|
Plagegeister aller Art und deren Bekämpfung: delta-search.comWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.05.2013, 12:50 | #1 |
| delta-search.com Hallo zusammen mein problem ist seit zwei tage da. Problem ist dies sobald ich mein Browser Mozilla Firefox aufmache und ein neuer Tab anklicke geht er direckt auf delta-search.com. Unter Programme und Funktionen habe ihn delta-search.com gefunden und deinstalliert haber irgend wie ist der immer noch da. Kann mir einer helfen dies in ordnung zubringen. mfg Louco |
31.05.2013, 12:51 | #2 |
/// Malware-holic | delta-search.com Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
31.05.2013, 15:16 | #3 |
| delta-search.com OTL.txt
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 31.05.2013 15:22:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jup\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,43% Memory free 6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 216,72 Gb Free Space | 46,54% Space Free | Partition Type: NTFS Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JUP-PC | User Name: Jup | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.31 14:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jup\Desktop\OTL.exe PRC - [2013.05.29 22:42:54 | 000,844,168 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013.05.12 00:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.04.23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2013.04.18 22:27:59 | 002,169,856 | -HS- | M] () -- C:\Windows\System32\hale.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.29 17:06:46 | 001,926,496 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe PRC - [2012.11.29 17:06:44 | 001,723,744 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe ========== Modules (No Company Name) ========== MOD - [2013.05.29 23:47:59 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll MOD - [2013.05.29 23:47:12 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\5face173af94a7083cea1c078a6b4938\DummyStorePlugin.ni.dll MOD - [2013.05.29 23:46:42 | 000,115,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\9ab54aea64046cd2b4ff895b1c027c05\DeviceStoryAlbum.ni.dll MOD - [2013.05.29 23:45:56 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\29be5a9cc5b83e2b30e9d788ac201f83\DevicePodcast.ni.dll MOD - [2013.05.29 23:44:31 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\b44e10add0a5276dc3fbbde338c4b5ea\DeviceVideo.ni.dll MOD - [2013.05.29 23:43:34 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\9661c2265a6fb7782243c0633378a1e5\DevicePhoto.ni.dll MOD - [2013.05.29 23:42:26 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\ec4ba3e13a88086bf95ea05919513917\DeviceMusic.ni.dll MOD - [2013.05.29 23:41:16 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\df3496a7e1364e2b78bac5b4aef48ae6\VideoManager.ni.dll MOD - [2013.05.29 23:39:41 | 000,782,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\88ec39193b34cf293d0887383c2ccde5\PhotoManager.ni.dll MOD - [2013.05.29 23:33:00 | 001,988,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\be4228490407398b302edeed5ea57879\Phonebook.ni.dll MOD - [2013.05.29 23:32:58 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\ea5424dfc774422fa2038d980b1642d1\StoryAlbumManager.ni.dll MOD - [2013.05.29 23:32:57 | 000,945,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\11e6d42332f583f634dabad0c1252dbd\MusicManager.ni.dll MOD - [2013.05.29 23:32:56 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\fbe4134679a5506a54004cd5952d7d29\BATPlugin.ni.dll MOD - [2013.05.29 23:32:50 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\a5bd3f2855afcc1f5bf15057c35bd48d\Kies.Common.StoreManager.ni.dll MOD - [2013.05.29 23:32:49 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\730c70013610eb7e73f49213b1076bab\Kies.Common.MediaDB.ni.dll MOD - [2013.05.29 23:32:48 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll MOD - [2013.05.29 23:32:47 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\94fd3d4235723a962f8b3f29d7eac567\Kies.Common.AllShare.ni.dll MOD - [2013.05.29 23:32:46 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\fde643974d1f6bc8843237cedb262c9b\Kies.Common.CRMManager.ni.dll MOD - [2013.05.29 23:32:46 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1784a3c837a81be9ad8608a9405de178\Kies.Common.DBManager.ni.dll MOD - [2013.05.29 23:32:45 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\6e3e1abb2c6eec953c061d179162925c\Podcaster.ni.dll MOD - [2013.05.29 23:32:43 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\35992f641f4348746cfe0c6c1b48ece7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2013.05.29 23:32:42 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\94eee0f7d59880d4ff2754ad67877ac1\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2013.05.29 23:32:41 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f0dfcf225ea9ee5911a199d90da24d76\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2013.05.29 23:32:41 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\931b9596988f8d16731b691a35a25727\Interop.DevFileServiceLib.ni.dll MOD - [2013.05.29 23:32:24 | 001,204,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f564ae0bcec147d5902965cf0f4367d1\Kies.Common.DeviceService.ni.dll MOD - [2013.05.29 23:31:10 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\99bba258903cd892a867461d55d728ff\DeviceCommonLib.ni.dll MOD - [2013.05.29 23:30:59 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\1c2a1b55d3cb205a9387f3b78b8b4380\Kies.Plugin.ContentsManagerLib.ni.dll MOD - [2013.05.29 23:29:16 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\50c6d0af63aa7107ec15d7ef86a62609\Kies.Common.MainUI.ni.dll MOD - [2013.05.29 23:19:24 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\bd5cbd625647b2af277b7c5c0ffb8f5b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2013.05.29 23:18:49 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\6704d4bac5e6b834fe7cd1502f09f2cb\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2013.05.29 23:14:15 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\b2c7788a3e89dfe8758d6184bac1b663\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2013.05.29 23:14:08 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\5f0b67eb5313c092d5b8b56426dd30e2\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2013.05.29 23:13:58 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\bfc490c6779a7a9ae85832ca58c27054\Interop.PRPLAYERCORELib.ni.dll MOD - [2013.05.29 23:13:51 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\111be4cc197cabb6340170eeb54ae535\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2013.05.29 23:12:51 | 002,202,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\55bb76574a2231b83b8bb81ee405f172\Kies.Common.Multimedia.ni.dll MOD - [2013.05.29 23:10:38 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2013.05.29 23:10:09 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2627bfc447a741309a32dbd51ee23dbc\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2013.05.29 23:08:38 | 007,031,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\6873d3fad51da6c98725437186125722\DeviceHost.ni.dll MOD - [2013.05.29 23:06:17 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\af22e5bb6307e2882abe5fbdb3c00c8e\CabLib.ni.dll MOD - [2013.05.29 23:05:51 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\37bb8c2ca86bf868044bce11e73d1efc\Kies.Common.Util.ni.dll MOD - [2013.05.29 23:05:41 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4f4243b3bc2e4cdf0ec6e7ad5559aa20\Interop.DeviceSearchLib.ni.dll MOD - [2013.05.29 23:05:25 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll MOD - [2013.05.29 23:05:09 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll MOD - [2013.05.29 23:04:43 | 001,899,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7aef2d5e9f446c4108ed337e465cd196\Kies.UI.ni.dll MOD - [2013.05.29 23:04:00 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\f67e1afe33aa6c76e375dbd4fa132363\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2013.05.29 23:03:10 | 001,273,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0687f786aa9dd34f7dd8d26cdfdb065f\Kies.Interface.ni.dll MOD - [2013.05.29 22:57:18 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.05.29 22:48:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll MOD - [2013.05.29 22:45:18 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.05.29 22:44:50 | 002,176,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\12c6291066c5db8821df6c56c8254037\Kies.ni.exe MOD - [2013.05.29 22:30:24 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.05.29 22:30:21 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll MOD - [2013.05.29 22:30:19 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll MOD - [2013.05.29 22:30:06 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll MOD - [2013.05.29 22:29:52 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll MOD - [2013.05.29 22:29:43 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll MOD - [2013.05.29 22:29:35 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.05.29 22:29:29 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2013.05.12 00:26:24 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.04.18 22:27:59 | 002,169,856 | -HS- | M] () -- C:\Windows\System32\hale.exe MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2012.11.29 17:06:44 | 001,723,744 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.29 17:06:44 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2013.04.24 19:45:35 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps) DRV - [2013.04.24 19:45:35 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi) DRV - [2013.04.24 19:45:26 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.04.03 09:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2013.04.03 09:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.14 13:45:34 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2012.12.14 13:45:34 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2012.07.19 07:57:52 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [1999.09.10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Delta Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=74C76470021311EA" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@autodesk.com/DWF: C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 19:46:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 19:46:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 19:45:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 19:45:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 19:46:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 22:09:09 | 000,000,000 | ---D | M] [2013.04.10 20:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jup\AppData\Roaming\mozilla\Extensions [2013.05.30 00:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jup\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-2092381075-737353353-2565579881-1000\FireFox\extensions [2013.05.30 11:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jup\AppData\Roaming\mozilla\Firefox\Profiles\sfgcbg9b.default-1369903118924\Extensions [2013.05.30 11:16:42 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jup\AppData\Roaming\mozilla\firefox\profiles\sfgcbg9b.default-1369903118924\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.30 00:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\Extensions [2013.05.29 18:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.29 18:46:54 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.29 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.05.29 18:44:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\updated\extensions\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} [2013.05.29 18:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\browser\extensions [2013.05.29 18:44:32 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Chew7Hale] C:\Windows\System32\hale.