] () -- C:\Users\root\Desktop\Notfall-CD-2.2.zip
[2013.05.28 18:25:52 | 000,000,185 | ---- | M] () -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2013.05.28 17:26:10 | 016,095,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 17:26:10 | 000,694,892 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.05.28 17:26:10 | 000,693,840 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.05.28 17:26:10 | 000,691,462 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.05.28 17:26:10 | 000,690,122 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013.05.28 17:26:10 | 000,689,538 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.05.28 17:26:10 | 000,679,694 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.05.28 17:26:10 | 000,676,252 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.05.28 17:26:10 | 000,664,104 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013.05.28 17:26:10 | 000,653,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 17:26:10 | 000,632,734 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.05.28 17:26:10 | 000,623,720 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.05.28 17:26:10 | 000,618,174 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.05.28 17:26:10 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 17:26:10 | 000,610,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.05.28 17:26:10 | 000,551,996 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.05.28 17:26:10 | 000,462,594 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.05.28 17:26:10 | 000,449,064 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.05.28 17:26:10 | 000,435,122 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.05.28 17:26:10 | 000,434,058 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.05.28 17:26:10 | 000,400,794 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013.05.28 17:26:10 | 000,389,694 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013.05.28 17:26:10 | 000,379,188 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.05.28 17:26:10 | 000,363,044 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013.05.28 17:26:10 | 000,354,348 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.05.28 17:26:10 | 000,148,698 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.05.28 17:26:10 | 000,137,472 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.05.28 17:26:10 | 000,135,250 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013.05.28 17:26:10 | 000,134,154 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.05.28 17:26:10 | 000,133,320 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.05.28 17:26:10 | 000,132,930 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.05.28 17:26:10 | 000,130,566 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.05.28 17:26:10 | 000,130,160 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 17:26:10 | 000,128,514 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013.05.28 17:26:10 | 000,127,550 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.05.28 17:26:10 | 000,124,250 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.05.28 17:26:10 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.05.28 17:26:10 | 000,122,046 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.05.28 17:26:10 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013.05.28 17:26:10 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 17:26:10 | 000,105,380 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013.05.28 17:26:10 | 000,104,724 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013.05.28 17:26:10 | 000,099,810 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.05.28 17:26:10 | 000,089,794 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.05.28 17:26:10 | 000,082,590 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.05.28 17:26:10 | 000,080,278 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.05.28 17:26:10 | 000,079,460 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.05.28 17:26:10 | 000,077,562 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.05.28 17:26:10 | 000,069,570 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.05.28 16:37:23 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.05.26 12:51:49 | 000,000,261 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.05.26 11:03:48 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013.05.20 19:28:49 | 000,002,718 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.05.18 20:50:55 | 005,191,704 | ---- | M] (Google Inc.) -- C:\Windows\SysNative\GooglePinyin2.ime
[2013.05.18 20:50:55 | 003,460,120 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GooglePinyin2.ime
[2013.05.18 18:50:04 | 000,000,020 | ---- | M] () -- C:\Users\root\AppData\Roaming\004D5649544E41696E66
[2013.05.18 18:46:26 | 000,000,256 | ---- | M] () -- C:\Users\root\AppData\Roaming\0408002700AC0C
[2013.05.18 18:46:10 | 000,001,052 | ---- | M] () -- C:\Users\root\Desktop\YY.lnk
[2013.05.04 11:59:42 | 002,223,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.28 18:58:36 | 548,011,982 | ---- | C] () -- C:\Users\root\Desktop\Notfall-CD-2.2.zip
[2013.05.28 17:58:27 | 000,000,185 | ---- | C] () -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2013.05.18 18:50:04 | 000,000,020 | ---- | C] () -- C:\Users\root\AppData\Roaming\004D5649544E41696E66
[2013.05.18 18:46:10 | 000,001,052 | ---- | C] () -- C:\Users\root\Desktop\YY.lnk
[2013.04.17 13:58:42 | 000,002,718 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.04.17 13:54:26 | 000,000,261 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.04.17 13:48:46 | 000,005,139 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013.04.17 13:43:24 | 000,000,094 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013.04.17 13:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013.04.15 12:54:57 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013.04.15 12:54:57 | 000,048,009 | ---- | C] () -- C:\Windows\unins000.dat
[2013.02.10 22:59:45 | 000,000,256 | ---- | C] () -- C:\Users\root\AppData\Roaming\0408002700AC0C
[2013.01.11 18:18:56 | 000,430,992 | ---- | C] () -- C:\Windows\SysWow64\QGActiveX.dll
[2013.01.08 16:43:32 | 000,311,032 | ---- | C] () -- C:\Windows\SysWow64\IVTCredentialProvider.dll
[2013.01.08 01:34:18 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2013.01.07 10:04:42 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013.01.06 23:08:46 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg
[2012.06.29 22:15:24 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\VMProtectSDK32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.05.26 11:04:04 | 000,001,222 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,222 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,198 | ---- | M] ()(C:\Users\root\Desktop\QT??.lnk) -- C:\Users\root\Desktop\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,198 | ---- | C] ()(C:\Users\root\Desktop\QT??.lnk) -- C:\Users\root\Desktop\QT语音.lnk
[2013.05.18 18:49:39 | 000,001,138 | ---- | M] ()(C:\Users\root\Desktop\YY????.lnk) -- C:\Users\root\Desktop\YY游戏大厅.lnk
[2013.04.22 10:32:13 | 000,001,138 | ---- | C] ()(C:\Users\root\Desktop\YY????.lnk) -- C:\Users\root\Desktop\YY游戏大厅.lnk
[2013.04.15 13:18:55 | 000,001,945 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013.04.15 13:18:55 | 000,001,927 | ---- | M] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013.04.15 13:18:30 | 000,001,945 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013.04.15 13:18:30 | 000,001,927 | ---- | C] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013.03.19 00:27:59 | 000,001,167 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2013.03.19 00:27:59 | 000,001,167 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2013.02.22 18:05:22 | 020,411,513 | ---- | M] ()(C:\Users\Public\Documents\QT?? 3.5.rar) -- C:\Users\Public\Documents\QT语音 3.5.rar
[2013.02.22 18:05:01 | 020,411,513 | ---- | C] ()(C:\Users\Public\Documents\QT?? 3.5.rar) -- C:\Users\Public\Documents\QT语音 3.5.rar
[2013.01.09 18:04:41 | 000,001,129 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ游戏.lnk
[2013.01.09 18:04:41 | 000,001,129 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ游戏.lnk
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\有道
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\小米
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05E9FFE5

< End of report >

--- --- ---

ok, otl berichtet:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.05.2013 22:34:34 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dk\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,22 Gb Total Physical Memory | 5,52 Gb Available Physical Memory | 76,46% Memory free
14,43 Gb Paging File | 12,66 Gb Available in Paging File | 87,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 372,61 Gb Total Space | 244,39 Gb Free Space | 65,59% Space Free | Partition Type: NTFS
 
