|
Plagegeister aller Art und deren Bekämpfung: Mail delivery failed Nachrichten und außerdem Balue ScreenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.06.2013, 13:49 | #1 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Guten Tag Ich bekomme jede Miunute eine Mail (Outlook 2007 ) mit der Titel Mail Delivery und außerdem jede Stunde einmal kommt eine Blaue Seite und pc fährt sofort runter und bitte um Hilfe, hier sind die Dataien :OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.06.2013 14:13:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hotel Tourist\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 68,36% Memory free 7,83 Gb Paging File | 6,52 Gb Available in Paging File | 83,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 804,28 Gb Free Space | 88,74% Space Free | Partition Type: NTFS Computer Name: HOTELTOURIST-PC | User Name: Hotel Tourist | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hotel Tourist\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) PRC - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (Microsoft) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.) PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () MOD - C:\Program Files (x86)\Brother\Brmfl10f\brrunpp.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (aswKbd) -- C:\windows\SysNative\drivers\aswKbd.sys (AVAST Software) DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.) DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm179^YY^de&si=226019352&ptb=35BBDA33-F493-4FC6-B6F6-B0D6DFA52D59&ind=2013032304&n=77fc6f70&psa=&st=sb&searchfor={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A6 DD ED FE 4F CE 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=746C4437E64CBA98 IE - HKCU\..\SearchScopes\{15449AE1-C3F5-475E-A34C-61299E3B328B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a0c8f483-dd6b-41e4-85f4-36b1e8ba6b49&apn_sauid=CD20646F-1706-4CDE-81DE-D7C61EE992EB IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE453DE453 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.hrs.de/web3/showSessionTimeout.do;jsessionid=C9EBD03F212CE69E2CA97CEF01F35DCD.50-2?activity=showSessionError&branch=30205010&cid=50-2&clientId=ZGVfX05FWFQ-|https://www.google.de/" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.09 04:17:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 00:53:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 02:48:46 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.09 04:17:02 | 000,000,000 | ---D | M] [2013.04.09 04:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions [2013.04.09 04:17:02 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.06.09 13:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions [2012.05.29 21:16:43 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f} [2013.05.10 09:17:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.14 00:16:45 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013.05.13 15:18:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\plugin@yontoo.com [2013.06.09 13:45:02 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\toolbar@ask.com [2013.04.20 10:45:00 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\compatibility@addons.mozilla.org.xpi [2012.07.24 23:58:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.09 09:17:03 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.06.09 13:45:02 | 000,002,344 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\askcom.xml [2013.05.13 15:18:45 | 000,006,505 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\babylon.xml [2013.05.13 15:18:56 | 000,001,294 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\delta.xml [2013.06.06 21:06:09 | 000,001,211 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\search.xml [2013.05.24 00:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 00:53:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.04.12 21:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.04.12 21:33:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2005.04.05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPJinit13122.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www1.delta-search.com/?affID=120519&tt=gc_&babsrc=HP_ss&mntrId=746C4437E64CBA98 CHR - plugin: Standardprofil (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Error reading preferences file CHR - Extension: YouTube = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: SpeedAnalysis.com = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1\ CHR - Extension: Google-Suche = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\ CHR - Extension: No name found = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.2_1\ CHR - Extension: avast! Online Security = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\ CHR - Extension: Iminent Toolbar = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\2.0.0.0_0\ CHR - Extension: Google Mail = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011.10.20 10:33:34 | 000,436,431 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15019 more lines... O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111017014348.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111017014348.dll (McAfee, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://192.168.2.150:888/DVRemoteAx.cab (DVRemoteControl Class) O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22) O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3D4DD4-56AD-45B0-B74D-D660E8A85F1C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0be50621-6e2c-11e1-867b-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{0be50621-6e2c-11e1-867b-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{c459c83a-856c-11e1-9bb2-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{c459c83a-856c-11e1-9bb2-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (sdnclean64.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 14:00:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hotel Tourist\Desktop\OTL.exe [2013.06.09 13:50:27 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Avira [2013.06.09 13:45:55 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.09 13:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.06.09 13:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.06.09 13:44:38 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Local\APN [2013.06.09 13:44:21 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.06.09 13:44:21 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.06.09 13:44:21 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.06.09 13:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.06.09 13:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.06.09 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Malwarebytes [2013.06.09 13:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.06.09 13:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.09 13:32:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.06.09 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.09 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Local\Programs [2013.06.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\.jinit [2013.06.07 17:23:19 | 000,000,000 | ---D | C] -- C:\Intel [2013.06.07 17:16:01 | 000,000,000 | ---D | C] -- C:\avast! sandbox [2013.06.06 21:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\2544a4 [2013.05.18 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner-Dateien [2013.05.16 00:01:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.05.16 00:01:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.05.16 00:01:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.05.16 00:01:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013.05.16 00:01:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.05.16 00:01:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.05.16 00:01:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.05.16 00:01:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.05.16 00:01:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.05.16 00:01:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.05.16 00:01:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.05.16 00:01:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013.05.16 00:01:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.05.16 00:01:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.05.16 00:01:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.05.15 14:52:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.05.15 14:52:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll [2013.05.15 14:51:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.05.15 14:51:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll [2013.05.15 14:51:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.05.15 14:51:56 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe [2013.05.15 14:51:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll [2013.05.13 15:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller [2013.05.13 15:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer [2013.05.13 15:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL [2013.05.13 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Yontoo [2013.05.13 15:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2013.05.13 15:18:39 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Babylon [2013.05.13 15:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2011.06.22 11:35:30 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 14:12:12 | 000,330,411 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.06.09 14:12:07 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.09 14:11:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.06.09 14:11:29 | 3152,277,504 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 14:11:28 | 566,538,846 | ---- | M] () -- C:\windows\MEMORY.DMP [2013.06.09 14:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hotel Tourist\Desktop\OTL.exe [2013.06.09 13:50:05 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 13:50:05 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 13:47:18 | 001,630,122 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.06.09 13:47:18 | 000,703,026 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.06.09 13:47:18 | 000,657,738 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.06.09 13:47:18 | 000,150,348 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.06.09 13:47:18 | 000,123,136 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.06.09 13:45:43 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys [2013.06.09 13:37:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.06.09 13:32:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.09 13:26:28 | 000,019,658 | ---- | M] () -- C:\Users\Hotel Tourist\Documents\cc_20130609_132623.reg [2013.06.09 13:18:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.09 07:44:49 | 000,000,152 | ---- | M] () -- C:\windows\Brfaxrx.ini [2013.06.06 15:29:00 | 000,083,264 | ---- | M] () -- C:\Users\Hotel Tourist\Desktop\Internet-CheckIn-Boarding-Docs.pdf [2013.06.05 17:07:24 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013.05.24 14:11:30 | 000,001,087 | ---- | M] () -- C:\windows\Brpfx04a.ini [2013.05.18 18:30:16 | 000,045,361 | ---- | M] () -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner.htm [2013.05.16 00:24:15 | 000,428,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.05.15 10:37:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.05.15 10:37:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.13 15:24:13 | 000,002,599 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013.05.13 15:13:50 | 000,003,584 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.13 11:39:48 | 000,066,477 | ---- | M] () -- C:\Users\Hotel Tourist\Documents\Vasilca Aurelia, Bewerbung um eine Stelle als Hausdame.pdf [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 14:11:28 | 566,538,846 | ---- | C] () -- C:\windows\MEMORY.DMP [2013.06.09 13:32:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.06.09 13:26:25 | 000,019,658 | ---- | C] () -- C:\Users\Hotel Tourist\Documents\cc_20130609_132623.reg [2013.06.06 15:29:00 | 000,083,264 | ---- | C] () -- C:\Users\Hotel Tourist\Desktop\Internet-CheckIn-Boarding-Docs.pdf [2013.05.18 18:30:13 | 000,045,361 | ---- | C] () -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner.htm [2013.05.13 15:24:13 | 000,002,599 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk [2013.05.13 15:13:50 | 000,003,584 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.13 11:39:46 | 000,066,477 | ---- | C] () -- C:\Users\Hotel Tourist\Documents\Vasilca Aurelia, Bewerbung um eine Stelle als Hausdame.pdf [2013.04.25 17:39:01 | 000,000,997 | ---- | C] () -- C:\windows\wininit.ini [2013.02.26 18:23:55 | 000,000,060 | R--- | C] () -- C:\Program Files (x86)\BRINST.INI [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.16 17:31:18 | 000,004,096 | -H-- | C] () -- C:\Users\Hotel Tourist\AppData\Local\keyfile3.drm [2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.06.26 07:54:16 | 000,058,368 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\gfdebtif [2012.06.26 07:50:15 | 000,000,000 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\SharedSettings.ccs [2012.05.25 19:57:15 | 000,000,648 | ---- | C] () -- C:\windows\SysWow64\iCMS.dat [2012.01.27 23:41:13 | 000,007,625 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\resmon.resmoncfg [2011.12.22 18:05:36 | 000,009,339 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML [2011.12.22 17:57:07 | 000,038,456 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).ADR [2011.12.22 17:54:10 | 000,009,349 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).EML [2011.11.24 00:26:28 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7320.DAT [2011.11.24 00:25:58 | 000,000,152 | ---- | C] () -- C:\windows\Brfaxrx.ini [2011.11.24 00:25:57 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat [2011.11.10 11:05:19 | 000,145,897 | ---- | C] () -- C:\Users\Hotel Tourist\LH_WEBCKI.LI.STANDALONE.1RRKuhLgD90zNzMjCL08d6.pdf [2011.10.25 21:15:00 | 000,001,087 | ---- | C] () -- C:\windows\Brpfx04a.ini [2011.10.25 21:15:00 | 000,000,168 | ---- | C] () -- C:\windows\brpcfx.ini [2011.10.25 21:14:50 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI [2011.10.25 21:14:31 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL [2011.10.25 21:14:27 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI [2011.10.24 16:06:25 | 000,002,414 | ---- | C] () -- C:\Users\Hotel Tourist\jinitiator13125.trace [2011.10.22 06:45:13 | 001,607,080 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.10.19 19:46:22 | 000,000,600 | ---- | C] () -- C:\windows\nsreg.dat [2011.10.19 19:34:50 | 000,036,962 | ---- | C] () -- C:\windows\SysWow64\ActPanel.dll [2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.06.22 12:15:34 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.06.22 12:15:33 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.06.22 11:23:49 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011.06.22 11:22:06 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1CE11B51 @Alternate Data Stream - 143 bytes -> C:\Users\Hotel Tourist\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML:OECustomProperty @Alternate Data Stream - 143 bytes -> C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).EML:OECustomProperty < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 14:13:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hotel Tourist\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 68,36% Memory free 7,83 Gb Paging File | 6,52 Gb Available in Paging File | 83,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 804,28 Gb Free Space | 88,74% Space Free | Partition Type: NTFS Computer Name: HOTELTOURIST-PC | User Name: Hotel Tourist | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) .reg[@ = regfile] -- C:\windows\regedit.exe () [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .reg [@ = regfile] -- C:\windows\regedit.exe () [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Hotel Tourist\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" () regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Users\Hotel Tourist\AppData\Roaming\File Scout\filescout.exe" /open "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{20483FF3-4755-4168-8A8A-3B0909694136}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2A35F9F8-3B21-46EF-B6C5-707A26A47889}" = lport=137 | protocol=17 | dir=in | app=system | "{2E17D0AE-9BFF-4734-ABDD-C5817A6A6B61}" = rport=138 | protocol=17 | dir=out | app=system | "{2EA288B2-4E53-46AF-9922-2C597797CEBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4405CA93-1CEC-4231-A770-12E73BA9BCFD}" = lport=138 | protocol=17 | dir=in | app=system | "{48A629FD-C119-414B-AAA8-59A099D0368C}" = lport=445 | protocol=6 | dir=in | app=system | "{6F4F9053-D8CA-4028-BF5C-F85070040D2F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{708076D2-3B77-45C5-8233-EC63C0AA01D4}" = lport=139 | protocol=6 | dir=in | app=system | "{A3EE56EB-6AD6-4B2A-90D2-D8E41328043A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A8AD2EF9-177B-4CCA-AC12-280DA44865E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{B944573B-9BD7-41BB-BE08-B45F42655200}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{BCFA9B6A-1DF8-44B1-AA76-15E799B93067}" = rport=139 | protocol=6 | dir=out | app=system | "{BDD4E400-F834-4F4D-A9DE-DF64E22199CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CD29F2B5-0E19-4A55-9D42-4684D33B7CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CE85521F-CFAF-4627-9316-29BDAD09508D}" = rport=445 | protocol=6 | dir=out | app=system | "{E25372CE-3567-422F-8489-FABDEDCCFF06}" = rport=137 | protocol=17 | dir=out | app=system | "{E4A2C3EB-8C60-4785-A334-BEEFE818BC18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F12F10F2-81BB-4B30-8DAA-7F8E9CABB9E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027F1924-9D36-4950-82F8-88E1B0812CA3}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{073A4A6B-687E-4B6A-879A-CBFDC64DF125}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{1F68DD21-17D2-4C9A-A10D-CBFD482957C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{28F7CD5D-7606-4DB5-A66C-6B096326F036}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{2B133060-FC50-4DC6-8B20-6571E11DDDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{359002F8-2C19-43A8-969A-5E9923C493BA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{49B3B6BC-4D35-45A9-9D54-E07E05307664}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{58F693BA-3E9B-45FE-8D19-6DE1609ACB3A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{6485064B-4A7C-428F-A0B6-DFAAEBAA8FBD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{7AD6FE2C-CCDB-45FC-B3DD-C38E5F353241}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{86E0276B-624A-403D-8287-6576B35742D2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{88561F2A-894B-446E-B23C-21224AD0FFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{92D17F70-2566-4AE1-B487-00B7329B2930}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{95F70F3B-CF84-42A1-8072-12954EC8C3EC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{9A84D06E-6859-4BB4-BA83-265A4B8A5AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A2FCB489-0D27-46CC-B78A-87FD4D34FD8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B6AB7F83-B351-4B7D-8335-27A9E7B06FD4}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{C2AC50F0-7B50-4EAA-AE04-90EB8A53DA4D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C8477BE2-342A-42F2-A312-FC91CF55D2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | "{CD634C02-7466-42E5-A766-504DCB780C6E}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{DC48C796-0E51-490B-8C3E-8A0DF453F16E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{F2299B20-6DF3-4481-AA34-327288CCE9BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "TCP Query User{2A0565F1-9178-44D4-889B-2E19721B5D99}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{3C8AF33A-FBCC-4B9B-A06F-FE8120DCE833}C:\users\hotel tourist\appdata\roaming\evoz\mocab.exe" = protocol=6 | dir=in | app=c:\users\hotel tourist\appdata\roaming\evoz\mocab.exe | "TCP Query User{831963F3-813C-4A05-954C-5B0F7204B54E}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{92A58D4C-56B5-47AF-B877-B69C434C0F6A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{BDF1E5A1-C127-427F-B177-786C81B1A007}C:\program files (x86)\microsoft office\office12\drat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\drat.exe | "UDP Query User{13DA210D-1B29-4582-B19E-6987383B328C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{328BBDE4-5B7F-484D-9B96-EC9A5EFEAEF1}C:\program files (x86)\microsoft office\office12\drat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\drat.exe | "UDP Query User{7F6F198E-9F6F-4CD3-B76D-492D20AEC67E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{CFA5868F-ACB1-43BB-B13B-BFB84AD6EABF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{D6EA648A-27D6-47D0-B4DC-393D793B4313}C:\users\hotel tourist\appdata\roaming\evoz\mocab.exe" = protocol=17 | dir=in | app=c:\users\hotel tourist\appdata\roaming\evoz\mocab.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PROSet" = Intel(R) Network Connections Drivers "WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5 "{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6BF6FA12-4DA0-4BBD-A91C-81B1A1DDCE74}" = iCMS "{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90DEECCD-DDD3-41F1-9DBE-19C851253912}" = Remote Viewer "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22 "{CAFECAFE-0013-0001-0125-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.25 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "DomaIQ Uninstaller" = DomaIQ "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Micros Fidelio Opera Print Control" = Micros Fidelio Opera Print Control "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 12.15.1748" = Opera 12.15 "Revo Uninstaller" = Revo Uninstaller 1.94 "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VideoPerformer" = VideoPerformer "VMware_Workstation" = VMware Workstation ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.06.2013 14:02:00 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 07.06.2013 14:49:08 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 07.06.2013 15:03:42 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 07.06.2013 15:46:16 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 07.06.2013 16:06:07 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 07.06.2013 19:36:02 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 08.06.2013 00:28:28 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 08.06.2013 01:15:18 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10 Description = Error - 08.06.2013 01:17:23 | Computer Name = HotelTourist-PC | Source = ESENT | ID = 453 Description = taskhost (2420) WebCacheLocal: Die Datenbank 'C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat' erfordert die Protokolldateien '2062' - '2063' (C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\V010080E.log - C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\V01.log) für eine erfolgreiche Wiederherstellung. Es wurden nur Protokolldateien bis '2062' (C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\V010080E.log) gefunden. Error - 08.06.2013 01:17:23 | Computer Name = HotelTourist-PC | Source = ESENT | ID = 454 Description = taskhost (2420) WebCacheLocal: Bei Datenbankwiederherstellung trat ein unerwarteter Fehler -543 auf. [ OSession Events ] Error - 13.03.2012 03:06:13 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89544 seconds with 6780 seconds of active time. This session ended with a crash. Error - 21.03.2012 11:04:26 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22384 seconds with 2880 seconds of active time. This session ended with a crash. Error - 28.03.2012 05:40:58 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16349 seconds with 3420 seconds of active time. This session ended with a crash. Error - 29.03.2012 08:00:08 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 86810 seconds with 2520 seconds of active time. This session ended with a crash. Error - 12.04.2012 10:49:22 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35370 seconds with 5520 seconds of active time. This session ended with a crash. Error - 13.04.2012 09:10:32 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2009 seconds with 1080 seconds of active time. This session ended with a crash. Error - 25.04.2012 07:35:48 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 196440 seconds with 12420 seconds of active time. This session ended with a crash. Error - 07.03.2013 06:55:48 