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FF566B5-3362-40A7-80B6-14192ADEA9B7}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF11186-A743-4ACC-9FEA-C318A6345F22}: NameServer = 192.168.1.1,192.168.1.2 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\ois.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O27 - HKLM IFEO\Winword.exe: Debugger - C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009.04.29 11:02:01 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.31 15:21:33 | 000,000,000 | ---D | C] -- C:\Users\Jup\Documents\Neuer Ordner (2) [2013.05.31 14:02:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jup\Desktop\OTL.exe [2013.05.30 10:38:49 | 000,000,000 | ---D | C] -- C:\Users\Jup\Desktop\Alte Firefox-Daten [2013.05.30 00:24:30 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.30 00:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.30 00:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.30 00:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\Babylon [2013.05.30 00:17:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.30 00:15:51 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\OpenCandy [2013.05.30 00:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2013.05.30 00:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.05.29 23:28:36 | 000,000,000 | ---D | C] -- C:\Users\Jup\.jordan [2013.05.29 23:01:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.05.29 22:51:39 | 000,000,000 | ---D | C] -- C:\Users\Jup\Documents\SelfMV [2013.05.29 22:41:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.05.29 22:41:48 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Local\Samsung [2013.05.29 22:41:36 | 000,000,000 | ---D | C] -- C:\Users\Jup\Documents\samsung [2013.05.29 22:40:34 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys [2013.05.29 22:40:34 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys [2013.05.29 22:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.05.29 22:38:17 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec [2013.05.29 22:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.05.29 22:34:10 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2013.05.29 22:33:51 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2013.05.29 22:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.05.29 22:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung [2013.05.29 22:27:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.05.29 22:10:09 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Local\Downloaded Installations [2013.05.29 21:43:17 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\Samsung [2013.05.29 21:33:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Samsung_USB_Drivers [2013.05.19 11:24:20 | 000,000,000 | ---D | C] -- C:\Users\Jup\Documents\Neuer Ordner [2013.05.19 11:06:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit [2013.05.10 19:26:15 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\elsterformular [2013.05.10 19:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.05.10 19:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.05.10 19:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular [2013.05.10 19:13:21 | 000,000,000 | ---D | C] -- C:\Users\Jup\appleJuice [2013.05.10 19:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\appleJuice [2013.05.10 19:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\appleJuice [2013.05.07 17:40:51 | 000,000,000 | ---D | C] -- C:\Users\Jup\AppData\Roaming\EPSON ========== Files - Modified Within 30 Days ========== [2013.05.31 14:46:18 | 000,010,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 14:46:18 | 000,010,112 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.31 14:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jup\Desktop\OTL.exe [2013.05.31 12:52:33 | 000,721,524 | ---- | M] () -- C:\Windows\System32\prfh0816.dat [2013.05.31 12:52:33 | 000,700,168 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.31 12:52:33 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.31 12:52:33 | 000,152,446 | ---- | M] () -- C:\Windows\System32\prfc0816.dat [2013.05.31 12:52:33 | 000,148,964 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.31 12:52:33 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.31 12:42:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.31 12:42:40 | 2415,357,952 | -HS- | M] () -- C:\hiberfil.sys [2013.05.30 00:16:15 | 000,001,364 | ---- | M] () -- C:\Users\Jup\Desktop\Free YouTube to MP3 Converter.lnk [2013.05.29 22:41:25 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.05.29 22:41:25 | 000,001,946 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.05.29 21:43:11 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt [2013.05.29 18:46:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.05.29 16:16:10 | 000,008,704 | ---- | M] () -- C:\Users\Jup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.20 13:16:35 | 000,007,605 | ---- | M] () -- C:\Users\Jup\AppData\Local\Resmon.ResmonCfg [2013.05.19 11:21:47 | 000,010,754 | ---- | M] () -- C:\Users\Jup\Documents\IncrediMail exportierte Kontakte (CSV-Format).csv [2013.05.19 11:06:26 | 000,001,017 | ---- | M] () -- C:\Users\Jup\Desktop\Orbit.lnk [2013.05.15 16:46:24 | 000,486,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.10 19:25:51 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.05.10 19:12:27 | 000,001,660 | ---- | M] () -- C:\Users\Jup\Desktop\appleJuice Client (Core).lnk [2013.05.10 19:06:50 | 000,001,980 | ---- | M] () -- C:\Users\Jup\Desktop\appleJuice Client (GUI).lnk ========== Files Created - No Company Name ========== [2013.05.29 22:41:25 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk [2013.05.29 22:41:25 | 000,001,946 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.05.29 21:43:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2013.05.29 21:40:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2013.05.10 19:25:51 | 000,001,195 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2013.05.10 19:06:50 | 000,001,980 | ---- | C] () -- C:\Users\Jup\Desktop\appleJuice Client (GUI).lnk [2013.05.10 19:06:46 | 000,001,660 | ---- | C] () -- C:\Users\Jup\Desktop\appleJuice Client (Core).lnk [2013.05.10 19:03:48 | 000,087,040 | ---- | C] () -- C:\Windows\System32\TrayIcon12.dll [2013.05.10 19:03:48 | 000,061,952 | ---- | C] () -- C:\Windows\System32\ajnetmask.dll [2013.04.18 22:27:59 | 002,169,856 | -HS- | C] () -- C:\Windows\System32\hale.exe [2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2013.04.17 16:44:34 | 000,008,704 | ---- | C] () -- C:\Users\Jup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.12 21:17:49 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE [2013.04.12 21:17:04 | 000,037,888 | ---- | C] () -- C:\Windows\System32\AVIwrap.dll [2013.04.12 21:17:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll [2013.04.12 21:17:00 | 000,008,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll [2013.04.12 21:16:59 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL [2013.04.12 21:16:59 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2013.04.12 21:16:58 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll [2013.04.12 21:16:57 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll [2013.04.12 21:15:12 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013.04.12 21:15:12 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013.04.12 21:15:12 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013.04.12 19:23:10 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini [2013.04.11 22:31:51 | 000,007,605 | ---- | C] () -- C:\Users\Jup\AppData\Local\Resmon.ResmonCfg [2013.04.11 21:20:14 | 001,513,984 | ---- | C] () -- C:\Windows\System32\Mgxrdr80.dll [2013.04.11 21:20:12 | 000,338,944 | ---- | C] () -- C:\Windows\System32\LFFPX7.DLL [2013.04.11 21:20:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL [2013.04.11 21:19:50 | 000,064,000 | ---- | C] () -- C:\Windows\System32\Ppiv30.dll [2013.04.11 21:19:50 | 000,000,986 | ---- | C] () -- C:\Windows\Mgxclean.sys [2013.04.11 21:19:50 | 000,000,100 | ---- | C] () -- C:\Windows\MGXCLEAN.DAT [2013.04.11 19:10:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2013.04.11 19:09:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.04.10 20:44:22 | 000,721,524 | ---- | C] () -- C:\Windows\System32\prfh0816.dat [2013.04.10 20:44:22 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat [2013.04.10 20:44:22 | 000,152,446 | ---- | C] () -- C:\Windows\System32\prfc0816.dat [2013.04.10 20:44:22 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.12 21:51:21 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\Autodesk [2013.05.30 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\Babylon [2013.05.30 00:15:51 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\DVDVideoSoft [2013.04.12 21:35:04 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.10 19:26:17 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\elsterformular [2013.05.07 17:40:51 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\EPSON [2013.04.12 23:02:09 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\GrabPro [2013.05.30 00:15:51 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\OpenCandy [2013.05.29 17:01:09 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\Orbit [2013.04.12 22:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\ProgSense [2013.05.29 22:41:47 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\Samsung [2013.04.11 22:54:28 | 000,000,000 | ---D | M] -- C:\Users\Jup\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.04.10 18:38:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.04.12 21:17:49 | 000,000,000 | ---D | M] -- C:\audio [2013.05.29 23:26:10 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.04.10 18:38:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.05.29 17:59:42 | 