Computer Name: W7 | User Name: root | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.28 22:32:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dk\Downloads\OTL.exe
PRC - [2013.04.10 14:15:13 | 003,661,456 | ---- | M] (网易公司) -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\YodaoDict.exe
PRC - [2013.04.10 14:15:13 | 001,900,176 | ---- | M] (网易公司) -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\wordbook.exe
PRC - [2013.03.13 23:25:17 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013.01.09 17:46:38 | 000,165,280 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\QQ2012\Bin\TXPlatform.exe
PRC - [2013.01.08 00:25:59 | 000,128,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
PRC - [2013.01.07 10:04:46 | 000,132,472 | ---- | M] (Tencent) -- C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe
PRC - [2013.01.06 21:26:57 | 001,595,056 | ---- | M] (Kingsoft Corporation) -- C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
PRC - [2013.01.06 21:26:57 | 000,123,992 | ---- | M] (Kingsoft Corporation) -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
PRC - [2009.09.02 09:44:22 | 000,315,478 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2007.10.31 17:18:12 | 011,954,536 | ---- | M] (Ritlabs S.R.L.) -- C:\Program Files (x86)\The Bat!\thebat.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.08 00:26:00 | 000,234,912 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll
MOD - [2013.01.08 00:26:00 | 000,157,088 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll
MOD - [2013.01.08 00:26:00 | 000,136,608 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll
MOD - [2013.01.08 00:26:00 | 000,087,456 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll
MOD - [2013.01.08 00:25:59 | 000,128,416 | ---- | M] () -- C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
MOD - [2012.07.09 04:49:28 | 000,063,208 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\WordStrokeHelper32.dll
MOD - [2012.07.09 04:49:20 | 000,016,104 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\Stable\Acrobat2Dict.dll
MOD - [2012.07.05 13:37:26 | 000,095,936 | ---- | M] () -- C:\Users\dk\AppData\Local\Youdao\Dict\Application\5.4.43.3217\CrashRpt.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.26 18:23:32 | 000,230,416 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (QTService)
SRV - [2013.03.29 15:29:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.24 13:31:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.01.08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.06 21:26:57 | 000,123,992 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe -- (kxescore)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.02 09:46:18 | 000,192,000 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009.09.02 09:41:24 | 001,466,476 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.05.31 11:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 11:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.03 21:20:19 | 000,163,920 | ---- | M] (TENCENT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\TesSafe.sys -- (TesSafe)
DRV:64bit: - [2013.03.07 13:21:28 | 000,038,664 | ---- | M] (Spotflux, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013.01.09 05:46:34 | 000,294,248 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Treiber\VMM.sys -- (vmm)
DRV:64bit: - [2013.01.06 21:27:01 | 000,210,296 | ---- | M] (Kingsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kisknl.sys -- (kisknl)
DRV:64bit: - [2013.01.06 21:27:01 | 000,031,848 | ---- | M] (Kingsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kavbootc64.sys -- (kavbootc)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.12.25 14:34:10 | 000,024,728 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\TSysCare64.sys -- (TSysCare)
DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.10.28 17:09:54 | 000,038,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.05 11:24:26 | 000,292,024 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (Tosrfbd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.27 16:27:04 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010.11.29 12:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.30 11:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | "Start" not found. | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV:64bit: - [2010.04.29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.26 12:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.12.01 23:19:16 | 000,649,472 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.12.01 23:18:32 | 000,617,216 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.10.20 18:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
DRV:64bit: - [2009.10.07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.08.28 16:05:00 | 000,043,912 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCommMgr.sys -- (VcommMgr)
DRV:64bit: - [2009.08.28 16:04:44 | 000,047,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
DRV:64bit: - [2009.08.26 12:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (IvtPanBusSrv)
DRV:64bit: - [2009.08.26 12:18:20 | 000,034,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.26 11:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtAudioBusSrv)
DRV:64bit: - [2009.08.26 11:16:44 | 000,024,840 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 11:16:36 | 000,020,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV:64bit: - [2009.08.26 11:16:20 | 000,017,032 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VComm.sys -- (VComm)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.17 14:02:44 | 000,020,488 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
DRV:64bit: - [2009.06.17 14:02:20 | 000,036,872 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV:64bit: - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
DRV:64bit: - [2009.06.17 13:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009.06.10 22:35:02 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k60x64.sys -- (e1kexpress)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 05:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008.06.12 08:40:13 | 000,085,424 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008.02.05 02:50:42 | 000,079,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2008.01.10 20:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.12.04 09:31:00 | 003,249,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spc1000.sys -- (SPC1000)
DRV - [2013.01.06 21:27:01 | 000,164,696 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys -- (KDHacker)
DRV - [2013.01.06 21:26:58 | 000,018,296 | ---- | M] (Kingsoft Corporation) [Kernel | Disabled | Running] -- C:\Program Files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys -- (KUsbGuard)
DRV - [2012.12.26 12:47:40 | 000,073,784 | ---- | M] (Tencent) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\TsFltMgr.sys -- (TsFltMgr)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.17 14:02:12 | 000,036,360 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004.05.05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\PQNTDRV.sys -- (PQNTDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 5A A2 E6 47 EC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss&mntrId=E6A500FF7A2C38D5
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = hxxp://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=20041099_oem_dg&ch=33
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.87\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\duowan.com/Checker: C:\Program Files (x86)\Common Files\duowan\yy4.0\YYSSO\1.0.0.3\npChecker.dll (广州多玩信息技术有限公司)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.23 11:21:47 | 000,000,000 | ---D | M]
 
[2013.05.02 22:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
O4 - HKLM..\Run: [kxesc] c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe (Kingsoft Corporation)
O4 - HKCU..\Run: [QTalk] C:\Program Files (x86)\Tencent\QTalk\V3.8.6\Bin\QTalk.exe (Tencent)
O4 - HKCU..\Run: [YY] C:\Program Files (x86)\yy\yy-5\YY.exe (YY Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YNote\ieext_menu.htm ()
O8 - Extra context menu item: 收藏到有道云笔记 - C:\Program Files (x86)\Youdao\YNote\ieext_menu.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: 收藏到有道云笔记 - {65D09F88-CE18-4A95-B8AF-311C3311DB03} - C:\Program Files (x86)\Youdao\YNote\ieext_btn.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {3ABECEEC-DD81-4511-A7FD-B3B657B64892} hxxp://3gsoft.gtimg.com/sd/resource/cobrahall/2013/01/17/15/QQGameAssist.cab (AXDownload Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34672EC1-93FF-4B33-A99E-DFEF97C19111}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A2C38D5-A295-4C23-82EF-1F2A414AF71A}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.28 19:09:14 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\Notfall-CD-2.2
[2013.05.28 17:58:27 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\QuickStoresToolbar
[2013.05.28 17:58:24 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013.05.28 17:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.05.28 17:33:14 | 000,000,000 | ---D | C] -- C:\Users\root\Desktop\ntdll
[2013.05.28 17:05:11 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\Diagnostics
[2013.05.26 01:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PartitionMagic 8.0
[2013.05.26 01:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013.05.23 23:26:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.05.22 21:23:17 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2013.05.18 20:50:55 | 005,191,704 | ---- | C] (Google Inc.) -- C:\Windows\SysNative\GooglePinyin2.ime
[2013.05.18 20:50:55 | 003,460,120 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GooglePinyin2.ime
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Google
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.18 20:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.05.18 18:46:10 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duowan.com
[2013.05.18 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\yy
[2013.05.05 19:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2013.05.05 19:25:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2013.05.05 19:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013.05.05 19:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter
[2013.05.05 19:25:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2013.05.05 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\NCH Swift Sound
[2013.05.05 18:38:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2013.05.05 11:34:17 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Local\bluesoleil
[2013.05.02 22:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.02 22:46:49 | 000,000,000 | ---D | C] -- C:\Users\root\AppData\Roaming\Babylon
[2013.05.02 22:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.30 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\KRSHistory
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.28 22:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.28 21:24:39 | 000,005,139 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013.05.28 21:24:39 | 000,000,094 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013.05.28 21:24:37 | 000,000,991 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013.05.28 21:02:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 21:02:07 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.28 20:51:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.05.28 20:51:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.28 20:51:39 | 1517,686,783 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.28 19:04:04 | 548,011,982 | ---- | M] () -- C:\Users\root\Desktop\Notfall-CD-2.2.zip
[2013.05.28 18:25:52 | 000,000,185 | ---- | M] () -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2013.05.28 17:26:10 | 016,095,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.28 17:26:10 | 000,694,892 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.05.28 17:26:10 | 000,693,840 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013.05.28 17:26:10 | 000,691,462 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013.05.28 17:26:10 | 000,690,122 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2013.05.28 17:26:10 | 000,689,538 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.05.28 17:26:10 | 000,679,694 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013.05.28 17:26:10 | 000,676,252 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2013.05.28 17:26:10 | 000,664,104 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013.05.28 17:26:10 | 000,653,454 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.28 17:26:10 | 000,632,734 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2013.05.28 17:26:10 | 000,623,720 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.05.28 17:26:10 | 000,618,174 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013.05.28 17:26:10 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.28 17:26:10 | 000,610,676 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013.05.28 17:26:10 | 000,551,996 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat
[2013.05.28 17:26:10 | 000,462,594 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2013.05.28 17:26:10 | 000,449,064 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat
[2013.05.28 17:26:10 | 000,435,122 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013.05.28 17:26:10 | 000,434,058 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2013.05.28 17:26:10 | 000,400,794 | ---- | M] () -- C:\Windows\SysNative\perfh012.dat
[2013.05.28 17:26:10 | 000,389,694 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013.05.28 17:26:10 | 000,379,188 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013.05.28 17:26:10 | 000,363,044 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2013.05.28 17:26:10 | 000,354,348 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013.05.28 17:26:10 | 000,148,698 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2013.05.28 17:26:10 | 000,137,472 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013.05.28 17:26:10 | 000,135,250 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2013.05.28 17:26:10 | 000,134,154 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013.05.28 17:26:10 | 000,133,320 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013.05.28 17:26:10 | 000,132,930 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2013.05.28 17:26:10 | 000,130,566 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.05.28 17:26:10 | 000,130,160 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.28 17:26:10 | 000,128,514 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013.05.28 17:26:10 | 000,127,550 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.05.28 17:26:10 | 000,124,250 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013.05.28 17:26:10 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.05.28 17:26:10 | 000,122,046 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013.05.28 17:26:10 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013.05.28 17:26:10 | 000,106,864 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.28 17:26:10 | 000,105,380 | ---- | M] () -- C:\Windows\SysNative\perfc012.dat
[2013.05.28 17:26:10 | 000,104,724 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2013.05.28 17:26:10 | 000,099,810 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013.05.28 17:26:10 | 000,089,794 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat
[2013.05.28 17:26:10 | 000,082,590 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2013.05.28 17:26:10 | 000,080,278 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2013.05.28 17:26:10 | 000,079,460 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013.05.28 17:26:10 | 000,077,562 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat
[2013.05.28 17:26:10 | 000,069,570 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013.05.28 16:37:23 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2013.05.26 12:51:49 | 000,000,261 | ---- | M] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.05.26 11:03:48 | 000,018,760 | ---- | M] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013.05.20 19:28:49 | 000,002,718 | ---- | M] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.05.18 20:50:55 | 005,191,704 | ---- | M] (Google Inc.) -- C:\Windows\SysNative\GooglePinyin2.ime
[2013.05.18 20:50:55 | 003,460,120 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GooglePinyin2.ime
[2013.05.18 18:50:04 | 000,000,020 | ---- | M] () -- C:\Users\root\AppData\Roaming\004D5649544E41696E66
[2013.05.18 18:46:26 | 000,000,256 | ---- | M] () -- C:\Users\root\AppData\Roaming\0408002700AC0C
[2013.05.18 18:46:10 | 000,001,052 | ---- | M] () -- C:\Users\root\Desktop\YY.lnk
[2013.05.04 11:59:42 | 002,223,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.28 18:58:36 | 548,011,982 | ---- | C] () -- C:\Users\root\Desktop\Notfall-CD-2.2.zip
[2013.05.28 17:58:27 | 000,000,185 | ---- | C] () -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
[2013.05.18 18:50:04 | 000,000,020 | ---- | C] () -- C:\Users\root\AppData\Roaming\004D5649544E41696E66
[2013.05.18 18:46:10 | 000,001,052 | ---- | C] () -- C:\Users\root\Desktop\YY.lnk
[2013.04.17 13:58:42 | 000,002,718 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
[2013.04.17 13:54:26 | 000,000,261 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2013.04.17 13:48:46 | 000,005,139 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013.04.17 13:43:24 | 000,000,094 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013.04.17 13:31:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
[2013.04.15 12:54:57 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013.04.15 12:54:57 | 000,048,009 | ---- | C] () -- C:\Windows\unins000.dat
[2013.02.10 22:59:45 | 000,000,256 | ---- | C] () -- C:\Users\root\AppData\Roaming\0408002700AC0C
[2013.01.11 18:18:56 | 000,430,992 | ---- | C] () -- C:\Windows\SysWow64\QGActiveX.dll
[2013.01.08 16:43:32 | 000,311,032 | ---- | C] () -- C:\Windows\SysWow64\IVTCredentialProvider.dll
[2013.01.08 01:34:18 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2013.01.07 10:04:42 | 000,018,760 | ---- | C] () -- C:\Windows\SysWow64\QQVistaHelper.dll
[2013.01.06 23:08:46 | 000,000,017 | ---- | C] () -- C:\Users\root\AppData\Local\resmon.resmoncfg
[2012.06.29 22:15:24 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\VMProtectSDK32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.05.26 11:04:04 | 000,001,222 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,222 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,198 | ---- | M] ()(C:\Users\root\Desktop\QT??.lnk) -- C:\Users\root\Desktop\QT语音.lnk
[2013.05.26 11:04:04 | 000,001,198 | ---- | C] ()(C:\Users\root\Desktop\QT??.lnk) -- C:\Users\root\Desktop\QT语音.lnk
[2013.05.18 18:49:39 | 000,001,138 | ---- | M] ()(C:\Users\root\Desktop\YY????.lnk) -- C:\Users\root\Desktop\YY游戏大厅.lnk
[2013.04.22 10:32:13 | 000,001,138 | ---- | C] ()(C:\Users\root\Desktop\YY????.lnk) -- C:\Users\root\Desktop\YY游戏大厅.lnk
[2013.04.15 13:18:55 | 000,001,945 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013.04.15 13:18:55 | 000,001,927 | ---- | M] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013.04.15 13:18:30 | 000,001,945 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013.04.15 13:18:30 | 000,001,927 | ---- | C] ()(C:\Users\Public\Desktop\??.lnk) -- C:\Users\Public\Desktop\快播.lnk
[2013.03.19 00:27:59 | 000,001,167 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2013.03.19 00:27:59 | 000,001,167 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2013.02.22 18:05:22 | 020,411,513 | ---- | M] ()(C:\Users\Public\Documents\QT?? 3.5.rar) -- C:\Users\Public\Documents\QT语音 3.5.rar
[2013.02.22 18:05:01 | 020,411,513 | ---- | C] ()(C:\Users\Public\Documents\QT?? 3.5.rar) -- C:\Users\Public\Documents\QT语音 3.5.rar
[2013.01.09 18:04:41 | 000,001,129 | ---- | M] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ游戏.lnk
[2013.01.09 18:04:41 | 000,001,129 | ---- | C] ()(C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\root\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ游戏.lnk
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯游戏
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\有道
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\小米
(C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\多玩
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯游戏
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:05E9FFE5