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 423686 seconds with 18000 seconds of active time. This session ended with a crash. Error - 02.04.2013 07:39:02 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 434373 seconds with 14760 seconds of active time. This session ended with a crash. Error - 31.05.2013 13:04:44 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 278947 seconds with 15960 seconds of active time. This session ended with a crash. [ System Events ] Error - 08.06.2013 10:51:47 | Computer Name = HotelTourist-PC | Source = BugCheck | ID = 1001 Description = Error - 08.06.2013 11:06:09 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?06.?2013 um 17:05:12 unerwartet heruntergefahren. Error - 08.06.2013 11:06:10 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001 Description = Error - 08.06.2013 11:23:01 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?06.?2013 um 17:21:03 unerwartet heruntergefahren. Error - 08.06.2013 11:23:04 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001 Description = Error - 08.06.2013 14:45:25 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?08.?06.?2013 um 20:43:56 unerwartet heruntergefahren. Error - 08.06.2013 14:45:29 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001 Description = Error - 09.06.2013 07:41:20 | Computer Name = HotelTourist-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 09.06.2013 08:11:38 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?09.?06.?2013 um 14:09:41 unerwartet heruntergefahren. Error - 09.06.2013 08:11:42 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001 Description = < End of report > GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-06-09 14:38:54 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3FE 931,51GB Running: gmer_2.1.19163.exe; Driver: C:\Users\HOTELT~1\AppData\Local\Temp\kxrcrpog.sys ---- Kernel code sections - GMER 2.1 ---- PAGE C:\windows\system32\ntoskrnl.exe!NtResumeThread fffff8000337df50 1 byte INT3 ---- User code sections - GMER 2.1 ---- .text C:\windows\Explorer.EXE[1780] C:\windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a01830 1 byte [FB] .text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[1208] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77] .text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[1208] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77] .text ... * 2 .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77] .text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77] .text ... * 2 .text C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe[3728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77] .text C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe[3728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77] .text ... * 2 .text C:\windows\explorer.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a01830 1 byte [FB] ---- Threads - GMER 2.1 ---- Thread C:\windows\Explorer.EXE [1780:3024] 0000000001f9e7b4 Thread C:\windows\Explorer.EXE [1780:3028] 0000000001fa25ec Thread C:\windows\explorer.exe [4492:4584] 000000000018e7b4 Thread C:\windows\explorer.exe [4492:4588] 00000000001925ec Thread C:\windows\explorer.exe [4492:4792] 0000000000189aa2 ---- EOF - GMER 2.1 ---- habe auch Antimalware durchgeführt und wurde keine infizierte Dataien gefunden.. Freue mich auf eine baldige Antwort VG Geändert von Da GuRu (09.06.2013 um 18:12 Uhr) |
09.06.2013, 13:53 | #2 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen Hi,
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
09.06.2013, 14:07 | #3 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi,Hier ist das Ergebniss:
__________________15:02:08.0625 4092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:02:08.0725 4092 ============================================================ 15:02:08.0725 4092 Current date / time: 2013/06/09 15:02:08.0725 15:02:08.0725 4092 SystemInfo: 15:02:08.0725 4092 15:02:08.0725 4092 OS Version: 6.1.7601 ServicePack: 1.0 15:02:08.0725 4092 Product type: Workstation 15:02:08.0725 4092 ComputerName: HOTELTOURIST-PC 15:02:08.0725 4092 UserName: Hotel Tourist 15:02:08.0725 4092 Windows directory: C:\windows 15:02:08.0725 4092 System windows directory: C:\windows 15:02:08.0725 4092 Running under WOW64 15:02:08.0725 4092 Processor architecture: Intel x64 15:02:08.0725 4092 Number of processors: 4 15:02:08.0725 4092 Page size: 0x1000 15:02:08.0725 4092 Boot type: Normal boot 15:02:08.0725 4092 ============================================================ 15:02:09.0755 4092 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:02:09.0755 4092 ============================================================ 15:02:09.0755 4092 \Device\Harddisk0\DR0: 15:02:09.0755 4092 MBR partitions: 15:02:09.0755 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:02:09.0755 4092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800 15:02:09.0755 4092 ============================================================ 15:02:09.0785 4092 C: <-> \Device\Harddisk0\DR0\Partition2 15:02:09.0785 4092 ============================================================ 15:02:09.0785 4092 Initialize success 15:02:09.0785 4092 ============================================================ 15:03:18.0295 2812 ============================================================ 15:03:18.0295 2812 Scan started 15:03:18.0295 2812 Mode: Manual; SigCheck; TDLFS; 15:03:18.0295 2812 ============================================================ 15:03:18.0555 2812 ================ Scan system memory ======================== 15:03:18.0555 2812 System memory - ok 15:03:18.0555 2812 ================ Scan services ============================= 15:03:18.0665 2812 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 15:03:18.0785 2812 1394ohci - ok 15:03:18.0805 2812 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 15:03:18.0815 2812 ACPI - ok 15:03:18.0835 2812 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 15:03:18.0895 2812 AcpiPmi - ok 15:03:18.0955 2812 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:03:18.0975 2812 AdobeARMservice - ok 15:03:19.0085 2812 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:03:19.0105 2812 AdobeFlashPlayerUpdateSvc - ok 15:03:19.0135 2812 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 15:03:19.0155 2812 adp94xx - ok 15:03:19.0185 2812 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 15:03:19.0205 2812 adpahci - ok 15:03:19.0215 2812 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 15:03:19.0225 2812 adpu320 - ok 15:03:19.0255 2812 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 15:03:19.0385 2812 AeLookupSvc - ok 15:03:19.0415 2812 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 15:03:19.0465 2812 AFD - ok 15:03:19.0495 2812 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 15:03:19.0505 2812 agp440 - ok 15:03:19.0525 2812 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 15:03:19.0565 2812 ALG - ok 15:03:19.0585 2812 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 15:03:19.0605 2812 aliide - ok 15:03:19.0605 2812 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 15:03:19.0615 2812 amdide - ok 15:03:19.0635 2812 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 15:03:19.0665 2812 AmdK8 - ok 15:03:19.0685 2812 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 15:03:19.0715 2812 AmdPPM - ok 15:03:19.0745 2812 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 15:03:19.0755 2812 amdsata - ok 15:03:19.0765 2812 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 15:03:19.0785 2812 amdsbs - ok 15:03:19.0795 2812 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 15:03:19.0805 2812 amdxata - ok 15:03:19.0945 2812 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:03:19.0965 2812 AntiVirSchedulerService - ok 15:03:19.0995 2812 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:03:20.0015 2812 AntiVirService - ok 15:03:20.0045 2812 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:03:20.0055 2812 AntiVirWebService - ok 15:03:20.0105 2812 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 15:03:20.0355 2812 AppID - ok 15:03:20.0375 2812 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 15:03:20.0415 2812 AppIDSvc - ok 15:03:20.0435 2812 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll 15:03:20.0455 2812 Appinfo - ok 15:03:20.0485 2812 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 15:03:20.0495 2812 arc - ok 15:03:20.0505 2812 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 15:03:20.0525 2812 arcsas - ok 15:03:20.0585 2812 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 15:03:20.0605 2812 aspnet_state - ok 15:03:20.0675 2812 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys 15:03:20.0685 2812 aswKbd - ok 15:03:20.0705 2812 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 15:03:20.0755 2812 AsyncMac - ok 15:03:20.0775 2812 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 15:03:20.0785 2812 atapi - ok 15:03:20.0865 2812 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys 15:03:20.0965 2812 atikmdag - ok 15:03:21.0005 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 15:03:21.0095 2812 AudioEndpointBuilder - ok 15:03:21.0105 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 15:03:21.0135 2812 AudioSrv - ok 15:03:21.0185 2812 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 15:03:21.0215 2812 avgntflt - ok 15:03:21.0235 2812 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 15:03:21.0255 2812 avipbb - ok 15:03:21.0265 2812 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 15:03:21.0275 2812 avkmgr - ok 15:03:21.0305 2812 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 15:03:21.0345 2812 AxInstSV - ok 15:03:21.0385 2812 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 15:03:21.0435 2812 b06bdrv - ok 15:03:21.0465 2812 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 15:03:21.0505 2812 b57nd60a - ok 15:03:21.0555 2812 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 15:03:21.0605 2812 BDESVC - ok 15:03:21.0635 2812 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 15:03:21.0705 2812 Beep - ok 15:03:21.0735 2812 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 15:03:21.0775 2812 BFE - ok 15:03:21.0805 2812 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 15:03:21.0855 2812 BITS - ok 15:03:21.0885 2812 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 15:03:21.0915 2812 blbdrive - ok 15:03:21.0935 2812 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 15:03:21.0975 2812 bowser - ok 15:03:21.0985 2812 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys 15:03:21.0995 2812 BPntDrv - ok 15:03:22.0015 2812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 15:03:22.0045 2812 BrFiltLo - ok 15:03:22.0065 2812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 15:03:22.0085 2812 BrFiltUp - ok 15:03:22.0095 2812 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 15:03:22.0135 2812 Browser - ok 15:03:22.0155 2812 [ 63A00CDBEB300522C49EC7CA77324060 ] BrSerIb C:\windows\system32\DRIVERS\BrSerIb.sys 15:03:22.0175 2812 BrSerIb - ok 15:03:22.0195 2812 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 15:03:22.0245 2812 Brserid - ok 15:03:22.0255 2812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 15:03:22.0285 2812 BrSerWdm - ok 15:03:22.0305 2812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 15:03:22.0335 2812 BrUsbMdm - ok 15:03:22.0345 2812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 15:03:22.0375 2812 BrUsbSer - ok 15:03:22.0415 2812 [ BBCFD6C6EF66449F55AF1BFDB08C9B12 ] BrUsbSIb C:\windows\system32\DRIVERS\BrUsbSIb.sys 15:03:22.0425 2812 BrUsbSIb - ok 15:03:22.0455 2812 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 15:03:22.0465 2812 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 15:03:22.0465 2812 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 15:03:22.0485 2812 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 15:03:22.0515 2812 BTHMODEM - ok 15:03:22.0545 2812 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 15:03:22.0575 2812 bthserv - ok 15:03:22.0595 2812 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 15:03:22.0645 2812 cdfs - ok 15:03:22.0685 2812 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 15:03:22.0715 2812 cdrom - ok 15:03:22.0735 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 15:03:22.0785 2812 CertPropSvc - ok 