000,000,000 | ---D | M] -- C:\downloads [2013.04.12 22:29:07 | 000,000,000 | ---D | M] -- C:\Java5_22 [2013.04.12 18:14:38 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.04.11 19:17:22 | 000,000,000 | ---D | M] -- C:\Progi [2013.05.30 00:35:51 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.30 00:23:51 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.04.10 18:38:28 | 000,000,000 | -HSD | M] -- C:\Programme [2013.04.10 18:38:28 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.05.31 14:10:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.04.13 18:29:58 | 000,000,000 | ---D | M] -- C:\Tsunami-Filter-Pack [2013.04.10 19:32:38 | 000,000,000 | R--D | M] -- C:\Users [2013.05.30 00:17:02 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:53:46 | 000,031,372 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2012.07.19 08:12:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe [2012.07.19 08:12:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe [2012.07.19 08:12:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows\Resources\Themes\Explorer\x64\SMALL\Explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows\Resources\Themes\Explorer\x86\BIG\Explorer.exe [2012.07.19 08:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe [2012.07.19 08:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe [2012.07.19 08:12:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows\Resources\Themes\Explorer\x64\BIG\Explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe [2012.07.19 08:12:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows\Resources\Themes\Explorer\x86\SMALL\Explorer.exe < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\ProgramData\Microsoft\Windows\SXS\32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\All Users\Microsoft\Windows\SXS\32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=85AEB26057AAC125EEC1425305F86960 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1562571D6B1541098E677C3BB78709A0 -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\ProgramData\Microsoft\Windows\SXS\32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\All Users\Microsoft\Windows\SXS\32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2013.04.24 19:45:21 | 000,074,848 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klflt.sys [2013.04.24 19:45:26 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2012.08.02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2012.12.14 13:45:34 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klkbdflt.sys [2012.12.14 13:45:34 | 000,025,944 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys [2013.04.24 19:45:35 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kltdi.sys [2013.04.24 19:45:35 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kneps.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.31 15:34:50 | 002,359,296 | -HS- | M] () -- C:\Users\Jup\NTUSER.DAT [2013.05.31 15:34:50 | 000,262,144 | -HS- | M] () -- C:\Users\Jup\ntuser.dat.LOG1 [2013.04.10 18:38:32 | 000,000,000 | -HS- | M] () -- C:\Users\Jup\ntuser.dat.LOG2 [2013.04.10 18:56:39 | 000,065,536 | -HS- | M] () -- C:\Users\Jup\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2013.04.10 18:56:39 | 000,524,288 | -HS- | M] () -- C:\Users\Jup\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2013.04.10 18:56:39 | 000,524,288 | -HS- | M] () -- C:\Users\Jup\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2013.04.10 18:38:32 | 000,000,020 | -HS- | M] () -- C:\Users\Jup\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extra.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 31.05.2013 15:22:06 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jup\Desktop Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,43% Memory free 6,00 Gb Paging File | 4,70 Gb Available in Paging File | 78,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,66 Gb Total Space | 216,72 Gb Free Space | 46,54% Space Free | Partition Type: NTFS Drive D: | 0,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: JUP-PC | User Name: Jup | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10C648BE-D6FF-4B19-9CD2-4CB36F107009}" = lport=138 | protocol=17 | dir=in | app=system | "{145F7533-138C-431A-8CBD-B224B66EC78E}" = lport=10243 | protocol=6 | dir=in | app=system | "{298487AF-EF14-4064-9688-569CE42F9943}" = rport=139 | protocol=6 | dir=out | app=system | "{2B12C3AF-3A5A-48D6-A275-7D2EBC55E68E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4A21BB4B-BA81-44A1-8BCE-ACCD1AB04D3F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{715F0689-ACDC-4E4F-AE01-8E44AA58F0E6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{792C7551-8520-4B75-A89A-1DAEA9288073}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7ECA4F0A-1929-4880-A8A3-29B98966BB64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81CCCFDA-6F4C-4B2E-BABB-1B5DE51F158C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{9BBCF809-39BB-4162-BAED-9E669223EF23}" = rport=10243 | protocol=6 | dir=out | app=system | "{A0D6AB44-DAE3-4398-9C30-FE81C4D643A7}" = lport=2869 | protocol=6 | dir=in | app=system | "{A53C2C7C-0FC4-45A3-97B8-56564E3F7906}" = rport=137 | protocol=17 | dir=out | app=system | "{A9947750-FFC9-4D8E-961A-B37B189B3F30}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C4B8DC76-64FC-4269-AC5F-1C3FF32B710B}" = rport=138 | protocol=17 | dir=out | app=system | "{CCAABA95-B895-4928-B827-8C184107C9C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D0B6A957-9A45-41F1-BD3C-938C51983CE5}" = lport=139 | protocol=6 | dir=in | app=system | "{D9334A36-E5B8-4ACC-94C4-E89F0D10911A}" = rport=445 | protocol=6 | dir=out | app=system | "{DE45CF6F-B7D3-478C-A8B4-13D5C62D7DD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F1E42304-1002-4010-B73E-B4CADD064907}" = lport=445 | protocol=6 | dir=in | app=system | "{F5D1E8CC-8FEB-4D1D-B8C9-FCC0533B9E01}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{FD096B16-4356-482C-A37B-9F2A13AE78BD}" = lport=137 | protocol=17 | dir=in | app=system | "{FEA30DA6-35D1-41CF-A888-7C6B6F0DDAA9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02C9B530-1A90-4E9E-9FC6-E3566A5C61EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{3598D15D-6092-464A-B57F-AA69627F8730}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4944C5CE-44D3-4A04-82F5-85377DB6CEF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{4D3A06C6-4807-4A61-82F6-9E3D5AA3D631}" = protocol=6 | dir=out | app=system | "{5636FAA0-54EA-4773-B93A-1C8E6EAA3614}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{69CD783E-D344-4015-84F7-65A49A53B489}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{844D82D8-A320-4A79-AB07-1622897F5BCE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9A54CE0F-98A1-4CD1-81C9-08812B0C99DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9B2B9FA4-C80C-4089-9164-EF41470BDB8F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9EFDFE35-4AB2-4B92-BC89-B0FE32311039}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A21D38D4-6490-406D-97A1-0D6D772699F0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{A90A8B1F-6E4A-427F-BB80-53E4ACC4639F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF09A6C1-11B8-4C70-9DA1-EB907681408F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7C1C725-8B3D-4FA7-8687-4C44FE5407A2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{CB03793E-ADFD-441B-88EA-3B358AACF113}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{CC97B194-B47F-4377-A53C-4BA24B2A8C04}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D0E6A6A2-34E9-4CAF-8895-C44170DCEB2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EE489FF7-0560-4EA8-B3F7-3AD982D64FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FC215C45-06BE-4257-BF74-D0551B097769}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FE00E67A-CC74-4F00-A3E4-6871FEB11CCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518) "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5783F2D7-A028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2012 "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2010 "{90140000-0017-0816-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Portuguese (Portugal)) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2010 "{90140000-0100-0816-0000-0000000FF1CE}" = Microsoft Office O MUI (Portuguese (Portugal)) 2010 "{90140000-0101-0816-0000-0000000FF1CE}" = Microsoft Office X MUI (Portuguese (Portugal)) 2010 "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E4D5A41-1051-4F1A-8342-ECB26CA0C86C}" = Autodesk Design Review 2012 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}" = Autodesk Design Review Browser Add-on v1.2 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{DCFF9230-22DC-40ED-BBCC-0F260B85734C}" = Tsunami-Filter-Pack "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Autodesk Design Review 2012" = Autodesk Design Review 2012 "CCleaner" = CCleaner "CDex" = CDex extraction audio "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DWG TrueView 2012" = DWG TrueView 2012 "ElsterFormular" = ElsterFormular "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430 "HyperSnap 7" = HyperSnap 7 "IncrediMail" = IncrediMail 2.0 "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "IsoBuster_is1" = IsoBuster 2.8 "KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Micrografx Picture Publisher 8" = Micrografx Picture Publisher 8 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263 "NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only) "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.OMUI.pt-pt" = Microsoft Office Language Pack 2010 - Portuguese/Português "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Orbit_is1" = Orbit Downloader "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.2 "WashAndGo_is1" = WashAndGo "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.05.2013 11:22:43 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel: 0x5052a17e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059da1 ID des fehlerhaften Prozesses: 0x2590 Startzeit der fehlerhaften Anwendung: 0x01ce524932181b70 Pfad der fehlerhaften Anwendung: C:\Program Files\Orbitdownloader\orbitdm.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 73dde7b0-be3c-11e2-a94d-6470021311ea Error - 17.05.2013 08:35:09 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel: 0x5052a17e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059da1 ID des fehlerhaften Prozesses: 0x2fd4 Startzeit der fehlerhaften Anwendung: 0x01ce52faef8dbbe0 Pfad der fehlerhaften Anwendung: C:\Program Files\Orbitdownloader\orbitdm.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 358b6570-beee-11e2-a211-6470021311ea Error - 17.05.2013 08:36:37 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel: 0x5052a17e Name des fehlerhaften Moduls: SoftUpdater.