< End of report >

--- --- ---

markusg · 29.05.2013, 10:50

Frage: ist das der Einzige PC im Haus?
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

moxito · 29.05.2013, 10:58

Nein, ist nicht der einzige Rechner.

TDSSKILLER hat nichts gefunden.

markusg · 29.05.2013, 10:59

da steht, log auf alle fälle posten, also, poste es bitte.
wie viele Rechner sinds noch?

moxito · 29.05.2013, 11:11

Entschuldige, den Hinweis have ich wohl übersehen. hier das Log:
Es sind noch 2 notebooks per WLAN, und 5 Desktops per Kabel verbunden. Alle werden nur sehr selten benutzt.

Code:

ATTFilter

12:06:34.0040 6984  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:06:35.0821 6984  ============================================================
12:06:35.0821 6984  Current date / time: 2013/05/29 12:06:35.0821
12:06:35.0821 6984  SystemInfo:
12:06:35.0821 6984  
12:06:35.0821 6984  OS Version: 6.1.7601 ServicePack: 1.0
12:06:35.0821 6984  Product type: Workstation
12:06:35.0821 6984  ComputerName: W7
12:06:35.0822 6984  UserName: root
12:06:35.0822 6984  Windows directory: C:\Windows
12:06:35.0822 6984  System windows directory: C:\Windows
12:06:35.0822 6984  Running under WOW64
12:06:35.0822 6984  Processor architecture: Intel x64
12:06:35.0822 6984  Number of processors: 2
12:06:35.0822 6984  Page size: 0x1000
12:06:35.0822 6984  Boot type: Normal boot
12:06:35.0822 6984  ============================================================
12:06:36.0697 6984  Drive \Device\Harddisk0\DR0 - Size: 0x5D2710DE00 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:06:36.0702 6984  ============================================================
12:06:36.0702 6984  \Device\Harddisk0\DR0:
12:06:36.0702 6984  MBR partitions:
12:06:36.0702 6984  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2E937800
12:06:36.0702 6984  ============================================================
12:06:36.0732 6984  C: <-> \Device\Harddisk0\DR0\Partition1
12:06:36.0733 6984  ============================================================
12:06:36.0733 6984  Initialize success
12:06:36.0733 6984  ============================================================
12:06:43.0451 4368  ============================================================
12:06:43.0451 4368  Scan started
12:06:43.0451 4368  Mode: Manual; 
12:06:43.0451 4368  ============================================================
12:06:44.0552 4368  ================ Scan system memory ========================
12:06:44.0552 4368  System memory - ok
12:06:44.0552 4368  ================ Scan services =============================
12:06:44.0830 4368  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:06:44.0832 4368  1394ohci - ok
12:06:44.0887 4368  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:06:44.0890 4368  ACPI - ok
12:06:44.0911 4368  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:06:44.0912 4368  AcpiPmi - ok
12:06:45.0033 4368  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:06:45.0035 4368  AdobeFlashPlayerUpdateSvc - ok
12:06:45.0085 4368  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:06:45.0087 4368  adp94xx - ok
12:06:45.0120 4368  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:06:45.0122 4368  adpahci - ok
12:06:45.0135 4368  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:06:45.0136 4368  adpu320 - ok
12:06:45.0166 4368  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:06:45.0167 4368  AeLookupSvc - ok
12:06:45.0206 4368  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:06:45.0209 4368  AFD - ok
12:06:45.0254 4368  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:06:45.0254 4368  agp440 - ok
12:06:45.0271 4368  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:06:45.0272 4368  ALG - ok
12:06:45.0312 4368  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:06:45.0312 4368  aliide - ok
12:06:45.0316 4368  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:06:45.0317 4368  amdide - ok
12:06:45.0330 4368  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:06:45.0330 4368  AmdK8 - ok
12:06:45.0335 4368  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:06:45.0336 4368  AmdPPM - ok
12:06:45.0361 4368  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:06:45.0362 4368  amdsata - ok
12:06:45.0378 4368  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:06:45.0379 4368  amdsbs - ok
12:06:45.0402 4368  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:06:45.0403 4368  amdxata - ok
12:06:45.0437 4368  [ 363571BC0C79E394E69300D1F2E3DDAE ] androidusb      C:\Windows\system32\Drivers\androidusb.sys
12:06:45.0437 4368  androidusb - ok
12:06:45.0461 4368  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:06:45.0462 4368  AppID - ok
12:06:45.0485 4368  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:06:45.0486 4368  AppIDSvc - ok
12:06:45.0530 4368  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
12:06:45.0531 4368  Appinfo - ok
12:06:45.0574 4368  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:06:45.0576 4368  AppMgmt - ok
12:06:45.0591 4368  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:06:45.0591 4368  arc - ok
12:06:45.0600 4368  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:06:45.0601 4368  arcsas - ok
12:06:45.0637 4368  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:06:45.0638 4368  AsyncMac - ok
12:06:45.0656 4368  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:06:45.0657 4368  atapi - ok
12:06:45.0696 4368  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:06:45.0699 4368  AudioEndpointBuilder - ok
12:06:45.0709 4368  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:06:45.0712 4368  AudioSrv - ok
12:06:45.0739 4368  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:06:45.0740 4368  AxInstSV - ok
12:06:45.0780 4368  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:06:45.0783 4368  b06bdrv - ok
12:06:45.0822 4368  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:06:45.0823 4368  b57nd60a - ok
12:06:45.0859 4368  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:06:45.0860 4368  BDESVC - ok
12:06:45.0885 4368  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:06:45.0885 4368  Beep - ok
12:06:45.0939 4368  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:06:45.0942 4368  BFE - ok
12:06:45.0973 4368  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:06:45.0977 4368  BITS - ok
12:06:46.0012 4368  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:06:46.0013 4368  blbdrive - ok
12:06:46.0057 4368  [ 8BC053CD1F5F11F79C80BE85BC289258 ] BlueletAudio    C:\Windows\system32\DRIVERS\blueletaudio.sys
12:06:46.0057 4368  BlueletAudio - ok
12:06:46.0091 4368  [ 46134C260E6B019AA24506B8AB4D42D3 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
12:06:46.0091 4368  BlueletSCOAudio - ok
12:06:46.0194 4368  [ 941E435E5A903CC60E50E72037FA39D0 ] BlueSoleilCS    C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
12:06:46.0201 4368  BlueSoleilCS - ok
12:06:46.0230 4368  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:06:46.0231 4368  bowser - ok
12:06:46.0258 4368  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:06:46.0259 4368  BrFiltLo - ok
12:06:46.0270 4368  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:06:46.0270 4368  BrFiltUp - ok
12:06:46.0293 4368  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:06:46.0294 4368  Browser - ok
12:06:46.0320 4368  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:06:46.0321 4368  Brserid - ok
12:06:46.0334 4368  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:06:46.0335 4368  BrSerWdm - ok
12:06:46.0338 4368  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:06:46.0339 4368  BrUsbMdm - ok
12:06:46.0342 4368  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:06:46.0343 4368  BrUsbSer - ok
12:06:46.0367 4368  [ 403E99F6DDB6CE624E0F81A554AFF178 ] BsHelpCS        C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
12:06:46.0368 4368  BsHelpCS - ok
12:06:46.0397 4368  [ EA05E37130B94670E8AA3379EAFAE22E ] BT              C:\Windows\system32\DRIVERS\btnetdrv.sys
12:06:46.0397 4368  BT - ok
12:06:46.0401 4368  BTCOM - ok
12:06:46.0445 4368  [ 8BFBA6EBB2654DEF3EBD4D882BAB8EE6 ] Btcsrusb        C:\Windows\system32\Drivers\btcusb.sys
12:06:46.0445 4368  Btcsrusb - ok
12:06:46.0495 4368  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
12:06:46.0495 4368  BthEnum - ok
12:06:46.0533 4368  [ 81229822FACAA324718B3B3C973688ED ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
12:06:46.0534 4368  BtHidBus - ok
12:06:46.0552 4368  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:06:46.0552 4368  BTHMODEM - ok
12:06:46.0575 4368  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:06:46.0576 4368  BthPan - ok
12:06:46.0608 4368  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
12:06:46.0611 4368  BTHPORT - ok
12:06:46.0647 4368  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:06:46.0648 4368  bthserv - ok
12:06:46.0676 4368  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
12:06:46.0676 4368  BTHUSB - ok
12:06:46.0697 4368  [ 2531372CC2AD7C7204A7520DC7C2D0DA ] btnetBUs        C:\Windows\system32\Drivers\btnetBus.sys
12:06:46.0697 4368  btnetBUs - ok
12:06:46.0730 4368  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:06:46.0731 4368  cdfs - ok
12:06:46.0791 4368  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:06:46.0792 4368  cdrom - ok
12:06:46.0825 4368  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:06:46.0825 4368  CertPropSvc - ok
12:06:46.0856 4368  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:06:46.0856 4368  circlass - ok
12:06:46.0890 4368  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:06:46.0892 4368  CLFS - ok
12:06:46.0951 4368  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:46.0952 4368  clr_optimization_v2.0.50727_32 - ok
12:06:47.0015 4368  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:06:47.0016 4368  clr_optimization_v2.0.50727_64 - ok
12:06:47.0084 4368  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:47.0085 4368  clr_optimization_v4.0.30319_32 - ok
12:06:47.0120 4368  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:06:47.0121 4368  clr_optimization_v4.0.30319_64 - ok
12:06:47.0163 4368  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:06:47.0163 4368  CmBatt - ok
12:06:47.0178 4368  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:06:47.0178 4368  cmdide - ok
12:06:47.0225 4368  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
12:06:47.0227 4368  CNG - ok
12:06:47.0245 4368  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:06:47.0245 4368  Compbatt - ok
12:06:47.0284 4368  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:06:47.0285 4368  CompositeBus - ok
12:06:47.0301 4368  COMSysApp - ok
12:06:47.0317 4368  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:06:47.0317 4368  crcdisk - ok