15:03:22.0815 2812 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\windows\system32\drivers\cfwids.sys 15:03:22.0825 2812 cfwids - ok 15:03:22.0835 2812 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 15:03:22.0855 2812 circlass - ok 15:03:22.0875 2812 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 15:03:22.0895 2812 CLFS - ok 15:03:22.0945 2812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:03:22.0955 2812 clr_optimization_v2.0.50727_32 - ok 15:03:22.0985 2812 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:03:22.0995 2812 clr_optimization_v2.0.50727_64 - ok 15:03:23.0055 2812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:03:23.0065 2812 clr_optimization_v4.0.30319_32 - ok 15:03:23.0075 2812 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:03:23.0095 2812 clr_optimization_v4.0.30319_64 - ok 15:03:23.0115 2812 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys 15:03:23.0145 2812 CmBatt - ok 15:03:23.0165 2812 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 15:03:23.0175 2812 cmdide - ok 15:03:23.0215 2812 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys 15:03:23.0245 2812 CNG - ok 15:03:23.0255 2812 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 15:03:23.0275 2812 Compbatt - ok 15:03:23.0285 2812 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 15:03:23.0315 2812 CompositeBus - ok 15:03:23.0325 2812 COMSysApp - ok 15:03:23.0365 2812 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe 15:03:23.0375 2812 cphs - ok 15:03:23.0405 2812 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 15:03:23.0425 2812 crcdisk - ok 15:03:23.0455 2812 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 15:03:23.0515 2812 CryptSvc - ok 15:03:23.0545 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 15:03:23.0605 2812 DcomLaunch - ok 15:03:23.0645 2812 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 15:03:23.0695 2812 defragsvc - ok 15:03:23.0715 2812 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 15:03:23.0765 2812 DfsC - ok 15:03:23.0785 2812 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 15:03:23.0845 2812 Dhcp - ok 15:03:23.0865 2812 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 15:03:23.0915 2812 discache - ok 15:03:23.0935 2812 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 15:03:23.0955 2812 Disk - ok 15:03:23.0975 2812 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 15:03:24.0005 2812 Dnscache - ok 15:03:24.0025 2812 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 15:03:24.0065 2812 dot3svc - ok 15:03:24.0075 2812 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 15:03:24.0125 2812 DPS - ok 15:03:24.0155 2812 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 15:03:24.0185 2812 drmkaud - ok 15:03:24.0225 2812 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 15:03:24.0255 2812 DXGKrnl - ok 15:03:24.0285 2812 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys 15:03:24.0295 2812 e1cexpress - ok 15:03:24.0325 2812 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 15:03:24.0365 2812 EapHost - ok 15:03:24.0415 2812 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 15:03:24.0475 2812 ebdrv - ok 15:03:24.0505 2812 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 15:03:24.0555 2812 EFS - ok 15:03:24.0595 2812 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 15:03:24.0665 2812 ehRecvr - ok 15:03:24.0685 2812 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 15:03:24.0695 2812 ehSched - ok 15:03:24.0735 2812 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 15:03:24.0755 2812 elxstor - ok 15:03:24.0765 2812 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 15:03:24.0795 2812 ErrDev - ok 15:03:24.0855 2812 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 15:03:24.0905 2812 EventSystem - ok 15:03:24.0915 2812 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 15:03:24.0955 2812 exfat - ok 15:03:24.0955 2812 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 15:03:25.0005 2812 fastfat - ok 15:03:25.0025 2812 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 15:03:25.0075 2812 Fax - ok 15:03:25.0095 2812 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys 15:03:25.0105 2812 fbfmon - ok 15:03:25.0115 2812 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 15:03:25.0155 2812 fdc - ok 15:03:25.0175 2812 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 15:03:25.0205 2812 fdPHost - ok 15:03:25.0215 2812 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 15:03:25.0245 2812 FDResPub - ok 15:03:25.0265 2812 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 15:03:25.0275 2812 FileInfo - ok 15:03:25.0285 2812 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 15:03:25.0365 2812 Filetrace - ok 15:03:25.0405 2812 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 15:03:25.0455 2812 flpydisk - ok 15:03:25.0485 2812 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 15:03:25.0505 2812 FltMgr - ok 15:03:25.0545 2812 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll 15:03:25.0575 2812 FontCache - ok 15:03:25.0615 2812 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:03:25.0635 2812 FontCache3.0.0.0 - ok 15:03:25.0655 2812 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 15:03:25.0675 2812 FsDepends - ok 15:03:25.0695 2812 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 15:03:25.0715 2812 Fs_Rec - ok 15:03:25.0735 2812 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 15:03:25.0755 2812 fvevol - ok 15:03:25.0775 2812 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 15:03:25.0795 2812 gagp30kx - ok 15:03:25.0815 2812 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 15:03:25.0855 2812 gpsvc - ok 15:03:25.0865 2812 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:03:25.0875 2812 gupdate - ok 15:03:25.0895 2812 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:03:25.0905 2812 gupdatem - ok 15:03:25.0925 2812 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\windows\system32\drivers\hcmon.sys 15:03:25.0935 2812 hcmon - ok 15:03:25.0955 2812 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 15:03:26.0005 2812 hcw85cir - ok 15:03:26.0025 2812 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 15:03:26.0055 2812 HdAudAddService - ok 15:03:26.0095 2812 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 15:03:26.0125 2812 HDAudBus - ok 15:03:26.0125 2812 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 15:03:26.0135 2812 HidBatt - ok 15:03:26.0155 2812 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 15:03:26.0175 2812 HidBth - ok 15:03:26.0195 2812 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 15:03:26.0215 2812 HidIr - ok 15:03:26.0235 2812 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 15:03:26.0265 2812 hidserv - ok 15:03:26.0285 2812 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 15:03:26.0295 2812 HidUsb - ok 15:03:26.0315 2812 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 15:03:26.0365 2812 hkmsvc - ok 15:03:26.0375 2812 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 15:03:26.0415 2812 HomeGroupListener - ok 15:03:26.0435 2812 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 15:03:26.0465 2812 HomeGroupProvider - ok 15:03:26.0485 2812 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 15:03:26.0495 2812 HpSAMD - ok 15:03:26.0525 2812 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 15:03:26.0585 2812 HTTP - ok 15:03:26.0605 2812 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 15:03:26.0615 2812 hwpolicy - ok 15:03:26.0665 2812 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 15:03:26.0695 2812 i8042prt - ok 15:03:26.0715 2812 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 15:03:26.0735 2812 iaStorV - ok 15:03:26.0775 2812 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:03:26.0795 2812 idsvc - ok 15:03:26.0895 2812 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 15:03:27.0025 2812 igfx - ok 15:03:27.0055 2812 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 15:03:27.0065 2812 iirsp - ok 15:03:27.0095 2812 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 15:03:27.0145 2812 IKEEXT - ok 15:03:27.0215 2812 [ 62C93ABEC0F8A9A235BF7A86B9FC3A0C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 15:03:27.0275 2812 IntcAzAudAddService - ok 15:03:27.0315 2812 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 15:03:27.0345 2812 IntcDAud - ok 15:03:27.0355 2812 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 15:03:27.0375 2812 intelide - ok 15:03:27.0405 2812 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 15:03:27.0425 2812 intelppm - ok 15:03:27.0455 2812 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 15:03:27.0495 2812 IPBusEnum - ok 15:03:27.0515 2812 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 15:03:27.0545 2812 IpFilterDriver - ok 15:03:27.0595 2812 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 15:03:27.0655 2812 iphlpsvc - ok 15:03:27.0665 2812 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 15:03:27.0685 2812 IPMIDRV - ok 15:03:27.0705 2812 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 15:03:27.0755 2812 IPNAT - ok 15:03:27.0775 2812 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 15:03:27.0805 2812 IRENUM - ok 15:03:27.0815 2812 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 15:03:27.0825 2812 isapnp - ok 15:03:27.0845 2812 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 15:03:27.0865 2812 iScsiPrt - ok 15:03:27.0895 2812 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe 15:03:27.0915 2812 JME Keyboard ( UnsignedFile.Multi.Generic ) - warning 15:03:27.0915 2812 JME Keyboard - detected UnsignedFile.Multi.Generic (1) 15:03:27.0935 2812 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 15:03:27.0945 2812 kbdclass - ok 15:03:27.0965 2812 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 15:03:27.0985 2812 kbdhid - ok 15:03:28.0005 2812 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 15:03:28.0015 2812 KeyIso - ok 15:03:28.0035 2812 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 15:03:28.0055 2812 KSecDD - ok 15:03:28.0065 2812 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 15:03:28.0085 2812 KSecPkg - ok 15:03:28.0095 2812 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 15:03:28.0145 2812 ksthunk - ok 15:03:28.0175 2812 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 15:03:28.0225 2812 KtmRm - ok 15:03:28.0255 2812 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 15:03:28.0305 2812 LanmanServer - ok 15:03:28.0325 2812 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 15:03:28.0365 2812 LanmanWorkstation - ok 15:03:28.0385 2812 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 15:03:28.0435 2812 lltdio - ok 15:03:28.0445 2812 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 15:03:28.0485 2812 lltdsvc - ok 15:03:28.0495 2812 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 15:03:28.0545 2812 lmhosts - ok 15:03:28.0605 2812 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 15:03:28.0625 2812 LMS - ok 15:03:28.0655 2812 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 15:03:28.0675 2812 LSI_FC - ok 15:03:28.0695 2812 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 15:03:28.0705 2812 LSI_SAS - ok 15:03:28.0715 2812 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 15:03:28.0725 2812 LSI_SAS2 - ok 15:03:28.0735 2812 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 15:03:28.0755 2812 LSI_SCSI - ok 15:03:28.0765 2812 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 15:03:28.0805 2812 luafv - ok 15:03:28.0855 2812 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 15:03:28.0865 2812 MBAMProtector - ok 15:03:28.0905 2812 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 15:03:28.0925 2812 MBAMScheduler - ok 15:03:28.0955 2812 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:03:28.0985 2812 MBAMService - ok 15:03:29.0065 2812 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 15:03:29.0085 2812 McNASvc - ok 15:03:29.0115 2812 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 15:03:29.0145 2812 McShield - ok 15:03:29.0165 2812 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 15:03:29.0205 2812 Mcx2Svc - ok 15:03:29.0225 2812 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 15:03:29.0245 2812 megasas - ok 15:03:29.0255 2812 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 