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x5052a233 Ausnahmecode: 0xc0000005 Fehleroffset: 0x1008078a ID des fehlerhaften Prozesses: 0x3770 Startzeit der fehlerhaften Anwendung: 0x01ce52fb042b4a90 Pfad der fehlerhaften Anwendung: C:\Program Files\Orbitdownloader\orbitdm.exe Pfad des fehlerhaften Moduls: SoftUpdater.dll Berichtskennung: 69d97ac4-beee-11e2-a211-6470021311ea Error - 18.05.2013 07:54:05 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: orbitdm.exe, Version: 4.1.1.2, Zeitstempel: 0x5052a17e Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00059da1 ID des fehlerhaften Prozesses: 0x4e2c Startzeit der fehlerhaften Anwendung: 0x01ce53be61d0ab40 Pfad der fehlerhaften Anwendung: C:\Program Files\Orbitdownloader\orbitdm.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: a337e684-bfb1-11e2-934a-6470021311ea Error - 22.05.2013 16:42:09 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften Prozesses: 0x41e4 Startzeit der fehlerhaften Anwendung: 0x01ce56fc141bf940 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 12524ed0-c320-11e2-b09d-6470021311ea Error - 22.05.2013 16:53:32 | Computer Name = Jup-PC | Source = Application Hang | ID = 1002 Description = Programm OneClick.exe, Version 13.0.3000.133 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3850 Startzeit: 01ce56fdfb0f6d90 Endzeit: 466 Anwendungspfad: C:\Program Files\TuneUp Utilities 2013\OneClick.exe Berichts-ID: a0a919b1-c321-11e2-b09d-6470021311ea Error - 29.05.2013 13:03:12 | Computer Name = Jup-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879, Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879, Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften Prozesses: 0x1890 Startzeit der fehlerhaften Anwendung: 0x01ce5c8c234a4da0 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: a478d980-c881-11e2-9786-6470021311ea Error - 29.05.2013 15:33:14 | Computer Name = Jup-PC | Source = VSS | ID = 8194 Description = Error - 29.05.2013 16:03:18 | Computer Name = Jup-PC | Source = VSS | ID = 8194 Description = Error - 30.05.2013 05:29:15 | Computer Name = Jup-PC | Source = Application Hang | ID = 1002 Description = Programm WORDPAD.EXE, Version 6.1.7601.17514 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 22f8 Startzeit: 01ce5d17d9942a00 Endzeit: 47 Anwendungspfad: C:\Program Files\Windows NT\Accessories\WORDPAD.EXE Berichts-ID: 5a9c1d61-c90b-11e2-b343-6470021311ea [ System Events ] Error - 29.05.2013 17:37:17 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 30.05.2013 03:39:15 | Computer Name = Jup-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?30.?05.?2013 um 00:36:17 unerwartet heruntergefahren. Error - 30.05.2013 03:42:03 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 30.05.2013 03:42:03 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 30.05.2013 04:50:36 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 30.05.2013 04:50:36 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 30.05.2013 05:16:51 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 30.05.2013 05:16:51 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 31.05.2013 06:45:08 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 31.05.2013 06:45:08 | Computer Name = Jup-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
31.05.2013, 17:15 | #4 |
/// Malware-holic | delta-search.com Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
31.05.2013, 17:46 | #5 |
| delta-search.com Hier 18:41:33.0309 3192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:41:33.0693 3192 ============================================================ 18:41:33.0693 3192 Current date / time: 2013/05/31 18:41:33.0693 18:41:33.0693 3192 SystemInfo: 18:41:33.0693 3192 18:41:33.0693 3192 OS Version: 6.1.7601 ServicePack: 1.0 18:41:33.0693 3192 Product type: Workstation 18:41:33.0693 3192 ComputerName: JUP-PC 18:41:33.0693 3192 UserName: Jup 18:41:33.0693 3192 Windows directory: C:\Windows 18:41:33.0693 3192 System windows directory: C:\Windows 18:41:33.0693 3192 Processor architecture: Intel x86 18:41:33.0693 3192 Number of processors: 1 18:41:33.0693 3192 Page size: 0x1000 18:41:33.0693 3192 Boot type: Normal boot 18:41:33.0693 3192 ============================================================ 18:41:39.0928 3192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xCF0156, SectorsPerTrack: 0x4, TracksPerCylinder: 0x12, Type 'K0', Flags 0x00000050 18:41:39.0947 3192 ============================================================ 18:41:39.0947 3192 \Device\Harddisk0\DR0: 18:41:39.0948 3192 MBR partitions: 18:41:39.0948 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:41:39.0948 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000 18:41:39.0948 3192 ============================================================ 18:41:39.0988 3192 C: <-> \Device\Harddisk0\DR0\Partition2 18:41:39.0988 3192 ============================================================ 18:41:39.0988 3192 Initialize success 18:41:39.0988 3192 ============================================================ 18:42:52.0002 13836 ============================================================ 18:42:52.0002 13836 Scan started 18:42:52.0002 13836 Mode: Manual; SigCheck; TDLFS; 18:42:52.0002 13836 ============================================================ 18:42:52.0442 13836 ================ Scan system memory ======================== 18:42:52.0443 13836 System memory - ok 18:42:52.0445 13836 ================ Scan services ============================= 18:42:52.0593 13836 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:42:52.0762 13836 1394ohci - ok 18:42:52.0825 13836 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:42:52.0841 13836 ACPI - ok 18:42:52.0881 13836 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:42:52.0980 13836 AcpiPmi - ok 18:42:53.0042 13836 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:42:53.0071 13836 AdobeARMservice - ok 18:42:53.0110 13836 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 18:42:53.0129 13836 adp94xx - ok 18:42:53.0138 13836 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 18:42:53.0153 13836 adpahci - ok 18:42:53.0164 13836 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 18:42:53.0178 13836 adpu320 - ok 18:42:53.0207 13836 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:42:53.0281 13836 AeLookupSvc - ok 18:42:53.0360 13836 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 18:42:53.0508 13836 AFD - ok 18:42:53.0535 13836 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 18:42:53.0557 13836 agp440 - ok 18:42:53.0582 13836 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 18:42:53.0595 13836 aic78xx - ok 18:42:53.0623 13836 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 18:42:53.0746 13836 ALG - ok 18:42:53.0788 13836 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 18:42:53.0801 13836 aliide - ok 18:42:53.0830 13836 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 18:42:53.0842 13836 amdagp - ok 18:42:53.0863 13836 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 18:42:53.0875 13836 amdide - ok 18:42:53.0894 13836 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 18:42:53.0998 13836 AmdK8 - ok 18:42:54.0031 13836 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 18:42:54.0152 13836 AmdPPM - ok 18:42:54.0170 13836 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:42:54.0183 13836 amdsata - ok 18:42:54.0212 13836 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 18:42:54.0227 13836 amdsbs - ok 18:42:54.0244 13836 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:42:54.0256 13836 amdxata - ok 18:42:54.0290 13836 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 18:42:54.0353 13836 AppID - ok 18:42:54.0371 13836 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:42:54.0478 13836 AppIDSvc - ok 18:42:54.0534 13836 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll 18:42:54.0619 13836 Appinfo - ok 18:42:54.0686 13836 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 18:42:54.0809 13836 AppMgmt - ok 18:42:54.0816 13836 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 18:42:54.0828 13836 arc - ok 18:42:54.0844 13836 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 18:42:54.0857 13836 arcsas - ok 18:42:54.0893 13836 [ B979979AB8027F7F53FB16EC4229B7DB ] ASPI32 C:\Windows\system32\drivers\ASPI32.sys 18:42:54.0977 13836 ASPI32 ( UnsignedFile.Multi.Generic ) - warning 18:42:54.0977 13836 ASPI32 - detected UnsignedFile.Multi.Generic (1) 18:42:55.0036 13836 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 18:42:55.0047 13836 aspnet_state - ok 18:42:55.0073 13836 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:42:55.0211 13836 AsyncMac - ok 18:42:55.0256 13836 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 18:42:55.0267 13836 atapi - ok 18:42:55.0318 13836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:42:55.0422 13836 AudioEndpointBuilder - ok 18:42:55.0440 13836 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 18:42:55.0472 13836 Audiosrv - ok 18:42:55.0530 13836 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe 18:42:55.0574 13836 AVP - ok 18:42:55.0623 13836 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:42:55.0703 13836 AxInstSV - ok 18:42:55.0741 13836 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 18:42:55.0821 13836 b06bdrv - ok 18:42:55.0837 13836 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 18:42:55.0904 13836 b57nd60x - ok 18:42:55.0933 13836 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 18:42:56.0018 13836 BDESVC - ok 18:42:56.0036 13836 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 18:42:56.0122 13836 Beep - ok 18:42:56.0174 13836 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 18:42:56.0346 13836 BFE - ok 18:42:56.0376 13836 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 18:42:56.0437 13836 BITS - ok 18:42:56.0458 13836 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 18:42:56.0521 13836 blbdrive - ok 18:42:56.0544 13836 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:42:56.0651 13836 bowser - ok 18:42:56.0671 13836 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:42:56.0859 13836 BrFiltLo - ok 18:42:56.0871 13836 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:42:56.0965 13836 BrFiltUp - ok 18:42:56.0993 13836 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 18:42:57.0095 13836 Browser - ok 18:42:57.0273 13836 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe 18:42:57.0351 13836 BrowserProtect - ok 18:42:57.0379 13836 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:42:57.0475 13836 Brserid - ok 18:42:57.0489 13836 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:42:57.0574 13836 BrSerWdm - ok 18:42:57.0579 13836 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:42:57.0683 13836 BrUsbMdm - ok 18:42:57.0689 13836 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:42:57.0830 13836 BrUsbSer - ok 18:42:57.0836 13836 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 18:42:57.0899 13836 