12:06:47.0369 4368  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:06:47.0371 4368  CryptSvc - ok
12:06:47.0411 4368  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:06:47.0414 4368  CSC - ok
12:06:47.0433 4368  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:06:47.0436 4368  CscService - ok
12:06:47.0474 4368  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:06:47.0478 4368  DcomLaunch - ok
12:06:47.0512 4368  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:06:47.0514 4368  defragsvc - ok
12:06:47.0550 4368  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:06:47.0551 4368  DfsC - ok
12:06:47.0577 4368  [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
12:06:47.0578 4368  DgiVecp - ok
12:06:47.0615 4368  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:06:47.0617 4368  Dhcp - ok
12:06:47.0638 4368  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:06:47.0639 4368  discache - ok
12:06:47.0658 4368  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:06:47.0659 4368  Disk - ok
12:06:47.0683 4368  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:06:47.0685 4368  Dnscache - ok
12:06:47.0720 4368  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:06:47.0721 4368  dot3svc - ok
12:06:47.0750 4368  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:06:47.0751 4368  DPS - ok
12:06:47.0780 4368  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:06:47.0780 4368  drmkaud - ok
12:06:47.0829 4368  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:06:47.0833 4368  DXGKrnl - ok
12:06:47.0870 4368  [ 955F6564F448119C12AB3C048CCF8946 ] e1kexpress      C:\Windows\system32\DRIVERS\e1k60x64.sys
12:06:47.0872 4368  e1kexpress - ok
12:06:47.0893 4368  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:06:47.0894 4368  EapHost - ok
12:06:47.0980 4368  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:06:47.0994 4368  ebdrv - ok
12:06:48.0023 4368  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:06:48.0025 4368  EFS - ok
12:06:48.0087 4368  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:06:48.0091 4368  ehRecvr - ok
12:06:48.0119 4368  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:06:48.0120 4368  ehSched - ok
12:06:48.0156 4368  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:06:48.0158 4368  elxstor - ok
12:06:48.0172 4368  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:06:48.0172 4368  ErrDev - ok
12:06:48.0226 4368  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:06:48.0229 4368  EventSystem - ok
12:06:48.0262 4368  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:06:48.0263 4368  exfat - ok
12:06:48.0285 4368  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:06:48.0286 4368  fastfat - ok
12:06:48.0350 4368  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:06:48.0353 4368  Fax - ok
12:06:48.0370 4368  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:06:48.0370 4368  fdc - ok
12:06:48.0382 4368  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:06:48.0383 4368  fdPHost - ok
12:06:48.0397 4368  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:06:48.0398 4368  FDResPub - ok
12:06:48.0415 4368  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:06:48.0415 4368  FileInfo - ok
12:06:48.0428 4368  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:06:48.0428 4368  Filetrace - ok
12:06:48.0483 4368  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:06:48.0486 4368  FLEXnet Licensing Service - ok
12:06:48.0503 4368  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:06:48.0504 4368  flpydisk - ok
12:06:48.0549 4368  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:06:48.0551 4368  FltMgr - ok
12:06:48.0604 4368  [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache       C:\Windows\system32\FntCache.dll
12:06:48.0610 4368  FontCache - ok
12:06:48.0665 4368  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:06:48.0665 4368  FontCache3.0.0.0 - ok
12:06:48.0687 4368  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:06:48.0688 4368  FsDepends - ok
12:06:48.0722 4368  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:06:48.0722 4368  Fs_Rec - ok
12:06:48.0763 4368  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:06:48.0764 4368  fvevol - ok
12:06:48.0781 4368  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:06:48.0781 4368  gagp30kx - ok
12:06:48.0823 4368  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:06:48.0827 4368  gpsvc - ok
12:06:48.0848 4368  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:06:48.0849 4368  hcw85cir - ok
12:06:48.0902 4368  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:06:48.0904 4368  HdAudAddService - ok
12:06:48.0947 4368  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:06:48.0948 4368  HDAudBus - ok
12:06:48.0962 4368  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:06:48.0963 4368  HidBatt - ok
12:06:48.0981 4368  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:06:48.0982 4368  HidBth - ok
12:06:48.0995 4368  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:06:48.0996 4368  HidIr - ok
12:06:49.0030 4368  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:06:49.0031 4368  hidserv - ok
12:06:49.0065 4368  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:06:49.0065 4368  HidUsb - ok
12:06:49.0088 4368  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:06:49.0090 4368  hkmsvc - ok
12:06:49.0120 4368  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:06:49.0122 4368  HomeGroupListener - ok
12:06:49.0157 4368  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:06:49.0159 4368  HomeGroupProvider - ok
12:06:49.0187 4368  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:06:49.0188 4368  HpSAMD - ok
12:06:49.0227 4368  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:06:49.0231 4368  HTTP - ok
12:06:49.0284 4368  [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:06:49.0285 4368  hwdatacard - ok
12:06:49.0301 4368  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:06:49.0302 4368  hwpolicy - ok
12:06:49.0359 4368  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:06:49.0359 4368  i8042prt - ok
12:06:49.0403 4368  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:06:49.0404 4368  iaStorV - ok
12:06:49.0454 4368  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:06:49.0458 4368  idsvc - ok
12:06:49.0698 4368  [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:06:49.0747 4368  igfx - ok
12:06:49.0831 4368  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:06:49.0831 4368  iirsp - ok
12:06:49.0874 4368  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:06:49.0878 4368  IKEEXT - ok
12:06:49.0911 4368  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:06:49.0912 4368  intelide - ok
12:06:49.0936 4368  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:06:49.0936 4368  intelppm - ok
12:06:49.0968 4368  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:06:49.0970 4368  IPBusEnum - ok
12:06:49.0997 4368  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:49.0998 4368  IpFilterDriver - ok
12:06:50.0038 4368  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:06:50.0041 4368  iphlpsvc - ok
12:06:50.0056 4368  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:06:50.0057 4368  IPMIDRV - ok
12:06:50.0073 4368  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:06:50.0074 4368  IPNAT - ok
12:06:50.0101 4368  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:06:50.0102 4368  IRENUM - ok
12:06:50.0116 4368  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:06:50.0117 4368  isapnp - ok
12:06:50.0139 4368  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:06:50.0140 4368  iScsiPrt - ok
12:06:50.0176 4368  [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtAudioBusSrv  C:\Windows\system32\Drivers\IvtBtBus.sys
12:06:50.0177 4368  IvtAudioBusSrv - ok
12:06:50.0180 4368  [ 70EBDA3ED637B0212450C5542EDD11A7 ] IvtBtBUs        C:\Windows\system32\Drivers\IvtBtBus.sys
12:06:50.0180 4368  IvtBtBUs - ok
12:06:50.0184 4368  IvtComBusSrv - ok
12:06:50.0206 4368  [ 2531372CC2AD7C7204A7520DC7C2D0DA ] IvtPanBusSrv    C:\Windows\system32\Drivers\btnetBus.sys
12:06:50.0206 4368  IvtPanBusSrv - ok
12:06:50.0240 4368  [ C04133591DA4F0E4F139BA02020E156E ] kavbootc        C:\Windows\system32\drivers\kavbootc64.sys
12:06:50.0241 4368  kavbootc - ok
12:06:50.0265 4368  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:50.0266 4368  kbdclass - ok
12:06:50.0296 4368  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:50.0297 4368  kbdhid - ok
12:06:50.0379 4368  [ 1F36BC853A467AEE5C55749D0CD67689 ] KDHacker        c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys
12:06:50.0380 4368  KDHacker - ok
12:06:50.0396 4368  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:06:50.0397 4368  KeyIso - ok
12:06:50.0410 4368  [ 9B64685E594265EE5CD168CA7A513E08 ] kisknl          C:\Windows\system32\drivers\kisknl.sys
12:06:50.0411 4368  kisknl - ok
12:06:50.0445 4368  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:06:50.0446 4368  KMWDFILTER - ok
12:06:50.0480 4368  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:06:50.0481 4368  KSecDD - ok
12:06:50.0491 4368  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:06:50.0492 4368  KSecPkg - ok
12:06:50.0510 4368  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:06:50.0511 4368  ksthunk - ok
12:06:50.0542 4368  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:06:50.0545 4368  KtmRm - ok
12:06:50.0606 4368  [ 2D838D0AB6CEF453F690E3D22C2F443C ] KUsbGuard       C:\Program Files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys
12:06:50.0606 4368  KUsbGuard - ok
12:06:50.0643 4368  [ D475D06DE67A3A1D9AD9E632B4C1501C ] kxescore        c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
12:06:50.0644 4368  kxescore - ok
12:06:50.0684 4368  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:06:50.0686 4368  LanmanServer - ok
12:06:50.0723 4368  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:06:50.0725 4368  LanmanWorkstation - ok
12:06:50.0862 4368  [ 70FB6254E29150A7A4A39FDFFD306C33 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:06:50.0864 4368  LBTServ - ok
12:06:50.0907 4368  [ 1470EF17E02E82E4F43346DF9E9F11E1 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:06:50.0907 4368  LHidFilt - ok
12:06:50.0923 4368  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:06:50.0924 4368  lltdio - ok
12:06:50.0964 4368  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:06:50.0967 4368  lltdsvc - ok
12:06:50.0983 4368  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:06:50.0985 4368  lmhosts - ok
12:06:50.0989 4368  [ 12814AE119E959437BEA3110F81BD188 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:06:50.0990 4368  LMouFilt - ok