15:03:29.0275 2812 MegaSR - ok 15:03:29.0305 2812 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 15:03:29.0315 2812 MEIx64 - ok 15:03:29.0335 2812 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys 15:03:29.0345 2812 mfeapfk - ok 15:03:29.0375 2812 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys 15:03:29.0385 2812 mfeavfk - ok 15:03:29.0395 2812 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 15:03:29.0405 2812 mfefire - ok 15:03:29.0415 2812 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\windows\system32\drivers\mfefirek.sys 15:03:29.0435 2812 mfefirek - ok 15:03:29.0455 2812 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\windows\system32\drivers\mfehidk.sys 15:03:29.0475 2812 mfehidk - ok 15:03:29.0495 2812 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys 15:03:29.0505 2812 mfenlfk - ok 15:03:29.0515 2812 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\windows\system32\drivers\mferkdet.sys 15:03:29.0525 2812 mferkdet - ok 15:03:29.0575 2812 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 15:03:29.0585 2812 mfevtp - ok 15:03:29.0585 2812 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys 15:03:29.0605 2812 mfewfpk - ok 15:03:29.0665 2812 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:03:29.0685 2812 Microsoft Office Groove Audit Service - ok 15:03:29.0705 2812 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 15:03:29.0765 2812 MMCSS - ok 15:03:29.0775 2812 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 15:03:29.0815 2812 Modem - ok 15:03:29.0835 2812 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 15:03:29.0865 2812 monitor - ok 15:03:29.0895 2812 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 15:03:29.0905 2812 mouclass - ok 15:03:29.0925 2812 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 15:03:29.0955 2812 mouhid - ok 15:03:29.0985 2812 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 15:03:29.0995 2812 mountmgr - ok 15:03:30.0065 2812 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:03:30.0085 2812 MozillaMaintenance - ok 15:03:30.0105 2812 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 15:03:30.0115 2812 mpio - ok 15:03:30.0125 2812 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 15:03:30.0155 2812 mpsdrv - ok 15:03:30.0185 2812 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 15:03:30.0245 2812 MpsSvc - ok 15:03:30.0255 2812 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 15:03:30.0285 2812 MRxDAV - ok 15:03:30.0315 2812 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 15:03:30.0365 2812 mrxsmb - ok 15:03:30.0375 2812 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 15:03:30.0395 2812 mrxsmb10 - ok 15:03:30.0395 2812 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 15:03:30.0415 2812 mrxsmb20 - ok 15:03:30.0425 2812 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 15:03:30.0445 2812 msahci - ok 15:03:30.0455 2812 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 15:03:30.0465 2812 msdsm - ok 15:03:30.0485 2812 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 15:03:30.0515 2812 MSDTC - ok 15:03:30.0545 2812 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 15:03:30.0595 2812 Msfs - ok 15:03:30.0615 2812 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 15:03:30.0725 2812 mshidkmdf - ok 15:03:30.0725 2812 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 15:03:30.0735 2812 msisadrv - ok 15:03:30.0755 2812 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 15:03:30.0795 2812 MSiSCSI - ok 15:03:30.0795 2812 msiserver - ok 15:03:30.0805 2812 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 15:03:30.0855 2812 MSKSSRV - ok 15:03:30.0875 2812 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 15:03:30.0915 2812 MSPCLOCK - ok 15:03:30.0925 2812 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 15:03:30.0975 2812 MSPQM - ok 15:03:30.0995 2812 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 15:03:31.0015 2812 MsRPC - ok 15:03:31.0015 2812 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 15:03:31.0025 2812 mssmbios - ok 15:03:31.0035 2812 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 15:03:31.0075 2812 MSTEE - ok 15:03:31.0085 2812 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 15:03:31.0105 2812 MTConfig - ok 15:03:31.0115 2812 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 15:03:31.0125 2812 Mup - ok 15:03:31.0155 2812 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 15:03:31.0205 2812 napagent - ok 15:03:31.0235 2812 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 15:03:31.0275 2812 NativeWifiP - ok 15:03:31.0325 2812 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 15:03:31.0355 2812 NDIS - ok 15:03:31.0365 2812 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 15:03:31.0405 2812 NdisCap - ok 15:03:31.0415 2812 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 15:03:31.0445 2812 NdisTapi - ok 15:03:31.0455 2812 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 15:03:31.0495 2812 Ndisuio - ok 15:03:31.0505 2812 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 15:03:31.0555 2812 NdisWan - ok 15:03:31.0575 2812 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 15:03:31.0605 2812 NDProxy - ok 15:03:31.0635 2812 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 15:03:31.0685 2812 NetBIOS - ok 15:03:31.0705 2812 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 15:03:31.0735 2812 NetBT - ok 15:03:31.0755 2812 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 15:03:31.0775 2812 Netlogon - ok 15:03:31.0805 2812 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 15:03:31.0845 2812 Netman - ok 15:03:31.0895 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:03:31.0925 2812 NetMsmqActivator - ok 15:03:31.0935 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:03:31.0955 2812 NetPipeActivator - ok 15:03:31.0955 2812 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 15:03:32.0005 2812 netprofm - ok 15:03:32.0005 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:03:32.0015 2812 NetTcpActivator - ok 15:03:32.0025 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:03:32.0035 2812 NetTcpPortSharing - ok 15:03:32.0065 2812 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 15:03:32.0075 2812 nfrd960 - ok 15:03:32.0105 2812 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 15:03:32.0125 2812 NlaSvc - ok 15:03:32.0125 2812 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 15:03:32.0165 2812 Npfs - ok 15:03:32.0185 2812 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 15:03:32.0225 2812 nsi - ok 15:03:32.0245 2812 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 15:03:32.0275 2812 nsiproxy - ok 15:03:32.0305 2812 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 15:03:32.0345 2812 Ntfs - ok 15:03:32.0365 2812 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 15:03:32.0395 2812 Null - ok 15:03:32.0415 2812 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 15:03:32.0435 2812 nvraid - ok 15:03:32.0455 2812 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 15:03:32.0465 2812 nvstor - ok 15:03:32.0485 2812 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 15:03:32.0495 2812 nv_agp - ok 15:03:32.0525 2812 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:03:32.0545 2812 odserv - ok 15:03:32.0555 2812 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 15:03:32.0565 2812 ohci1394 - ok 15:03:32.0595 2812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:03:32.0605 2812 ose - ok 15:03:32.0655 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 15:03:32.0705 2812 p2pimsvc - ok 15:03:32.0725 2812 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 15:03:32.0745 2812 p2psvc - ok 15:03:32.0765 2812 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 15:03:32.0805 2812 Parport - ok 15:03:32.0835 2812 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 15:03:32.0855 2812 partmgr - ok 15:03:32.0865 2812 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 15:03:32.0895 2812 PcaSvc - ok 15:03:32.0905 2812 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 15:03:32.0925 2812 pci - ok 15:03:32.0935 2812 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 15:03:32.0945 2812 pciide - ok 15:03:32.0955 2812 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 15:03:32.0975 2812 pcmcia - ok 15:03:32.0975 2812 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 15:03:32.0995 2812 pcw - ok 15:03:33.0055 2812 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe 15:03:33.0075 2812 PDFProFiltSrvPP - ok 15:03:33.0085 2812 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 15:03:33.0145 2812 PEAUTH - ok 15:03:33.0215 2812 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 15:03:33.0245 2812 PerfHost - ok 15:03:33.0305 2812 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 15:03:33.0375 2812 pla - ok 15:03:33.0395 2812 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 15:03:33.0445 2812 PlugPlay - ok 15:03:33.0455 2812 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 15:03:33.0485 2812 PNRPAutoReg - ok 15:03:33.0505 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 15:03:33.0515 2812 PNRPsvc - ok 15:03:33.0545 2812 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 15:03:33.0595 2812 PolicyAgent - ok 15:03:33.0625 2812 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 15:03:33.0675 2812 Power - ok 15:03:33.0705 2812 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 15:03:33.0755 2812 PptpMiniport - ok 15:03:33.0765 2812 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 15:03:33.0795 2812 Processor - ok 15:03:33.0815 2812 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 15:03:33.0845 2812 ProfSvc - ok 15:03:33.0855 2812 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 15:03:33.0865 2812 ProtectedStorage - ok 15:03:33.0885 2812 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 15:03:33.0935 2812 Psched - ok 15:03:33.0975 2812 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 15:03:34.0015 2812 ql2300 - ok 15:03:34.0025 2812 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 15:03:34.0045 2812 ql40xx - ok 15:03:34.0065 2812 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 15:03:34.0085 2812 QWAVE - ok 15:03:34.0095 2812 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 15:03:34.0135 2812 QWAVEdrv - ok 15:03:34.0155 2812 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 15:03:34.0195 2812 RasAcd - ok 15:03:34.0215 2812 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 15:03:34.0255 2812 RasAgileVpn - ok 15:03:34.0265 2812 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 15:03:34.0305 2812 RasAuto - ok 15:03:34.0325 2812 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 15:03:34.0355 2812 Rasl2tp - ok 15:03:34.0375 2812 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 15:03:34.0415 2812 RasMan - ok 15:03:34.0415 2812 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 15:03:34.0465 2812 RasPppoe - ok 15:03:34.0465 2812 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 15:03:34.0505 2812 RasSstp - ok 15:03:34.0525 2812 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 15:03:34.0565 2812 rdbss - ok 15:03:34.0585 2812 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 15:03:34.0605 2812 rdpbus - ok 15:03:34.0645 2812 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 15:03:34.0695 2812 RDPCDD - ok 15:03:34.0705 2812 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 15:03:34.0745 2812 RDPENCDD - ok 15:03:34.0755 2812 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 15:03:34.0785 2812 RDPREFMP - ok 15:03:34.0825 2812 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 15:03:34.0835 2812 RdpVideoMiniport - ok 15:03:34.0865 2812 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 15:03:34.0885 2812 RDPWD - ok 15:03:34.0915 2812 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 15:03:34.0925 2812 rdyboost - ok 15:03:34.0945 2812 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 15:03:34.0985 2812 RemoteAccess - ok 15:03:35.0015 2812 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 15:03:35.0055 2812 RemoteRegistry - ok 15:03:35.0075 2812 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 15:03:35.0125 2812 RpcEptMapper - ok 15:03:35.0135 2812 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 15:03:35.0165 