BTHMODEM - ok 18:42:57.0938 13836 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 18:42:58.0027 13836 bthserv - ok 18:42:58.0054 13836 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:42:58.0215 13836 cdfs - ok 18:42:58.0257 13836 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 18:42:58.0387 13836 cdrom - ok 18:42:58.0426 13836 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 18:42:58.0501 13836 CertPropSvc - ok 18:42:58.0519 13836 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 18:42:58.0582 13836 circlass - ok 18:42:58.0603 13836 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 18:42:58.0618 13836 CLFS - ok 18:42:58.0682 13836 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:42:58.0710 13836 clr_optimization_v2.0.50727_32 - ok 18:42:58.0771 13836 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:42:58.0783 13836 clr_optimization_v4.0.30319_32 - ok 18:42:58.0790 13836 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 18:42:58.0845 13836 CmBatt - ok 18:42:58.0859 13836 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:42:58.0870 13836 cmdide - ok 18:42:58.0902 13836 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 18:42:58.0932 13836 CNG - ok 18:42:58.0945 13836 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 18:42:58.0957 13836 Compbatt - ok 18:42:58.0983 13836 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:42:59.0029 13836 CompositeBus - ok 18:42:59.0052 13836 COMSysApp - ok 18:42:59.0064 13836 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 18:42:59.0107 13836 crcdisk - ok 18:42:59.0146 13836 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:42:59.0205 13836 CryptSvc - ok 18:42:59.0243 13836 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 18:42:59.0310 13836 CSC - ok 18:42:59.0351 13836 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 18:42:59.0433 13836 CscService - ok 18:42:59.0461 13836 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 18:42:59.0554 13836 DcomLaunch - ok 18:42:59.0597 13836 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 18:42:59.0691 13836 defragsvc - ok 18:42:59.0723 13836 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:42:59.0825 13836 DfsC - ok 18:42:59.0861 13836 [ B575C523F537F24D66D31F8877E6BCAB ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 18:42:59.0890 13836 dg_ssudbus - ok 18:42:59.0931 13836 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 18:43:00.0001 13836 Dhcp - ok 18:43:00.0036 13836 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 18:43:00.0115 13836 discache - ok 18:43:00.0134 13836 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 18:43:00.0147 13836 Disk - ok 18:43:00.0174 13836 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:43:00.0263 13836 Dnscache - ok 18:43:00.0291 13836 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 18:43:00.0371 13836 dot3svc - ok 18:43:00.0387 13836 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 18:43:00.0481 13836 DPS - ok 18:43:00.0541 13836 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:43:00.0604 13836 drmkaud - ok 18:43:00.0691 13836 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:43:00.0730 13836 DXGKrnl - ok 18:43:00.0763 13836 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 18:43:00.0886 13836 EapHost - ok 18:43:00.0956 13836 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 18:43:01.0094 13836 ebdrv - ok 18:43:01.0114 13836 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 18:43:01.0199 13836 EFS - ok 18:43:01.0255 13836 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:43:01.0311 13836 ehRecvr - ok 18:43:01.0351 13836 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 18:43:01.0431 13836 ehSched - ok 18:43:01.0458 13836 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 18:43:01.0477 13836 elxstor - ok 18:43:01.0504 13836 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:43:01.0544 13836 ErrDev - ok 18:43:01.0572 13836 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 18:43:01.0680 13836 EventSystem - ok 18:43:01.0687 13836 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 18:43:01.0778 13836 exfat - ok 18:43:01.0785 13836 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:43:01.0842 13836 fastfat - ok 18:43:01.0885 13836 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 18:43:01.0984 13836 Fax - ok 18:43:01.0991 13836 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 18:43:02.0081 13836 fdc - ok 18:43:02.0102 13836 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 18:43:02.0168 13836 fdPHost - ok 18:43:02.0190 13836 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 18:43:02.0233 13836 FDResPub - ok 18:43:02.0248 13836 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:43:02.0261 13836 FileInfo - ok 18:43:02.0279 13836 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:43:02.0386 13836 Filetrace - ok 18:43:02.0393 13836 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 18:43:02.0449 13836 flpydisk - ok 18:43:02.0457 13836 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:43:02.0472 13836 FltMgr - ok 18:43:02.0512 13836 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 18:43:02.0592 13836 FontCache - ok 18:43:02.0647 13836 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:43:02.0657 13836 FontCache3.0.0.0 - ok 18:43:02.0664 13836 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:43:02.0675 13836 FsDepends - ok 18:43:02.0697 13836 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:43:02.0734 13836 Fs_Rec - ok 18:43:02.0758 13836 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:43:02.0775 13836 fvevol - ok 18:43:02.0796 13836 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 18:43:02.0809 13836 gagp30kx - ok 18:43:02.0851 13836 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 18:43:02.0963 13836 gpsvc - ok 18:43:02.0982 13836 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:43:03.0040 13836 hcw85cir - ok 18:43:03.0089 13836 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:43:03.0183 13836 HdAudAddService - ok 18:43:03.0213 13836 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:43:03.0249 13836 HDAudBus - ok 18:43:03.0255 13836 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 18:43:03.0332 13836 HidBatt - ok 18:43:03.0339 13836 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 18:43:03.0387 13836 HidBth - ok 18:43:03.0412 13836 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 18:43:03.0497 13836 HidIr - ok 18:43:03.0516 13836 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 18:43:03.0599 13836 hidserv - ok 18:43:03.0643 13836 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:43:03.0725 13836 HidUsb - ok 18:43:03.0758 13836 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:43:03.0844 13836 hkmsvc - ok 18:43:03.0862 13836 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:43:03.0935 13836 HomeGroupListener - ok 18:43:03.0960 13836 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:43:04.0066 13836 HomeGroupProvider - ok 18:43:04.0107 13836 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:43:04.0119 13836 HpSAMD - ok 18:43:04.0155 13836 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:43:04.0267 13836 HTTP - ok 18:43:04.0283 13836 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:43:04.0295 13836 hwpolicy - ok 18:43:04.0316 13836 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:43:04.0369 13836 i8042prt - ok 18:43:04.0387 13836 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:43:04.0405 13836 iaStorV - ok 18:43:04.0454 13836 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:43:04.0491 13836 idsvc - ok 18:43:04.0528 13836 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 18:43:04.0569 13836 iirsp - ok 18:43:04.0593 13836 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 18:43:04.0702 13836 IKEEXT - ok 18:43:04.0722 13836 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 18:43:04.0733 13836 intelide - ok 18:43:04.0775 13836 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 18:43:04.0830 13836 intelppm - ok 18:43:04.0863 13836 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:43:04.0954 13836 IPBusEnum - ok 18:43:04.0961 13836 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:43:05.0073 13836 IpFilterDriver - ok 18:43:05.0103 13836 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:43:05.0180 13836 iphlpsvc - ok 18:43:05.0198 13836 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:43:05.0259 13836 IPMIDRV - ok 18:43:05.0266 13836 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:43:05.0341 13836 IPNAT - ok 18:43:05.0368 13836 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:43:05.0428 13836 IRENUM - ok 18:43:05.0442 13836 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:43:05.0455 13836 isapnp - ok 18:43:05.0473 13836 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:43:05.0489 13836 iScsiPrt - ok 18:43:05.0514 13836 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:43:05.0526 13836 kbdclass - ok 18:43:05.0555 13836 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:43:05.0600 13836 kbdhid - ok 18:43:05.0621 13836 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 18:43:05.0635 13836 KeyIso - ok 18:43:05.0673 13836 [ EA26CB00F83686856F2C79673C00C686 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys 18:43:05.0690 13836 kl1 - ok 18:43:05.0737 13836 [ BE21AC70BB25B9BA0D79AA510D6BBFCB ] KLIF C:\Windows\system32\DRIVERS\klif.sys 18:43:05.0796 13836 KLIF - ok 18:43:05.0811 13836 [ AF127FE7DD5ED2BBC9049FD8A00DEFC2 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 18:43:05.0879 13836 KLIM6 - ok 18:43:05.0899 13836 [ 24AEBAD59D1DE8A7CC36E8F09F999362 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 18:43:05.0935 13836 klkbdflt - ok 18:43:05.0950 13836 [ A58507C2827C3AE1D4CCB2746AAB349F ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 18:43:06.0045 13836 klmouflt - ok 18:43:06.0058 13836 [ E7EFE379B05BB01F13885C5DBE5A4E64 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 18:43:06.0235 13836 kltdi - ok 18:43:06.0248 13836 [ 8F932DF10408BCABA2FCF6163C843F8E ] kneps C:\Windows\system32\DRIVERS\kneps.sys 18:43:06.0341 13836 kneps - ok 18:43:06.0370 13836 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:43:06.0384 13836 KSecDD - ok 18:43:06.0414 13836 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:43:06.0470 13836 KSecPkg - ok 18:43:06.0507 13836 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 18:43:06.0605 13836 KtmRm - ok 18:43:06.0637 13836 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 18:43:06.0866 13836 LanmanServer - ok 18:43:06.0900 13836 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:43:07.0005 13836 LanmanWorkstation - ok 18:43:07.0049 13836 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:43:07.0140 13836 lltdio - ok 18:43:07.0169 13836 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:43:07.0259 