12:06:51.0019 4368  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:06:51.0020 4368  LSI_FC - ok
12:06:51.0045 4368  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:06:51.0046 4368  LSI_SAS - ok
12:06:51.0059 4368  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:06:51.0060 4368  LSI_SAS2 - ok
12:06:51.0078 4368  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:06:51.0078 4368  LSI_SCSI - ok
12:06:51.0110 4368  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:06:51.0111 4368  luafv - ok
12:06:51.0164 4368  [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
12:06:51.0165 4368  LVRS64 - ok
12:06:51.0331 4368  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
12:06:51.0358 4368  LVUVC64 - ok
12:06:51.0419 4368  [ 31C6AFFFAD7C733A65F888929548BC22 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
12:06:51.0420 4368  mbamchameleon - ok
12:06:51.0443 4368  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:06:51.0445 4368  Mcx2Svc - ok
12:06:51.0470 4368  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:06:51.0471 4368  megasas - ok
12:06:51.0488 4368  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:06:51.0489 4368  MegaSR - ok
12:06:51.0521 4368  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:06:51.0522 4368  MMCSS - ok
12:06:51.0543 4368  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:06:51.0543 4368  Modem - ok
12:06:51.0572 4368  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:06:51.0573 4368  monitor - ok
12:06:51.0607 4368  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:06:51.0608 4368  mouclass - ok
12:06:51.0637 4368  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:06:51.0637 4368  mouhid - ok
12:06:51.0669 4368  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:06:51.0670 4368  mountmgr - ok
12:06:51.0698 4368  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:06:51.0699 4368  mpio - ok
12:06:51.0721 4368  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:06:51.0722 4368  mpsdrv - ok
12:06:51.0757 4368  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:06:51.0762 4368  MpsSvc - ok
12:06:51.0795 4368  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:06:51.0796 4368  MRxDAV - ok
12:06:51.0825 4368  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:51.0826 4368  mrxsmb - ok
12:06:51.0845 4368  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:51.0846 4368  mrxsmb10 - ok
12:06:51.0857 4368  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:51.0858 4368  mrxsmb20 - ok
12:06:51.0889 4368  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:06:51.0889 4368  msahci - ok
12:06:51.0905 4368  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:06:51.0906 4368  msdsm - ok
12:06:51.0921 4368  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:06:51.0923 4368  MSDTC - ok
12:06:51.0931 4368  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:06:51.0931 4368  Msfs - ok
12:06:51.0941 4368  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:06:51.0942 4368  mshidkmdf - ok
12:06:51.0959 4368  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:06:51.0960 4368  msisadrv - ok
12:06:51.0995 4368  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:06:51.0996 4368  MSiSCSI - ok
12:06:51.0999 4368  msiserver - ok
12:06:52.0031 4368  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:06:52.0031 4368  MSKSSRV - ok
12:06:52.0041 4368  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:52.0041 4368  MSPCLOCK - ok
12:06:52.0059 4368  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:06:52.0060 4368  MSPQM - ok
12:06:52.0095 4368  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:06:52.0097 4368  MsRPC - ok
12:06:52.0107 4368  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:06:52.0108 4368  mssmbios - ok
12:06:52.0111 4368  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:06:52.0111 4368  MSTEE - ok
12:06:52.0130 4368  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:06:52.0131 4368  MTConfig - ok
12:06:52.0149 4368  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:06:52.0150 4368  Mup - ok
12:06:52.0182 4368  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:06:52.0185 4368  napagent - ok
12:06:52.0222 4368  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:06:52.0224 4368  NativeWifiP - ok
12:06:52.0283 4368  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:06:52.0287 4368  NDIS - ok
12:06:52.0301 4368  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:06:52.0302 4368  NdisCap - ok
12:06:52.0339 4368  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:52.0339 4368  NdisTapi - ok
12:06:52.0366 4368  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:52.0367 4368  Ndisuio - ok
12:06:52.0396 4368  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:52.0397 4368  NdisWan - ok
12:06:52.0431 4368  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:06:52.0432 4368  NDProxy - ok
12:06:52.0462 4368  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:06:52.0463 4368  NetBIOS - ok
12:06:52.0497 4368  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:06:52.0499 4368  NetBT - ok
12:06:52.0519 4368  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:06:52.0520 4368  Netlogon - ok
12:06:52.0561 4368  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:06:52.0564 4368  Netman - ok
12:06:52.0588 4368  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:06:52.0591 4368  netprofm - ok
12:06:52.0625 4368  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:06:52.0626 4368  NetTcpPortSharing - ok
12:06:52.0636 4368  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:06:52.0637 4368  nfrd960 - ok
12:06:52.0713 4368  [ 3A936AD705E1A20852DC6C694CB192F7 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
12:06:52.0714 4368  NitroReaderDriverReadSpool3 - ok
12:06:52.0738 4368  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:06:52.0741 4368  NlaSvc - ok
12:06:52.0817 4368  [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
12:06:52.0819 4368  NMIndexingService - ok
12:06:52.0834 4368  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:06:52.0835 4368  Npfs - ok
12:06:52.0860 4368  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:06:52.0862 4368  nsi - ok
12:06:52.0869 4368  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:06:52.0870 4368  nsiproxy - ok
12:06:52.0923 4368  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:06:52.0931 4368  Ntfs - ok
12:06:52.0943 4368  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:06:52.0944 4368  Null - ok
12:06:52.0977 4368  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:06:52.0978 4368  nvraid - ok
12:06:52.0995 4368  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:06:52.0996 4368  nvstor - ok
12:06:53.0024 4368  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:06:53.0024 4368  nv_agp - ok
12:06:53.0034 4368  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:06:53.0034 4368  ohci1394 - ok
12:06:53.0060 4368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:06:53.0064 4368  p2pimsvc - ok
12:06:53.0087 4368  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:06:53.0090 4368  p2psvc - ok
12:06:53.0103 4368  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:06:53.0104 4368  Parport - ok
12:06:53.0121 4368  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:06:53.0121 4368  partmgr - ok
12:06:53.0136 4368  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:06:53.0138 4368  PcaSvc - ok
12:06:53.0157 4368  pccsmcfd - ok
12:06:53.0180 4368  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:06:53.0181 4368  pci - ok
12:06:53.0196 4368  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:06:53.0196 4368  pciide - ok
12:06:53.0220 4368  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:06:53.0221 4368  pcmcia - ok
12:06:53.0240 4368  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:06:53.0240 4368  pcw - ok
12:06:53.0265 4368  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:06:53.0268 4368  PEAUTH - ok
12:06:53.0321 4368  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:06:53.0328 4368  PeerDistSvc - ok
12:06:53.0415 4368  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:06:53.0416 4368  PerfHost - ok
12:06:53.0471 4368  [ FE8AF03EFEC0387FBBFCFD32E328DB9A ] phaudlwr        C:\Windows\system32\DRIVERS\phaudlwr.sys
12:06:53.0472 4368  phaudlwr - ok
12:06:53.0522 4368  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:06:53.0530 4368  pla - ok
12:06:53.0576 4368  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:06:53.0580 4368  PlugPlay - ok
12:06:53.0605 4368  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:06:53.0606 4368  PNRPAutoReg - ok
12:06:53.0633 4368  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:06:53.0635 4368  PNRPsvc - ok
12:06:53.0668 4368  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:06:53.0671 4368  PolicyAgent - ok
12:06:53.0706 4368  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:06:53.0708 4368  Power - ok
12:06:53.0749 4368  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:06:53.0750 4368  PptpMiniport - ok
12:06:53.0780 4368  PQNTDrv - ok
12:06:53.0802 4368  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:06:53.0802 4368  Processor - ok
12:06:53.0842 4368  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:06:53.0844 4368  ProfSvc - ok
12:06:53.0854 4368  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:06:53.0855 4368  ProtectedStorage - ok
12:06:53.0903 4368  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:06:53.0904 4368  Psched - ok
12:06:53.0945 4368  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:06:53.0952 4368  ql2300 - ok
12:06:53.0968 4368  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:06:53.0969 4368  ql40xx - ok
12:06:54.0054 4368  QQPCRTP - ok
12:06:54.0067 4368  QQSysMonX64 - ok
12:06:54.0115 4368  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:06:54.0117 4368  QWAVE - ok
12:06:54.0137 4368  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:06:54.0137 4368  QWAVEdrv - ok
12:06:54.0189 4368  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
12:06:54.0190 4368  RapiMgr - ok
12:06:54.0203 4368  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:06:54.0204 4368  RasAcd - ok
12:06:54.0238 4368  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:06:54.0239 4368  RasAgileVpn - ok
12:06:54.0255 4368  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:06:54.0257 4368  RasAuto - ok
12:06:54.0287 4368  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:54.0288 4368  Rasl2tp - ok
12:06:54.0324 4368  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:06:54.0327 4368  RasMan - ok
12:06:54.0354 4368  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:54.0354 4368  RasPppoe - ok
12:06:54.0367 4368  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:06:54.0367 4368  RasSstp - ok