2812 RpcLocator - ok 15:03:35.0175 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 15:03:35.0205 2812 RpcSs - ok 15:03:35.0225 2812 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 15:03:35.0265 2812 rspndr - ok 15:03:35.0295 2812 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 15:03:35.0305 2812 RSUSBSTOR - ok 15:03:35.0335 2812 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys 15:03:35.0375 2812 RTL8192Ce - ok 15:03:35.0385 2812 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 15:03:35.0395 2812 SamSs - ok 15:03:35.0405 2812 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 15:03:35.0425 2812 sbp2port - ok 15:03:35.0475 2812 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 15:03:35.0505 2812 SCardSvr - ok 15:03:35.0525 2812 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 15:03:35.0565 2812 scfilter - ok 15:03:35.0715 2812 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 15:03:35.0795 2812 Schedule - ok 15:03:35.0865 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 15:03:35.0905 2812 SCPolicySvc - ok 15:03:35.0925 2812 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 15:03:35.0955 2812 SDRSVC - ok 15:03:35.0985 2812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 15:03:36.0035 2812 secdrv - ok 15:03:36.0065 2812 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 15:03:36.0105 2812 seclogon - ok 15:03:36.0125 2812 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 15:03:36.0175 2812 SENS - ok 15:03:36.0195 2812 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 15:03:36.0235 2812 SensrSvc - ok 15:03:36.0255 2812 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 15:03:36.0275 2812 Serenum - ok 15:03:36.0305 2812 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 15:03:36.0325 2812 Serial - ok 15:03:36.0455 2812 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 15:03:36.0505 2812 sermouse - ok 15:03:36.0535 2812 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 15:03:36.0575 2812 SessionEnv - ok 15:03:36.0605 2812 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 15:03:36.0615 2812 sffdisk - ok 15:03:36.0665 2812 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 15:03:36.0705 2812 sffp_mmc - ok 15:03:36.0735 2812 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 15:03:36.0755 2812 sffp_sd - ok 15:03:36.0785 2812 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 15:03:36.0815 2812 sfloppy - ok 15:03:36.0895 2812 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 15:03:37.0005 2812 SharedAccess - ok 15:03:37.0065 2812 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 15:03:37.0125 2812 ShellHWDetection - ok 15:03:37.0155 2812 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 15:03:37.0205 2812 SiSRaid2 - ok 15:03:37.0245 2812 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 15:03:37.0405 2812 SiSRaid4 - ok 15:03:37.0455 2812 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 15:03:37.0555 2812 Smb - ok 15:03:37.0625 2812 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 15:03:37.0675 2812 SNMPTRAP - ok 15:03:37.0685 2812 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 15:03:37.0705 2812 spldr - ok 15:03:37.0725 2812 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 15:03:37.0755 2812 Spooler - ok 15:03:37.0805 2812 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 15:03:37.0875 2812 sppsvc - ok 15:03:37.0895 2812 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 15:03:37.0925 2812 sppuinotify - ok 15:03:37.0945 2812 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 15:03:38.0005 2812 srv - ok 15:03:38.0015 2812 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 15:03:38.0055 2812 srv2 - ok 15:03:38.0055 2812 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 15:03:38.0075 2812 srvnet - ok 15:03:38.0115 2812 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 15:03:38.0155 2812 SSDPSRV - ok 15:03:38.0175 2812 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 15:03:38.0205 2812 SstpSvc - ok 15:03:38.0225 2812 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 15:03:38.0245 2812 stexstor - ok 15:03:38.0285 2812 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 15:03:38.0335 2812 stisvc - ok 15:03:38.0355 2812 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 15:03:38.0365 2812 swenum - ok 15:03:38.0395 2812 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 15:03:38.0435 2812 swprv - ok 15:03:38.0475 2812 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 15:03:38.0525 2812 SysMain - ok 15:03:38.0545 2812 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 15:03:38.0565 2812 TabletInputService - ok 15:03:38.0575 2812 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 15:03:38.0615 2812 TapiSrv - ok 15:03:38.0635 2812 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 15:03:38.0675 2812 TBS - ok 15:03:38.0725 2812 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys 15:03:38.0775 2812 Tcpip - ok 15:03:38.0805 2812 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 15:03:38.0835 2812 TCPIP6 - ok 15:03:38.0855 2812 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 15:03:38.0875 2812 tcpipreg - ok 15:03:38.0895 2812 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 15:03:38.0925 2812 TDPIPE - ok 15:03:38.0955 2812 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 15:03:38.0965 2812 TDTCP - ok 15:03:38.0975 2812 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 15:03:39.0015 2812 tdx - ok 15:03:39.0035 2812 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 15:03:39.0055 2812 TermDD - ok 15:03:39.0075 2812 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 15:03:39.0115 2812 TermService - ok 15:03:39.0125 2812 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 15:03:39.0145 2812 Themes - ok 15:03:39.0155 2812 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 15:03:39.0185 2812 THREADORDER - ok 15:03:39.0195 2812 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 15:03:39.0225 2812 TrkWks - ok 15:03:39.0255 2812 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 15:03:39.0285 2812 TrustedInstaller - ok 15:03:39.0315 2812 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 15:03:39.0355 2812 tssecsrv - ok 15:03:39.0395 2812 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 15:03:39.0435 2812 TsUsbFlt - ok 15:03:39.0455 2812 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 15:03:39.0485 2812 TsUsbGD - ok 15:03:39.0565 2812 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe 15:03:39.0615 2812 TuneUp.UtilitiesSvc - ok 15:03:39.0645 2812 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys 15:03:39.0665 2812 TuneUpUtilitiesDrv - ok 15:03:39.0695 2812 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 15:03:39.0735 2812 tunnel - ok 15:03:39.0755 2812 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 15:03:39.0765 2812 uagp35 - ok 15:03:39.0785 2812 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 15:03:39.0825 2812 udfs - ok 15:03:39.0865 2812 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe 15:03:39.0875 2812 ufad-ws60 - ok 15:03:39.0895 2812 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 15:03:39.0915 2812 UI0Detect - ok 15:03:39.0935 2812 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 15:03:39.0945 2812 uliagpkx - ok 15:03:39.0965 2812 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 15:03:39.0995 2812 umbus - ok 15:03:40.0015 2812 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 15:03:40.0035 2812 UmPass - ok 15:03:40.0145 2812 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 15:03:40.0195 2812 UNS - ok 15:03:40.0215 2812 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 15:03:40.0275 2812 upnphost - ok 15:03:40.0295 2812 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 15:03:40.0315 2812 usbccgp - ok 15:03:40.0335 2812 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 15:03:40.0355 2812 usbcir - ok 15:03:40.0365 2812 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 15:03:40.0395 2812 usbehci - ok 15:03:40.0415 2812 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 15:03:40.0445 2812 usbhub - ok 15:03:40.0465 2812 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 15:03:40.0495 2812 usbohci - ok 15:03:40.0515 2812 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 15:03:40.0545 2812 usbprint - ok 15:03:40.0555 2812 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 15:03:40.0575 2812 usbscan - ok 15:03:40.0635 2812 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 15:03:40.0695 2812 USBSTOR - ok 15:03:40.0705 2812 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 15:03:40.0735 2812 usbuhci - ok 15:03:40.0765 2812 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 15:03:40.0795 2812 UxSms - ok 15:03:40.0795 2812 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 15:03:40.0815 2812 VaultSvc - ok 15:03:40.0835 2812 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 15:03:40.0845 2812 vdrvroot - ok 15:03:40.0895 2812 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 15:03:40.0985 2812 vds - ok 15:03:40.0995 2812 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 15:03:41.0005 2812 vga - ok 15:03:41.0015 2812 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 15:03:41.0055 2812 VgaSave - ok 15:03:41.0075 2812 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 15:03:41.0095 2812 vhdmp - ok 15:03:41.0095 2812 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 15:03:41.0105 2812 viaide - ok 15:03:41.0135 2812 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 15:03:41.0145 2812 VMAuthdService - ok 15:03:41.0165 2812 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\windows\system32\drivers\vmci.sys 15:03:41.0175 2812 vmci - ok 15:03:41.0185 2812 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\windows\system32\drivers\VMkbd.sys 15:03:41.0195 2812 vmkbd - ok 15:03:41.0205 2812 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys 15:03:41.0215 2812 VMnetAdapter - ok 15:03:41.0225 2812 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys 15:03:41.0235 2812 VMnetBridge - ok 15:03:41.0245 2812 VMnetDHCP - ok 15:03:41.0255 2812 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys 15:03:41.0265 2812 VMnetuserif - ok 15:03:41.0285 2812 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\windows\system32\Drivers\vmusb.sys 15:03:41.0305 2812 vmusb - ok 15:03:41.0325 2812 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 15:03:41.0345 2812 VMUSBArbService - ok 15:03:41.0355 2812 VMware NAT Service - ok 15:03:41.0385 2812 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\windows\system32\drivers\vmx86.sys 15:03:41.0395 2812 vmx86 - ok 15:03:41.0415 2812 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 15:03:41.0425 2812 volmgr - ok 15:03:41.0435 2812 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 15:03:41.0455 2812 volmgrx - ok 15:03:41.0465 2812 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 15:03:41.0485 2812 volsnap - ok 15:03:41.0505 2812 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 15:03:41.0525 2812 vsmraid - ok 15:03:41.0565 2812 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 15:03:41.0635 2812 VSS - ok 15:03:41.0655 2812 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys 15:03:41.0665 2812 vstor2-ws60 - ok 15:03:41.0685 2812 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 15:03:41.0715 2812 vwifibus - ok 15:03:41.0735 2812 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 15:03:41.0765 2812 vwififlt - ok 15:03:41.0805 2812 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 15:03:41.0835 2812 vwifimp - ok 15:03:41.0855 2812 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 15:03:41.0895 2812 W32Time - ok 15:03:41.0915 2812 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 15:03:41.0935 2812 WacomPen - ok 15:03:41.0965 2812 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 15:03:42.0015 2812 WANARP - ok 15:03:42.0015 2812 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 15:03:42.0045 2812 Wanarpv6 - ok 15:03:42.0095 2812 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 15:03:42.0145 2812 wbengine - ok 15:03:42.0165 2812 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 15:03:42.0185 2812 WbioSrvc - ok 15:03:42.0205 2812 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 15:03:42.0235 2812 wcncsvc - ok 15:03:42.0255 