13836 lltdsvc - ok 18:43:07.0281 13836 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 18:43:07.0383 13836 lmhosts - ok 18:43:07.0416 13836 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 18:43:07.0437 13836 LSI_FC - ok 18:43:07.0455 13836 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 18:43:07.0467 13836 LSI_SAS - ok 18:43:07.0475 13836 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:43:07.0487 13836 LSI_SAS2 - ok 18:43:07.0494 13836 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:43:07.0508 13836 LSI_SCSI - ok 18:43:07.0514 13836 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 18:43:07.0545 13836 luafv - ok 18:43:07.0561 13836 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 18:43:07.0630 13836 MBAMProtector - ok 18:43:07.0667 13836 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe 18:43:07.0691 13836 MBAMScheduler - ok 18:43:07.0715 13836 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:43:07.0752 13836 MBAMService - ok 18:43:07.0779 13836 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:43:07.0810 13836 Mcx2Svc - ok 18:43:07.0816 13836 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 18:43:07.0828 13836 megasas - ok 18:43:07.0853 13836 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 18:43:07.0868 13836 MegaSR - ok 18:43:07.0891 13836 Microsoft SharePoint Workspace Audit Service - ok 18:43:07.0927 13836 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 18:43:08.0018 13836 MMCSS - ok 18:43:08.0032 13836 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 18:43:08.0114 13836 Modem - ok 18:43:08.0136 13836 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:43:08.0203 13836 monitor - ok 18:43:08.0221 13836 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 18:43:08.0234 13836 mouclass - ok 18:43:08.0242 13836 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 18:43:08.0339 13836 mouhid - ok 18:43:08.0357 13836 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:43:08.0370 13836 mountmgr - ok 18:43:08.0415 13836 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:43:08.0431 13836 MozillaMaintenance - ok 18:43:08.0465 13836 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 18:43:08.0479 13836 mpio - ok 18:43:08.0497 13836 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:43:08.0562 13836 mpsdrv - ok 18:43:08.0593 13836 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:43:08.0715 13836 MpsSvc - ok 18:43:08.0739 13836 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:43:08.0811 13836 MRxDAV - ok 18:43:08.0829 13836 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:43:08.0909 13836 mrxsmb - ok 18:43:08.0931 13836 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:43:09.0004 13836 mrxsmb10 - ok 18:43:09.0017 13836 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:43:09.0059 13836 mrxsmb20 - ok 18:43:09.0069 13836 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 18:43:09.0080 13836 msahci - ok 18:43:09.0095 13836 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:43:09.0109 13836 msdsm - ok 18:43:09.0132 13836 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 18:43:09.0204 13836 MSDTC - ok 18:43:09.0216 13836 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:43:09.0264 13836 Msfs - ok 18:43:09.0277 13836 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:43:09.0366 13836 mshidkmdf - ok 18:43:09.0387 13836 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:43:09.0398 13836 msisadrv - ok 18:43:09.0437 13836 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:43:09.0519 13836 MSiSCSI - ok 18:43:09.0525 13836 msiserver - ok 18:43:09.0551 13836 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:43:09.0634 13836 MSKSSRV - ok 18:43:09.0640 13836 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:43:09.0686 13836 MSPCLOCK - ok 18:43:09.0692 13836 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:43:09.0755 13836 MSPQM - ok 18:43:09.0779 13836 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:43:09.0793 13836 MsRPC - ok 18:43:09.0807 13836 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:43:09.0831 13836 mssmbios - ok 18:43:09.0839 13836 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:43:09.0875 13836 MSTEE - ok 18:43:09.0894 13836 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 18:43:09.0971 13836 MTConfig - ok 18:43:09.0996 13836 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 18:43:10.0050 13836 MTsensor - ok 18:43:10.0063 13836 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 18:43:10.0075 13836 Mup - ok 18:43:10.0103 13836 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 18:43:10.0183 13836 napagent - ok 18:43:10.0217 13836 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:43:10.0254 13836 NativeWifiP - ok 18:43:10.0297 13836 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:43:10.0335 13836 NDIS - ok 18:43:10.0368 13836 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:43:10.0459 13836 NdisCap - ok 18:43:10.0490 13836 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:43:10.0535 13836 NdisTapi - ok 18:43:10.0578 13836 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:43:10.0665 13836 Ndisuio - ok 18:43:10.0679 13836 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:43:10.0745 13836 NdisWan - ok 18:43:10.0772 13836 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:43:10.0845 13836 NDProxy - ok 18:43:10.0864 13836 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:43:10.0956 13836 NetBIOS - ok 18:43:10.0980 13836 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:43:11.0123 13836 NetBT - ok 18:43:11.0143 13836 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 18:43:11.0182 13836 Netlogon - ok 18:43:11.0224 13836 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 18:43:11.0309 13836 Netman - ok 18:43:11.0343 13836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:43:11.0356 13836 NetMsmqActivator - ok 18:43:11.0362 13836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:43:11.0391 13836 NetPipeActivator - ok 18:43:11.0414 13836 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 18:43:11.0483 13836 netprofm - ok 18:43:11.0490 13836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:43:11.0501 13836 NetTcpActivator - ok 18:43:11.0507 13836 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 18:43:11.0518 13836 NetTcpPortSharing - ok 18:43:11.0541 13836 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 18:43:11.0555 13836 nfrd960 - ok 18:43:11.0602 13836 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 18:43:11.0645 13836 NlaSvc - ok 18:43:11.0652 13836 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:43:11.0741 13836 Npfs - ok 18:43:11.0776 13836 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 18:43:11.0835 13836 nsi - ok 18:43:11.0841 13836 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:43:11.0883 13836 nsiproxy - ok 18:43:11.0925 13836 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:43:11.0992 13836 Ntfs - ok 18:43:12.0001 13836 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 18:43:12.0028 13836 Null - ok 18:43:12.0075 13836 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys 18:43:12.0114 13836 NVENETFD - ok 18:43:12.0324 13836 [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 18:43:12.0611 13836 nvlddmkm - ok 18:43:12.0670 13836 [ 1DE923088878B495CD4219E47BA34EB8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys 18:43:12.0691 13836 NVNET - ok 18:43:12.0719 13836 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:43:12.0732 13836 nvraid - ok 18:43:12.0740 13836 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:43:12.0759 13836 nvstor - ok 18:43:12.0797 13836 [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc C:\Windows\system32\nvvsvc.exe 18:43:12.0848 13836 nvsvc - ok 18:43:12.0934 13836 [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 18:43:13.0080 13836 nvUpdatusService - ok 18:43:13.0098 13836 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:43:13.0112 13836 nv_agp - ok 18:43:13.0133 13836 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:43:13.0269 13836 ohci1394 - ok 18:43:13.0295 13836 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:43:13.0307 13836 ose - ok 18:43:13.0413 13836 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:43:13.0626 13836 osppsvc - ok 18:43:13.0663 13836 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:43:13.0836 13836 p2pimsvc - ok 18:43:13.0874 13836 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 18:43:14.0021 13836 p2psvc - ok 18:43:14.0057 13836 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 18:43:14.0200 13836 Parport - ok 18:43:14.0222 13836 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:43:14.0235 13836 partmgr - ok 18:43:14.0249 13836 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 18:43:14.0283 13836 Parvdm - ok 18:43:14.0305 13836 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:43:14.0378 13836 PcaSvc - ok 18:43:14.0395 13836 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 18:43:14.0410 13836 pci - ok 18:43:14.0416 13836 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 18:43:14.0428 13836 pciide - ok 18:43:14.0450 13836 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 18:43:14.0477 13836 pcmcia - ok 18:43:14.0484 13836 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 18:43:14.0495 13836 pcw - ok 18:43:14.0520 13836 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:43:14.0639 13836 PEAUTH - ok 18:43:14.0695 13836 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 18:43:14.0764 13836 PeerDistSvc - ok 18:43:14.0823 13836 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 18:43:14.0921 13836 pla - ok 18:43:14.0967 13836 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:43:15.0050 13836 PlugPlay - ok 18:43:15.0073 13836 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:43:15.0210 13836 PNRPAutoReg - ok 18:43:15.0238 13836 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:43:15.0262 13836 PNRPsvc - ok 18:43:15.0285 13836 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:43:15.0382 13836 PolicyAgent - ok 18:43:15.0410 13836 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 18:43:15.0457 13836 Power - ok 18:43:15.0475 13836 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:43:15.0525 13836 PptpMiniport - ok 18:43:15.0545 13836 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 18:43:15.0599 13836 Processor - ok 18:43:15.0631 13836 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 18:43:15.0752 13836 ProfSvc - ok 18:43:15.0781 13836 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:43:15.0846 13836 ProtectedStorage - ok 18:43:15.0862 13836 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:43:15.0939 13836 Psched - ok 18:43:15.0971 13836 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 18:43:16.0025 13836 ql2300 - ok 18:43:16.0032 