12:06:54.0393 4368  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:06:54.0395 4368  rdbss - ok
12:06:54.0412 4368  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:06:54.0412 4368  rdpbus - ok
12:06:54.0419 4368  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:54.0419 4368  RDPCDD - ok
12:06:54.0453 4368  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:06:54.0454 4368  RDPDR - ok
12:06:54.0485 4368  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:06:54.0486 4368  RDPENCDD - ok
12:06:54.0493 4368  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:06:54.0493 4368  RDPREFMP - ok
12:06:54.0542 4368  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:06:54.0543 4368  RdpVideoMiniport - ok
12:06:54.0579 4368  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:06:54.0580 4368  RDPWD - ok
12:06:54.0613 4368  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:06:54.0614 4368  rdyboost - ok
12:06:54.0640 4368  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:06:54.0641 4368  RemoteAccess - ok
12:06:54.0670 4368  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:06:54.0672 4368  RemoteRegistry - ok
12:06:54.0708 4368  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:06:54.0709 4368  RFCOMM - ok
12:06:54.0734 4368  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:06:54.0736 4368  RpcEptMapper - ok
12:06:54.0749 4368  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:06:54.0750 4368  RpcLocator - ok
12:06:54.0790 4368  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:06:54.0793 4368  RpcSs - ok
12:06:54.0827 4368  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:06:54.0828 4368  rspndr - ok
12:06:54.0852 4368  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:06:54.0853 4368  s3cap - ok
12:06:54.0866 4368  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:06:54.0867 4368  SamSs - ok
12:06:54.0885 4368  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:06:54.0886 4368  sbp2port - ok
12:06:54.0919 4368  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:06:54.0921 4368  SCardSvr - ok
12:06:54.0981 4368  [ B00BCE3D99FE7CE29C6E873AC62F450E ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
12:06:54.0981 4368  SCDEmu - ok
12:06:55.0011 4368  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:06:55.0012 4368  scfilter - ok
12:06:55.0058 4368  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:06:55.0065 4368  Schedule - ok
12:06:55.0102 4368  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:06:55.0103 4368  SCPolicySvc - ok
12:06:55.0131 4368  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:06:55.0133 4368  SDRSVC - ok
12:06:55.0163 4368  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:06:55.0164 4368  secdrv - ok
12:06:55.0182 4368  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:06:55.0184 4368  seclogon - ok
12:06:55.0200 4368  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:06:55.0202 4368  SENS - ok
12:06:55.0219 4368  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:06:55.0221 4368  SensrSvc - ok
12:06:55.0248 4368  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:06:55.0248 4368  Serenum - ok
12:06:55.0260 4368  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:06:55.0261 4368  Serial - ok
12:06:55.0276 4368  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:06:55.0276 4368  sermouse - ok
12:06:55.0313 4368  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:06:55.0315 4368  SessionEnv - ok
12:06:55.0331 4368  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:06:55.0332 4368  sffdisk - ok
12:06:55.0344 4368  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:06:55.0345 4368  sffp_mmc - ok
12:06:55.0356 4368  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:06:55.0356 4368  sffp_sd - ok
12:06:55.0373 4368  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:06:55.0373 4368  sfloppy - ok
12:06:55.0400 4368  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:06:55.0402 4368  SharedAccess - ok
12:06:55.0434 4368  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:06:55.0436 4368  ShellHWDetection - ok
12:06:55.0457 4368  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:06:55.0458 4368  SiSRaid2 - ok
12:06:55.0470 4368  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:06:55.0471 4368  SiSRaid4 - ok
12:06:55.0511 4368  [ FF0DB4D9A08864A5C7B67477CD8E3B2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:06:55.0512 4368  SkypeUpdate - ok
12:06:55.0544 4368  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:06:55.0545 4368  Smb - ok
12:06:55.0585 4368  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:06:55.0586 4368  SNMPTRAP - ok
12:06:55.0689 4368  [ B0D84C0756B2C4A6965DB7DE730AD635 ] SPC1000         C:\Windows\system32\DRIVERS\spc1000.sys
12:06:55.0704 4368  SPC1000 - ok
12:06:55.0718 4368  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:06:55.0719 4368  spldr - ok
12:06:55.0750 4368  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:06:55.0754 4368  Spooler - ok
12:06:55.0853 4368  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:06:55.0871 4368  sppsvc - ok
12:06:55.0893 4368  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:06:55.0895 4368  sppuinotify - ok
12:06:55.0928 4368  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:06:55.0931 4368  srv - ok
12:06:55.0945 4368  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:06:55.0947 4368  srv2 - ok
12:06:55.0961 4368  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:06:55.0962 4368  srvnet - ok
12:06:56.0001 4368  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:06:56.0003 4368  SSDPSRV - ok
12:06:56.0020 4368  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
12:06:56.0021 4368  SSPORT - ok
12:06:56.0030 4368  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:06:56.0032 4368  SstpSvc - ok
12:06:56.0061 4368  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:06:56.0062 4368  stexstor - ok
12:06:56.0116 4368  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:06:56.0120 4368  stisvc - ok
12:06:56.0158 4368  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:06:56.0158 4368  storflt - ok
12:06:56.0186 4368  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:06:56.0187 4368  storvsc - ok
12:06:56.0214 4368  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:06:56.0214 4368  swenum - ok
12:06:56.0233 4368  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:06:56.0237 4368  swprv - ok
12:06:56.0255 4368  Synth3dVsc - ok
12:06:56.0318 4368  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:06:56.0334 4368  SysMain - ok
12:06:56.0365 4368  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:06:56.0367 4368  TabletInputService - ok
12:06:56.0420 4368  [ A8D3F11BC8F37C3D7D026C3E1219B5AC ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:06:56.0420 4368  tap0901 - ok
12:06:56.0436 4368  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:06:56.0439 4368  TapiSrv - ok
12:06:56.0480 4368  [ F7CABF86615803051D586FBF4D916048 ] tapSF0901       C:\Windows\system32\DRIVERS\tapSF0901.sys
12:06:56.0481 4368  tapSF0901 - ok
12:06:56.0503 4368  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:06:56.0505 4368  TBS - ok
12:06:56.0560 4368  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:06:56.0568 4368  Tcpip - ok
12:06:56.0601 4368  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:06:56.0610 4368  TCPIP6 - ok
12:06:56.0648 4368  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:06:56.0648 4368  tcpipreg - ok
12:06:56.0680 4368  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:06:56.0680 4368  TDPIPE - ok
12:06:56.0708 4368  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:06:56.0709 4368  TDTCP - ok
12:06:56.0770 4368  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:06:56.0771 4368  tdx - ok
12:06:56.0798 4368  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:06:56.0799 4368  TermDD - ok
12:06:56.0837 4368  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:06:56.0841 4368  TermService - ok
12:06:56.0882 4368  [ 2E435EF337679AA45AD0307B86256062 ] TesSafe         C:\Windows\system32\TesSafe.sys
12:06:56.0884 4368  TesSafe - ok
12:06:56.0907 4368  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:06:56.0910 4368  Themes - ok
12:06:56.0936 4368  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:06:56.0937 4368  THREADORDER - ok
12:06:56.0976 4368  [ 8021F63311797085949FA387F7C83583 ] tosporte        C:\Windows\system32\DRIVERS\tosporte.sys
12:06:56.0977 4368  tosporte - ok
12:06:57.0021 4368  [ 58E3F35AECD7BD5FCC1BD198B4AD354F ] Tosrfbd         C:\Windows\system32\DRIVERS\tosrfbd.sys
12:06:57.0023 4368  Tosrfbd - ok
12:06:57.0069 4368  [ 9E4E65EA51E34647340BD6007467AC54 ] Tosrfcom        C:\Windows\system32\Drivers\tosrfcom.sys
12:06:57.0070 4368  Tosrfcom - ok
12:06:57.0092 4368  [ 7D2467D3EB9BAA4B69AE4A28C83DE57A ] Tosrfhid        C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:06:57.0092 4368  Tosrfhid - ok
12:06:57.0121 4368  [ 7052B10E54B48AF12BD5606596A8E039 ] TosRfSnd        C:\Windows\system32\drivers\tosrfsnd.sys
12:06:57.0121 4368  TosRfSnd - ok
12:06:57.0129 4368  [ 7A0048693F98460FF537BE31C741B927 ] Tosrfusb        C:\Windows\system32\DRIVERS\tosrfusb.sys
12:06:57.0130 4368  Tosrfusb - ok
12:06:57.0162 4368  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
12:06:57.0163 4368  TPM - ok
12:06:57.0198 4368  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:06:57.0200 4368  TrkWks - ok
12:06:57.0264 4368  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:06:57.0265 4368  TrustedInstaller - ok
12:06:57.0270 4368  TsFltMgr - ok
12:06:57.0301 4368  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:57.0302 4368  tssecsrv - ok
12:06:57.0321 4368  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:06:57.0321 4368  TsUsbFlt - ok
12:06:57.0326 4368  tsusbhub - ok
12:06:57.0376 4368  [ A67E705F93E4664026D8F40E8EC83555 ] TSysCare        C:\Windows\system32\Drivers\TSysCare64.sys
12:06:57.0377 4368  TSysCare - ok
12:06:57.0428 4368  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:06:57.0429 4368  tunnel - ok
12:06:57.0458 4368  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:06:57.0460 4368  uagp35 - ok
12:06:57.0492 4368  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:06:57.0493 4368  udfs - ok
12:06:57.0530 4368  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:06:57.0532 4368  UI0Detect - ok
12:06:57.0562 4368  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:06:57.0563 4368  uliagpkx - ok
12:06:57.0594 4368  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:06:57.0595 4368  umbus - ok
12:06:57.0611 4368  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:06:57.0611 4368  UmPass - ok