2812 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 15:03:42.0295 2812 WcsPlugInService - ok 15:03:42.0315 2812 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 15:03:42.0335 2812 Wd - ok 15:03:42.0365 2812 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 15:03:42.0395 2812 Wdf01000 - ok 15:03:42.0405 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 15:03:42.0475 2812 WdiServiceHost - ok 15:03:42.0475 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 15:03:42.0495 2812 WdiSystemHost - ok 15:03:42.0525 2812 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 15:03:42.0545 2812 WebClient - ok 15:03:42.0565 2812 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 15:03:42.0605 2812 Wecsvc - ok 15:03:42.0635 2812 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 15:03:42.0665 2812 wercplsupport - ok 15:03:42.0685 2812 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 15:03:42.0735 2812 WerSvc - ok 15:03:42.0775 2812 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 15:03:42.0805 2812 WfpLwf - ok 15:03:42.0815 2812 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 15:03:42.0825 2812 WIMMount - ok 15:03:42.0835 2812 WinDefend - ok 15:03:42.0845 2812 WinHttpAutoProxySvc - ok 15:03:42.0875 2812 [ 66C365B542195C1F6E2FF4A7D8F3827C ] WinI2C-DDC C:\windows\system32\drivers\DDCDrv.sys 15:03:42.0895 2812 WinI2C-DDC - ok 15:03:42.0935 2812 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 15:03:42.0965 2812 Winmgmt - ok 15:03:43.0015 2812 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 15:03:43.0075 2812 WinRM - ok 15:03:43.0115 2812 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 15:03:43.0135 2812 WinUsb - ok 15:03:43.0165 2812 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 15:03:43.0205 2812 Wlansvc - ok 15:03:43.0295 2812 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:03:43.0345 2812 wlidsvc - ok 15:03:43.0365 2812 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 15:03:43.0385 2812 WmiAcpi - ok 15:03:43.0415 2812 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 15:03:43.0435 2812 wmiApSrv - ok 15:03:43.0455 2812 WMPNetworkSvc - ok 15:03:43.0485 2812 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 15:03:43.0525 2812 WPCSvc - ok 15:03:43.0545 2812 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 15:03:43.0575 2812 WPDBusEnum - ok 15:03:43.0595 2812 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 15:03:43.0625 2812 ws2ifsl - ok 15:03:43.0645 2812 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 15:03:43.0675 2812 wscsvc - ok 15:03:43.0685 2812 WSearch - ok 15:03:43.0725 2812 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys 15:03:43.0735 2812 wsvd - ok 15:03:43.0795 2812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 15:03:43.0845 2812 wuauserv - ok 15:03:43.0865 2812 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 15:03:43.0905 2812 WudfPf - ok 15:03:43.0915 2812 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 15:03:43.0945 2812 WUDFRd - ok 15:03:43.0985 2812 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 15:03:44.0005 2812 wudfsvc - ok 15:03:44.0035 2812 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll 15:03:44.0055 2812 WwanSvc - ok 15:03:44.0095 2812 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe 15:03:44.0115 2812 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning 15:03:44.0115 2812 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1) 15:03:44.0145 2812 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys 15:03:44.0185 2812 yukonw7 - ok 15:03:44.0205 2812 ================ Scan global =============================== 15:03:44.0235 2812 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 15:03:44.0255 2812 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 15:03:44.0265 2812 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 15:03:44.0285 2812 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 15:03:44.0305 2812 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 15:03:44.0315 2812 [Global] - ok 15:03:44.0315 2812 ================ Scan MBR ================================== 15:03:44.0315 2812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:03:44.0515 2812 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning 15:03:44.0515 2812 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1) 15:03:44.0605 2812 ================ Scan VBR ================================== 15:03:44.0605 2812 [ E215A44EB93EC98D579AAE408B8845BF ] \Device\Harddisk0\DR0\Partition1 15:03:44.0615 2812 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected 15:03:44.0615 2812 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b (0) 15:03:44.0655 2812 [ A049AB8B697D90B5B729D9BCF01CE68D ] \Device\Harddisk0\DR0\Partition2 15:03:44.0665 2812 \Device\Harddisk0\DR0\Partition2 - ok 15:03:44.0665 2812 ============================================================ 15:03:44.0665 2812 Scan finished 15:03:44.0665 2812 ============================================================ 15:03:44.0675 2768 Detected object count: 5 15:03:44.0675 2768 Actual detected object count: 5 15:06:26.0435 2768 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:26.0435 2768 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:26.0445 2768 JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:26.0445 2768 JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:26.0445 2768 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user 15:06:26.0445 2768 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:06:26.0445 2768 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user 15:06:26.0445 2768 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip 15:06:26.0445 2768 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user 15:06:26.0445 2768 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip |
09.06.2013, 18:09 | #4 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen hi, konfiguriere den TDSS killer nach Anleitung. wähle für: BackBoot.gen Cidox.b cure, bzw delete. starte neu, konfiguriere TDSS Killer nach Anleitung, poste neues log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.06.2013, 13:15 | #5 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hallo ,vielen Dank für deine Hilfe! also hier ist das neue Ergebniss aber leider bei BackBoot.gen konnte ich es nicht löschen habe es aber in Quarantine geschoben.. 14:08:56.0353 1332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:08:56.0462 1332 ============================================================ 14:08:56.0462 1332 Current date / time: 2013/06/10 14:08:56.0462 14:08:56.0462 1332 SystemInfo: 14:08:56.0462 1332 14:08:56.0462 1332 OS Version: 6.1.7601 ServicePack: 1.0 14:08:56.0462 1332 Product type: Workstation 14:08:56.0462 1332 ComputerName: HOTELTOURIST-PC 14:08:56.0478 1332 UserName: Hotel Tourist 14:08:56.0478 1332 Windows directory: C:\windows 14:08:56.0478 1332 System windows directory: C:\windows 14:08:56.0478 1332 Running under WOW64 14:08:56.0478 1332 Processor architecture: Intel x64 14:08:56.0478 1332 Number of processors: 4 14:08:56.0478 1332 Page size: 0x1000 14:08:56.0478 1332 Boot type: Normal boot 14:08:56.0478 1332 ============================================================ 14:08:58.0584 1332 BG loaded 14:08:58.0958 1332 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:08:58.0958 1332 ============================================================ 14:08:58.0958 1332 \Device\Harddisk0\DR0: 14:08:58.0958 1332 MBR partitions: 14:08:58.0958 1332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:08:58.0958 1332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800 14:08:58.0958 1332 ============================================================ 14:08:58.0974 1332 C: <-> \Device\Harddisk0\DR0\Partition2 14:08:58.0974 1332 ============================================================ 14:08:58.0974 1332 Initialize success 14:08:58.0974 1332 ============================================================ 14:10:17.0274 2148 ============================================================ 14:10:17.0274 2148 Scan started 14:10:17.0274 2148 Mode: Manual; SigCheck; TDLFS; 14:10:17.0274 2148 ============================================================ 14:10:18.0374 2148 ================ Scan system memory ======================== 14:10:18.0374 2148 System memory - ok 14:10:18.0374 2148 ================ Scan services ============================= 14:10:18.0594 2148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 14:10:18.0804 2148 1394ohci - ok 14:10:18.0844 2148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 14:10:18.0874 2148 ACPI - ok 14:10:18.0904 2148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 14:10:19.0004 2148 AcpiPmi - ok 14:10:19.0074 2148 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:10:19.0104 2148 AdobeARMservice - ok 14:10:19.0304 2148 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:10:19.0344 2148 AdobeFlashPlayerUpdateSvc - ok 14:10:19.0384 2148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 14:10:19.0414 2148 adp94xx - ok 14:10:19.0434 2148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 14:10:19.0464 2148 adpahci - ok 14:10:19.0484 2148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 14:10:19.0504 2148 adpu320 - ok 14:10:19.0544 2148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 14:10:19.0964 2148 AeLookupSvc - ok 14:10:20.0004 2148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 14:10:20.0074 2148 AFD - ok 14:10:20.0114 2148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 14:10:20.0134 2148 agp440 - ok 14:10:20.0164 2148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 14:10:20.0234 2148 ALG - ok 14:10:20.0254 2148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 14:10:20.0284 2148 aliide - ok 14:10:20.0294 2148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 14:10:20.0314 2148 amdide - ok 14:10:20.0334 2148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 14:10:20.0374 2148 AmdK8 - ok 14:10:20.0394 2148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 14:10:20.0434 2148 AmdPPM - ok 14:10:20.0464 2148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 14:10:20.0494 2148 amdsata - ok 14:10:20.0514 2148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 14:10:20.0544 2148 amdsbs - ok 14:10:20.0554 2148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 14:10:20.0574 2148 amdxata - ok 14:10:20.0744 2148 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 14:10:20.0764 2148 AntiVirSchedulerService - ok 14:10:20.0804 2148 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 14:10:20.0814 2148 AntiVirService - ok 14:10:20.0854 2148 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 14:10:20.0874 2148 AntiVirWebService - ok 14:10:20.0924 2148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 14:10:21.0284 2148 AppID - ok 14:10:21.0324 2148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 14:10:21.0394 2148 AppIDSvc - ok 14:10:21.0434 2148 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll 14:10:21.0474 2148 Appinfo - ok 14:10:21.0514 2148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 14:10:21.0524 2148 arc - ok 14:10:21.0544 2148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 14:10:21.0584 2148 arcsas - ok 14:10:21.0664 2148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:10:21.0704 2148 aspnet_state - ok 14:10:21.0774 2148 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys 14:10:21.0804 2148 aswKbd - ok 14:10:21.0844 2148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 14:10:21.0934 2148 AsyncMac - ok 14:10:21.0944 2148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 14:10:21.0954 2148 atapi - ok 14:10:22.0114 2148 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys 14:10:22.0314 2148 atikmdag - ok 14:10:22.0354 2148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 14:10:22.0404 2148 AudioEndpointBuilder - ok 14:10:22.0414 2148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 14:10:22.0444 2148 AudioSrv - ok 14:10:22.0494 2148 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 14:10:22.0514 2148 avgntflt - ok 14:10:22.0544 2148 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 14:10:22.0554 2148 avipbb - ok 14:10:22.0564 2148 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 14:10:22.0574 2148 avkmgr - ok 14:10:22.0604 2148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 14:10:22.0674 