13836 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 18:43:16.0045 13836 ql40xx - ok 18:43:16.0068 13836 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 18:43:16.0111 13836 QWAVE - ok 18:43:16.0119 13836 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:43:16.0156 13836 QWAVEdrv - ok 18:43:16.0169 13836 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:43:16.0282 13836 RasAcd - ok 18:43:16.0302 13836 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:43:16.0366 13836 RasAgileVpn - ok 18:43:16.0380 13836 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 18:43:16.0502 13836 RasAuto - ok 18:43:16.0511 13836 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:43:16.0568 13836 Rasl2tp - ok 18:43:16.0607 13836 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 18:43:16.0688 13836 RasMan - ok 18:43:16.0717 13836 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:43:16.0753 13836 RasPppoe - ok 18:43:16.0760 13836 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:43:16.0817 13836 RasSstp - ok 18:43:16.0850 13836 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:43:16.0937 13836 rdbss - ok 18:43:16.0944 13836 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 18:43:16.0991 13836 rdpbus - ok 18:43:17.0017 13836 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:43:17.0084 13836 RDPCDD - ok 18:43:17.0115 13836 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 18:43:17.0189 13836 RDPDR - ok 18:43:17.0210 13836 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:43:17.0288 13836 RDPENCDD - ok 18:43:17.0297 13836 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:43:17.0355 13836 RDPREFMP - ok 18:43:17.0413 13836 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:43:17.0475 13836 RdpVideoMiniport - ok 18:43:17.0516 13836 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:43:17.0598 13836 RDPWD - ok 18:43:17.0622 13836 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:43:17.0637 13836 rdyboost - ok 18:43:17.0661 13836 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 18:43:17.0710 13836 RemoteAccess - ok 18:43:17.0733 13836 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:43:17.0824 13836 RemoteRegistry - ok 18:43:17.0843 13836 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:43:17.0930 13836 RpcEptMapper - ok 18:43:17.0953 13836 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 18:43:18.0013 13836 RpcLocator - ok 18:43:18.0033 13836 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 18:43:18.0083 13836 RpcSs - ok 18:43:18.0096 13836 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:43:18.0172 13836 rspndr - ok 18:43:18.0212 13836 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 18:43:18.0232 13836 RTL8167 - ok 18:43:18.0262 13836 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 18:43:18.0347 13836 s3cap - ok 18:43:18.0366 13836 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 18:43:18.0413 13836 SamSs - ok 18:43:18.0445 13836 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:43:18.0458 13836 sbp2port - ok 18:43:18.0467 13836 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:43:18.0519 13836 SCardSvr - ok 18:43:18.0537 13836 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:43:18.0632 13836 scfilter - ok 18:43:18.0691 13836 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 18:43:18.0785 13836 Schedule - ok 18:43:18.0806 13836 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:43:18.0849 13836 SCPolicySvc - ok 18:43:18.0876 13836 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:43:18.0960 13836 SDRSVC - ok 18:43:18.0986 13836 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:43:19.0044 13836 secdrv - ok 18:43:19.0059 13836 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 18:43:19.0147 13836 seclogon - ok 18:43:19.0181 13836 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 18:43:19.0279 13836 SENS - ok 18:43:19.0308 13836 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:43:19.0384 13836 SensrSvc - ok 18:43:19.0404 13836 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 18:43:19.0452 13836 Serenum - ok 18:43:19.0469 13836 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 18:43:19.0551 13836 Serial - ok 18:43:19.0579 13836 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 18:43:19.0631 13836 sermouse - ok 18:43:19.0669 13836 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 18:43:19.0759 13836 SessionEnv - ok 18:43:19.0785 13836 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:43:19.0827 13836 sffdisk - ok 18:43:19.0839 13836 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:43:20.0000 13836 sffp_mmc - ok 18:43:20.0015 13836 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:43:20.0196 13836 sffp_sd - ok 18:43:20.0218 13836 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 18:43:20.0312 13836 sfloppy - ok 18:43:20.0341 13836 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:43:20.0501 13836 SharedAccess - ok 18:43:20.0526 13836 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:43:20.0593 13836 ShellHWDetection - ok 18:43:20.0610 13836 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 18:43:20.0623 13836 sisagp - ok 18:43:20.0651 13836 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:43:20.0703 13836 SiSRaid2 - ok 18:43:20.0710 13836 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 18:43:20.0724 13836 SiSRaid4 - ok 18:43:20.0737 13836 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:43:20.0787 13836 Smb - ok 18:43:20.0824 13836 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:43:20.0911 13836 SNMPTRAP - ok 18:43:20.0928 13836 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 18:43:20.0940 13836 spldr - ok 18:43:20.0976 13836 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 18:43:21.0088 13836 Spooler - ok 18:43:21.0174 13836 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 18:43:21.0399 13836 sppsvc - ok 18:43:21.0426 13836 [ 761B6D9D80FF93D83E2542AF190E3E24 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:43:21.0501 13836 sppuinotify ( UnsignedFile.Multi.Generic ) - warning 18:43:21.0501 13836 sppuinotify - detected UnsignedFile.Multi.Generic (1) 18:43:21.0521 13836 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 18:43:21.0609 13836 srv - ok 18:43:21.0637 13836 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:43:21.0722 13836 srv2 - ok 18:43:21.0730 13836 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:43:21.0750 13836 srvnet - ok 18:43:21.0771 13836 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:43:21.0857 13836 SSDPSRV - ok 18:43:21.0875 13836 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:43:21.0933 13836 SstpSvc - ok 18:43:21.0978 13836 [ CA22092117F4F8BA3700B4BF9962444A ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 18:43:22.0021 13836 ssudmdm - ok 18:43:22.0076 13836 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 18:43:22.0101 13836 StarOpen ( UnsignedFile.Multi.Generic ) - warning 18:43:22.0101 13836 StarOpen - detected UnsignedFile.Multi.Generic (1) 18:43:22.0147 13836 [ 81F177C1954453AF407604160BD149CB ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 18:43:22.0175 13836 Stereo Service - ok 18:43:22.0199 13836 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 18:43:22.0211 13836 stexstor - ok 18:43:22.0242 13836 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 18:43:22.0314 13836 StiSvc - ok 18:43:22.0321 13836 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 18:43:22.0334 13836 storflt - ok 18:43:22.0357 13836 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 18:43:22.0431 13836 StorSvc - ok 18:43:22.0464 13836 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 18:43:22.0475 13836 storvsc - ok 18:43:22.0488 13836 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 18:43:22.0500 13836 swenum - ok 18:43:22.0544 13836 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 18:43:22.0597 13836 swprv - ok 18:43:22.0632 13836 Synth3dVsc - ok 18:43:22.0676 13836 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 18:43:22.0743 13836 SysMain - ok 18:43:22.0800 13836 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:43:22.0956 13836 TabletInputService - ok 18:43:22.0985 13836 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 18:43:23.0026 13836 TapiSrv - ok 18:43:23.0043 13836 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 18:43:23.0077 13836 TBS - ok 18:43:23.0121 13836 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:43:23.0186 13836 Tcpip - ok 18:43:23.0210 13836 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:43:23.0236 13836 TCPIP6 - ok 18:43:23.0268 13836 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:43:23.0347 13836 tcpipreg - ok 18:43:23.0374 13836 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:43:23.0420 13836 TDPIPE - ok 18:43:23.0427 13836 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:43:23.0506 13836 TDTCP - ok 18:43:23.0531 13836 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:43:23.0593 13836 tdx - ok 18:43:23.0608 13836 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:43:23.0621 13836 TermDD - ok 18:43:23.0659 13836 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 18:43:23.0743 13836 TermService - ok 18:43:23.0763 13836 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 18:43:23.0829 13836 Themes - ok 18:43:23.0848 13836 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 18:43:23.0929 13836 THREADORDER - ok 18:43:23.0949 13836 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 18:43:24.0053 13836 TrkWks - ok 18:43:24.0108 13836 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:43:24.0205 13836 TrustedInstaller - ok 18:43:24.0231 13836 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:43:24.0324 13836 tssecsrv - ok 18:43:24.0382 13836 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:43:24.0408 13836 TsUsbFlt - ok 18:43:24.0415 13836 tsusbhub - ok 18:43:24.0491 13836 [ 3C4FE9B413AC1025EE0E0F3C895B73C9 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe 18:43:24.0549 13836 TuneUp.UtilitiesSvc - ok 18:43:24.0592 13836 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys 18:43:24.0657 13836 TuneUpUtilitiesDrv - ok 18:43:24.0706 13836 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:43:24.0866 13836 tunnel - ok 18:43:24.0890 13836 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 18:43:24.0902 13836 uagp35 - ok 18:43:24.0927 13836 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:43:25.0055 13836 udfs - ok 18:43:25.0080 13836 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:43:25.0132 13836 UI0Detect - ok 18:43:25.0150 13836 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:43:25.0162 13836 uliagpkx - ok 18:43:25.0196 13836 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 18:43:25.0269 13836 umbus - ok 18:43:25.0287 13836 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 