12:06:57.0644 4368  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:06:57.0647 4368  UmRdpService - ok
12:06:57.0749 4368  [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
12:06:57.0750 4368  UnlockerDriver5 - ok
12:06:57.0775 4368  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:06:57.0779 4368  upnphost - ok
12:06:57.0837 4368  [ 0835843DE85ACBD7D5C6CF887E8876B7 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA64.sys
12:06:57.0840 4368  USB28xxBGA - ok
12:06:57.0863 4368  [ C95A614A4DC06DCFC3DA7B15F299F827 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM64.sys
12:06:57.0866 4368  USB28xxOEM - ok
12:06:57.0908 4368  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:06:57.0909 4368  usbaudio - ok
12:06:57.0925 4368  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:57.0926 4368  usbccgp - ok
12:06:57.0956 4368  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:06:57.0956 4368  usbcir - ok
12:06:57.0974 4368  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:06:57.0975 4368  usbehci - ok
12:06:58.0000 4368  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:06:58.0001 4368  usbhub - ok
12:06:58.0018 4368  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:06:58.0018 4368  usbohci - ok
12:06:58.0061 4368  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:06:58.0061 4368  usbprint - ok
12:06:58.0078 4368  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:58.0079 4368  USBSTOR - ok
12:06:58.0097 4368  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:58.0098 4368  usbuhci - ok
12:06:58.0138 4368  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:06:58.0139 4368  usbvideo - ok
12:06:58.0165 4368  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:06:58.0167 4368  UxSms - ok
12:06:58.0175 4368  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:06:58.0176 4368  VaultSvc - ok
12:06:58.0223 4368  [ D7FCD8FBBF6CC93140D9C7C7959ED60C ] VBoxDrv         C:\Windows\system32\DRIVERS\VBoxDrv.sys
12:06:58.0224 4368  VBoxDrv - ok
12:06:58.0243 4368  [ 6B22F16BE58AEF1A57970611D7109507 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
12:06:58.0244 4368  VBoxNetAdp - ok
12:06:58.0255 4368  [ 10DD814DA2F2064F53B9694E30FF45A4 ] VBoxNetFlt      C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
12:06:58.0256 4368  VBoxNetFlt - ok
12:06:58.0278 4368  [ 812C2E4EC41CFCACE761620E17463529 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
12:06:58.0279 4368  VBoxUSBMon - ok
12:06:58.0324 4368  [ 389AB97570E7F25192CA18B6348C904F ] VComm           C:\Windows\system32\DRIVERS\VComm.sys
12:06:58.0325 4368  VComm - ok
12:06:58.0340 4368  [ 72F11B412446FAAF95B156A6B781502C ] VcommMgr        C:\Windows\system32\Drivers\VcommMgr.sys
12:06:58.0340 4368  VcommMgr - ok
12:06:58.0374 4368  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:06:58.0375 4368  vdrvroot - ok
12:06:58.0405 4368  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:06:58.0409 4368  vds - ok
12:06:58.0436 4368  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:58.0436 4368  vga - ok
12:06:58.0457 4368  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:06:58.0458 4368  VgaSave - ok
12:06:58.0462 4368  VGPU - ok
12:06:58.0492 4368  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:06:58.0493 4368  vhdmp - ok
12:06:58.0523 4368  [ F3678125BFF5615B087EA7F4BD363370 ] VHidMinidrv     C:\Windows\system32\drivers\VHIDMini.sys
12:06:58.0523 4368  VHidMinidrv - ok
12:06:58.0549 4368  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:06:58.0550 4368  viaide - ok
12:06:58.0566 4368  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:06:58.0568 4368  vmbus - ok
12:06:58.0583 4368  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:06:58.0583 4368  VMBusHID - ok
12:06:58.0646 4368  [ B2E25DB5A6A178C056342ABD747B7326 ] vmm             C:\Windows\system32\Treiber\vmm.sys
12:06:58.0647 4368  vmm - ok
12:06:58.0661 4368  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:06:58.0661 4368  volmgr - ok
12:06:58.0700 4368  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:06:58.0702 4368  volmgrx - ok
12:06:58.0740 4368  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:06:58.0743 4368  volsnap - ok
12:06:58.0769 4368  [ 6BDCA00FC57CC40DA3C8E88B2CEA21AB ] VPCNetS2        C:\Windows\system32\DRIVERS\VMNetSrv.sys
12:06:58.0770 4368  VPCNetS2 - ok
12:06:58.0793 4368  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:06:58.0794 4368  vsmraid - ok
12:06:58.0847 4368  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:06:58.0855 4368  VSS - ok
12:06:58.0871 4368  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:06:58.0872 4368  vwifibus - ok
12:06:58.0902 4368  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:06:58.0905 4368  W32Time - ok
12:06:58.0927 4368  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:06:58.0928 4368  WacomPen - ok
12:06:58.0984 4368  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:06:58.0985 4368  WANARP - ok
12:06:58.0998 4368  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:06:58.0998 4368  Wanarpv6 - ok
12:06:59.0046 4368  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:06:59.0055 4368  wbengine - ok
12:06:59.0079 4368  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:06:59.0082 4368  WbioSrvc - ok
12:06:59.0135 4368  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
12:06:59.0137 4368  WcesComm - ok
12:06:59.0166 4368  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:06:59.0169 4368  wcncsvc - ok
12:06:59.0183 4368  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:06:59.0185 4368  WcsPlugInService - ok
12:06:59.0215 4368  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:06:59.0215 4368  Wd - ok
12:06:59.0254 4368  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:06:59.0258 4368  Wdf01000 - ok
12:06:59.0278 4368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:06:59.0280 4368  WdiServiceHost - ok
12:06:59.0283 4368  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:06:59.0285 4368  WdiSystemHost - ok
12:06:59.0315 4368  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:06:59.0317 4368  WebClient - ok
12:06:59.0334 4368  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:06:59.0336 4368  Wecsvc - ok
12:06:59.0353 4368  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:06:59.0355 4368  wercplsupport - ok
12:06:59.0381 4368  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:06:59.0384 4368  WerSvc - ok
12:06:59.0414 4368  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:06:59.0414 4368  WfpLwf - ok
12:06:59.0432 4368  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:06:59.0432 4368  WIMMount - ok
12:06:59.0463 4368  WinDefend - ok
12:06:59.0467 4368  WinHttpAutoProxySvc - ok
12:06:59.0524 4368  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:06:59.0525 4368  Winmgmt - ok
12:06:59.0590 4368  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:06:59.0601 4368  WinRM - ok
12:06:59.0673 4368  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:06:59.0674 4368  WinUsb - ok
12:06:59.0715 4368  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:06:59.0720 4368  Wlansvc - ok
12:06:59.0851 4368  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:06:59.0862 4368  wlidsvc - ok
12:06:59.0905 4368  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:06:59.0906 4368  WmiAcpi - ok
12:06:59.0933 4368  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:06:59.0934 4368  wmiApSrv - ok
12:06:59.0978 4368  WMPNetworkSvc - ok
12:06:59.0999 4368  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:07:00.0001 4368  WPCSvc - ok
12:07:00.0031 4368  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:07:00.0033 4368  WPDBusEnum - ok
12:07:00.0055 4368  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:07:00.0055 4368  ws2ifsl - ok
12:07:00.0076 4368  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:07:00.0079 4368  wscsvc - ok
12:07:00.0082 4368  WSearch - ok
12:07:00.0147 4368  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:07:00.0162 4368  wuauserv - ok
12:07:00.0194 4368  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:07:00.0195 4368  WudfPf - ok
12:07:00.0228 4368  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:07:00.0229 4368  WUDFRd - ok
12:07:00.0250 4368  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:07:00.0252 4368  wudfsvc - ok
12:07:00.0274 4368  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:07:00.0277 4368  WwanSvc - ok
12:07:00.0354 4368  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:07:00.0358 4368  YahooAUService - ok
12:07:00.0396 4368  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
12:07:00.0397 4368  Yontoo Desktop Updater - ok
12:07:00.0450 4368  ================ Scan global ===============================
12:07:00.0475 4368  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:07:00.0500 4368  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:07:00.0508 4368  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:07:00.0528 4368  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:07:00.0566 4368  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:07:00.0568 4368  [Global] - ok
12:07:00.0569 4368  ================ Scan MBR ==================================
12:07:00.0582 4368  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:07:00.0858 4368  \Device\Harddisk0\DR0 - ok
12:07:00.0859 4368  ================ Scan VBR ==================================
12:07:00.0864 4368  [ 7F8BEAF9F355FB8EA3923BF5AFDD2208 ] \Device\Harddisk0\DR0\Partition1
12:07:00.0866 4368  \Device\Harddisk0\DR0\Partition1 - ok
12:07:00.0866 4368  ============================================================
12:07:00.0866 4368  Scan finished
12:07:00.0866 4368  ============================================================
12:07:00.0874 6532  Detected object count: 0
12:07:00.0874 6532  Actual detected object count: 0

markusg · 29.05.2013, 11:12

Außerdem den TDSS-Killer nicht richtig konfiguriert, bitte noch mal nach Anleitung ausführen

moxito · 29.05.2013, 12:33

Wie, ist der immer noch nicht richtig konfiguriert?

28.05.2013, 20:52	#4
markusg /// Malware-holic	Brief von Telekom den zweiten Link bitte nemen __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

28.05.2013, 20:55	#6
markusg /// Malware-holic	Brief von Telekom hi spammails kannst du bitte immer an die adresse in meiner Signatur weiterleiten __________________ --> Brief von Telekom

28.05.2013, 21:27	#8
markusg /// Malware-holic	Brief von Telekom habs bekommen, dann man weiter mit otl __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

29.05.2013, 10:59	#12
markusg /// Malware-holic	Brief von Telekom da steht, log auf alle fälle posten, also, poste es bitte. wie viele Rechner sinds noch? __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Brief von Telekom

Log-Analyse und Auswertung: Brief von Telekom