18:43:25.0351 13836 UmPass - ok 18:43:25.0385 13836 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 18:43:25.0487 13836 UmRdpService - ok 18:43:25.0521 13836 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 18:43:25.0643 13836 upnphost - ok 18:43:25.0659 13836 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:43:25.0725 13836 usbccgp - ok 18:43:25.0761 13836 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:43:25.0832 13836 usbcir - ok 18:43:25.0839 13836 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 18:43:25.0882 13836 usbehci - ok 18:43:25.0891 13836 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 18:43:25.0973 13836 usbhub - ok 18:43:25.0981 13836 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 18:43:26.0050 13836 usbohci - ok 18:43:26.0084 13836 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 18:43:26.0156 13836 usbprint - ok 18:43:26.0182 13836 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 18:43:26.0232 13836 usbscan - ok 18:43:26.0246 13836 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:43:26.0323 13836 USBSTOR - ok 18:43:26.0359 13836 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:43:26.0386 13836 usbuhci - ok 18:43:26.0398 13836 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 18:43:26.0486 13836 UxSms - ok 18:43:26.0525 13836 [ 2FEE0AAA981AC1685319778E647E9000 ] UxTuneUp C:\Windows\System32\uxtuneup.dll 18:43:26.0536 13836 UxTuneUp - ok 18:43:26.0553 13836 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 18:43:26.0603 13836 VaultSvc - ok 18:43:26.0613 13836 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:43:26.0625 13836 vdrvroot - ok 18:43:26.0652 13836 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 18:43:26.0776 13836 vds - ok 18:43:26.0794 13836 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:43:26.0871 13836 vga - ok 18:43:26.0901 13836 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 18:43:27.0028 13836 VgaSave - ok 18:43:27.0050 13836 VGPU - ok 18:43:27.0079 13836 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:43:27.0093 13836 vhdmp - ok 18:43:27.0146 13836 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 18:43:27.0158 13836 viaagp - ok 18:43:27.0182 13836 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 18:43:27.0280 13836 ViaC7 - ok 18:43:27.0299 13836 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 18:43:27.0310 13836 viaide - ok 18:43:27.0331 13836 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 18:43:27.0349 13836 vmbus - ok 18:43:27.0370 13836 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 18:43:27.0466 13836 VMBusHID - ok 18:43:27.0473 13836 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:43:27.0486 13836 volmgr - ok 18:43:27.0505 13836 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:43:27.0522 13836 volmgrx - ok 18:43:27.0545 13836 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:43:27.0590 13836 volsnap - ok 18:43:27.0612 13836 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 18:43:27.0651 13836 vsmraid - ok 18:43:27.0719 13836 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 18:43:27.0821 13836 VSS - ok 18:43:27.0844 13836 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 18:43:27.0891 13836 vwifibus - ok 18:43:27.0938 13836 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 18:43:28.0102 13836 W32Time - ok 18:43:28.0142 13836 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 18:43:28.0205 13836 WacomPen - ok 18:43:28.0269 13836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:43:28.0342 13836 WANARP - ok 18:43:28.0349 13836 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:43:28.0416 13836 Wanarpv6 - ok 18:43:28.0485 13836 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 18:43:28.0700 13836 wbengine - ok 18:43:28.0893 13836 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:43:28.0995 13836 WbioSrvc - ok 18:43:29.0255 13836 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:43:29.0366 13836 wcncsvc - ok 18:43:29.0420 13836 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:43:29.0500 13836 WcsPlugInService - ok 18:43:29.0517 13836 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 18:43:29.0529 13836 Wd - ok 18:43:29.0565 13836 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:43:29.0592 13836 Wdf01000 - ok 18:43:29.0654 13836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:43:29.0737 13836 WdiServiceHost - ok 18:43:29.0747 13836 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:43:29.0796 13836 WdiSystemHost - ok 18:43:29.0837 13836 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 18:43:29.0891 13836 WebClient - ok 18:43:29.0919 13836 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:43:30.0017 13836 Wecsvc - ok 18:43:30.0049 13836 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:43:30.0170 13836 wercplsupport - ok 18:43:30.0194 13836 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 18:43:30.0264 13836 WerSvc - ok 18:43:30.0321 13836 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:43:30.0390 13836 WfpLwf - ok 18:43:30.0431 13836 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:43:30.0443 13836 WIMMount - ok 18:43:30.0706 13836 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 18:43:30.0788 13836 WinDefend - ok 18:43:30.0801 13836 WinHttpAutoProxySvc - ok 18:43:30.0886 13836 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:43:30.0990 13836 Winmgmt - ok 18:43:31.0051 13836 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 18:43:31.0285 13836 WinRM - ok 18:43:31.0503 13836 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 18:43:31.0670 13836 Wlansvc - ok 18:43:31.0714 13836 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:43:31.0843 13836 WmiAcpi - ok 18:43:31.0880 13836 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:43:31.0923 13836 wmiApSrv - ok 18:43:32.0038 13836 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 18:43:32.0135 13836 WMPNetworkSvc - ok 18:43:32.0168 13836 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:43:32.0198 13836 WPCSvc - ok 18:43:32.0234 13836 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:43:32.0333 13836 WPDBusEnum - ok 18:43:32.0375 13836 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:43:32.0470 13836 ws2ifsl - ok 18:43:32.0512 13836 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 18:43:32.0759 13836 wscsvc - ok 18:43:32.0778 13836 WSearch - ok 18:43:33.0357 13836 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 18:43:33.0428 13836 wuauserv - ok 18:43:33.0504 13836 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:43:33.0537 13836 WudfPf - ok 18:43:33.0567 13836 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:43:33.0680 13836 WUDFRd - ok 18:43:33.0747 13836 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:43:33.0800 13836 wudfsvc - ok 18:43:33.0857 13836 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll 18:43:33.0908 13836 WwanSvc - ok 18:43:33.0937 13836 ================ Scan global =============================== 18:43:33.0973 13836 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 18:43:34.0031 13836 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 18:43:34.0041 13836 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 18:43:34.0080 13836 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 18:43:34.0156 13836 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 18:43:34.0171 13836 [Global] - ok 18:43:34.0174 13836 ================ Scan MBR ================================== 18:43:34.0226 13836 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:43:41.0486 13836 \Device\Harddisk0\DR0 - ok 18:43:41.0488 13836 ================ Scan VBR ================================== 18:43:41.0492 13836 [ 141B1B633DB405E447E255D0AE10E9FB ] \Device\Harddisk0\DR0\Partition1 18:43:41.0493 13836 \Device\Harddisk0\DR0\Partition1 - ok 18:43:41.0518 13836 [ 234F1169A687D87A5893F9F6B7D2CD54 ] \Device\Harddisk0\DR0\Partition2 18:43:41.0519 13836 \Device\Harddisk0\DR0\Partition2 - ok 18:43:41.0521 13836 ============================================================ 18:43:41.0521 13836 Scan finished 18:43:41.0521 13836 ============================================================ 18:43:41.0531 5184 Detected object count: 3 18:43:41.0531 5184 Actual detected object count: 3 18:44:17.0301 5184 ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user 18:44:17.0301 5184 ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:44:17.0302 5184 sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user 18:44:17.0302 5184 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:44:17.0304 5184 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 18:44:17.0304 5184 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip Louco |
31.05.2013, 18:19 | #6 |
/// Malware-holic | delta-search.com Hi, Scan mit Combofix
__________________ --> delta-search.com |
01.06.2013, 14:46 | #7 | |
| delta-search.com So wie du es beschrieben hast ,habe ich es gemacht. Dann kamm dies Schwarzer hintergrund ein blaues fenster wo drin stand das combofix gestartet wird und das scannen etwas weniger als das doppelt von 10 minuten. habe ich auch gemacht und lies den rechner hinruh, nach etwas länger als eine halbe stunde wo sich nichts mehr tat habe ich abgebrochen, von eine C:\Combofix.tx ist nicht da. Louco Zitat:
Louco |
02.06.2013, 12:15 | #8 |
/// Malware-holic | delta-search.com starte neu, wähle via f8 abgesicherter Modus, melde dich in deinem Konto an und lass combofix noch mal laufen, solange Stufen fertig gestelt werden, warte ab. dann wieder in den normalen Modus und Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.06.2013, 21:23 | #9 |
| delta-search.com Hallo jetzt hats geklappt hier Louco |
03.06.2013, 11:22 | #10 |
/// Malware-holic | delta-search.com Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.06.2013, 19:48 | #11 |
| delta-search.com Hallo hier bin ich wieder, es wurde nichts gefunden haber das problem ist immer noch siehe anhang (Aufnahme25). Louco |
03.06.2013, 19:52 | #12 |
/// Malware-holic | delta-search.com Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.06.2013, 20:16 | #13 |
| delta-search.com Hallo hier Louco |
03.06.2013, 20:21 | #14 |
/// Malware-holic | delta-search.com deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: BrowserProtect IncrediMail : würde ich durch was sicheres ersetzen wi thunderbird J2SE TuneUp : verzcihte auf solchen unsinn, viele Funktionen können dem pc schaden, oder bringen im besten Fall nichts. öffne ccleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
03.06.2013, 20:42 | #15 |
| delta-search.com Hallo meinst du das so beim adobe reader, bei javascript Louco |
Themen zu delta-search.com |
browser, deinstalliert, direckt, firefox, funktionen, gefunde, hallo zusammen, irgend, klicke, mozilla, mozilla firefox, neuer, ordnung, problem, programme, programme und funktionen, sobald, tab, zusammen |