2148 AxInstSV - ok 14:10:22.0714 2148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 14:10:22.0764 2148 b06bdrv - ok 14:10:22.0784 2148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 14:10:22.0814 2148 b57nd60a - ok 14:10:22.0864 2148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 14:10:22.0904 2148 BDESVC - ok 14:10:22.0914 2148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 14:10:22.0974 2148 Beep - ok 14:10:22.0994 2148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 14:10:23.0054 2148 BFE - ok 14:10:23.0074 2148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 14:10:23.0134 2148 BITS - ok 14:10:23.0164 2148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 14:10:23.0184 2148 blbdrive - ok 14:10:23.0214 2148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 14:10:23.0254 2148 bowser - ok 14:10:23.0274 2148 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys 14:10:23.0284 2148 BPntDrv - ok 14:10:23.0304 2148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 14:10:23.0334 2148 BrFiltLo - ok 14:10:23.0354 2148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 14:10:23.0364 2148 BrFiltUp - ok 14:10:23.0384 2148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 14:10:23.0424 2148 Browser - ok 14:10:23.0434 2148 [ 63A00CDBEB300522C49EC7CA77324060 ] BrSerIb C:\windows\system32\DRIVERS\BrSerIb.sys 14:10:23.0444 2148 BrSerIb - ok 14:10:23.0474 2148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 14:10:23.0534 2148 Brserid - ok 14:10:23.0554 2148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 14:10:23.0584 2148 BrSerWdm - ok 14:10:23.0604 2148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 14:10:23.0634 2148 BrUsbMdm - ok 14:10:23.0654 2148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 14:10:23.0684 2148 BrUsbSer - ok 14:10:23.0714 2148 [ BBCFD6C6EF66449F55AF1BFDB08C9B12 ] BrUsbSIb C:\windows\system32\DRIVERS\BrUsbSIb.sys 14:10:23.0724 2148 BrUsbSIb - ok 14:10:23.0754 2148 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 14:10:23.0774 2148 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 14:10:23.0774 2148 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 14:10:23.0784 2148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 14:10:23.0824 2148 BTHMODEM - ok 14:10:23.0864 2148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 14:10:23.0914 2148 bthserv - ok 14:10:23.0934 2148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 14:10:23.0974 2148 cdfs - ok 14:10:24.0004 2148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 14:10:24.0034 2148 cdrom - ok 14:10:24.0064 2148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 14:10:24.0104 2148 CertPropSvc - ok 14:10:24.0134 2148 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\windows\system32\drivers\cfwids.sys 14:10:24.0154 2148 cfwids - ok 14:10:24.0174 2148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 14:10:24.0184 2148 circlass - ok 14:10:24.0214 2148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 14:10:24.0234 2148 CLFS - ok 14:10:24.0274 2148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:10:24.0294 2148 clr_optimization_v2.0.50727_32 - ok 14:10:24.0314 2148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:10:24.0334 2148 clr_optimization_v2.0.50727_64 - ok 14:10:24.0394 2148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:10:24.0474 2148 clr_optimization_v4.0.30319_32 - ok 14:10:24.0484 2148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:10:24.0534 2148 clr_optimization_v4.0.30319_64 - ok 14:10:24.0564 2148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys 14:10:24.0594 2148 CmBatt - ok 14:10:24.0604 2148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 14:10:24.0614 2148 cmdide - ok 14:10:24.0634 2148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys 14:10:24.0664 2148 CNG - ok 14:10:24.0664 2148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 14:10:24.0684 2148 Compbatt - ok 14:10:24.0694 2148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 14:10:24.0724 2148 CompositeBus - ok 14:10:24.0734 2148 COMSysApp - ok 14:10:24.0794 2148 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe 14:10:24.0814 2148 cphs - ok 14:10:24.0834 2148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 14:10:24.0854 2148 crcdisk - ok 14:10:24.0864 2148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 14:10:24.0924 2148 CryptSvc - ok 14:10:24.0954 2148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 14:10:24.0994 2148 DcomLaunch - ok 14:10:25.0024 2148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 14:10:25.0084 2148 defragsvc - ok 14:10:25.0104 2148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 14:10:25.0144 2148 DfsC - ok 14:10:25.0164 2148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 14:10:25.0214 2148 Dhcp - ok 14:10:25.0234 2148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 14:10:25.0274 2148 discache - ok 14:10:25.0314 2148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 14:10:25.0334 2148 Disk - ok 14:10:25.0364 2148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 14:10:25.0424 2148 Dnscache - ok 14:10:25.0454 2148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 14:10:25.0514 2148 dot3svc - ok 14:10:25.0524 2148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 14:10:25.0564 2148 DPS - ok 14:10:25.0594 2148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 14:10:25.0614 2148 drmkaud - ok 14:10:25.0644 2148 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 14:10:25.0674 2148 DXGKrnl - ok 14:10:25.0704 2148 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys 14:10:25.0724 2148 e1cexpress - ok 14:10:25.0744 2148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 14:10:25.0804 2148 EapHost - ok 14:10:25.0864 2148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 14:10:25.0934 2148 ebdrv - ok 14:10:25.0954 2148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 14:10:26.0014 2148 EFS - ok 14:10:26.0064 2148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 14:10:26.0124 2148 ehRecvr - ok 14:10:26.0134 2148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 14:10:26.0154 2148 ehSched - ok 14:10:26.0184 2148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 14:10:26.0224 2148 elxstor - ok 14:10:26.0234 2148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 14:10:26.0274 2148 ErrDev - ok 14:10:26.0334 2148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 14:10:26.0394 2148 EventSystem - ok 14:10:26.0404 2148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 14:10:26.0444 2148 exfat - ok 14:10:26.0464 2148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 14:10:26.0524 2148 fastfat - ok 14:10:26.0564 2148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 14:10:26.0614 2148 Fax - ok 14:10:26.0624 2148 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys 14:10:26.0644 2148 fbfmon - ok 14:10:26.0654 2148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 14:10:26.0674 2148 fdc - ok 14:10:26.0744 2148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 14:10:26.0784 2148 fdPHost - ok 14:10:26.0784 2148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 14:10:26.0834 2148 FDResPub - ok 14:10:26.0864 2148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 14:10:26.0874 2148 FileInfo - ok 14:10:26.0894 2148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 14:10:26.0954 2148 Filetrace - ok 14:10:26.0964 2148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 14:10:26.0984 2148 flpydisk - ok 14:10:27.0014 2148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 14:10:27.0024 2148 FltMgr - ok 14:10:27.0064 2148 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll 14:10:27.0104 2148 FontCache - ok 14:10:27.0144 2148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:10:27.0154 2148 FontCache3.0.0.0 - ok 14:10:27.0184 2148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 14:10:27.0204 2148 FsDepends - ok 14:10:27.0234 2148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 14:10:27.0254 2148 Fs_Rec - ok 14:10:27.0274 2148 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 14:10:27.0294 2148 fvevol - ok 14:10:27.0314 2148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 14:10:27.0324 2148 gagp30kx - ok 14:10:27.0354 2148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 14:10:27.0394 2148 gpsvc - ok 14:10:27.0414 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:10:27.0424 2148 gupdate - ok 14:10:27.0444 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:10:27.0464 2148 gupdatem - ok 14:10:27.0484 2148 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\windows\system32\drivers\hcmon.sys 14:10:27.0504 2148 hcmon - ok 14:10:27.0524 2148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 14:10:27.0584 2148 hcw85cir - ok 14:10:27.0604 2148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 14:10:27.0644 2148 HdAudAddService - ok 14:10:27.0704 2148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 14:10:27.0744 2148 HDAudBus - ok 14:10:27.0754 2148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 14:10:27.0784 2148 HidBatt - ok 14:10:27.0804 2148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 14:10:27.0914 2148 HidBth - ok 14:10:27.0924 2148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 14:10:27.0964 2148 HidIr - ok 14:10:27.0984 2148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 14:10:28.0034 2148 hidserv - ok 14:10:28.0064 2148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 14:10:28.0084 2148 HidUsb - ok 14:10:28.0124 2148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 14:10:28.0174 2148 hkmsvc - ok 14:10:28.0194 2148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 14:10:28.0254 2148 HomeGroupListener - ok 14:10:28.0274 2148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 14:10:28.0304 2148 HomeGroupProvider - ok 14:10:28.0324 2148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 14:10:28.0354 2148 HpSAMD - ok 14:10:28.0384 2148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 14:10:28.0444 2148 HTTP - ok 14:10:28.0454 2148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 14:10:28.0464 2148 hwpolicy - ok 14:10:28.0484 2148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 14:10:28.0494 2148 i8042prt - ok 14:10:28.0554 2148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 14:10:28.0584 2148 iaStorV - ok 14:10:28.0634 2148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:10:28.0684 2148 idsvc - ok 14:10:28.0794 2148 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 14:10:28.0894 2148 igfx - ok 14:10:28.0924 2148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 14:10:28.0944 2148 iirsp - ok 14:10:28.0974 2148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 14:10:29.0034 2148 IKEEXT - ok 14:10:29.0154 2148 [ 62C93ABEC0F8A9A235BF7A86B9FC3A0C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 14:10:29.0194 2148 IntcAzAudAddService - ok 14:10:29.0244 2148 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 14:10:29.0274 2148 IntcDAud - ok 14:10:29.0314 2148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 14:10:29.0324 2148 intelide - ok 14:10:29.0344 2148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 14:10:29.0374 2148 intelppm - ok 14:10:29.0414 2148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 14:10:29.0464 2148 IPBusEnum - ok 14:10:29.0484 2148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 14:10:29.0514 2148 IpFilterDriver - ok 14:10:29.0544 2148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 14:10:29.0594 2148 iphlpsvc - ok 14:10:29.0614 2148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 14:10:29.0644 2148 IPMIDRV - ok 14:10:29.0684 2148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 14:10:29.0734 2148 IPNAT - ok 14:10:29.0754 2148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 14:10:29.0774 2148 IRENUM - ok 14:10:29.0784 2148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 14:10:29.0804 2148 isapnp - ok 14:10:29.0824 2148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 14:10:29.0884 2148 iScsiPrt - ok 14:10:29.0904 2148 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe 14:10:29.0934 2148 JME Keyboard ( UnsignedFile.Multi.Generic ) - warning 14:10:29.0934 2148 JME Keyboard - detected UnsignedFile.Multi.Generic (1) 14:10:29.0974 2148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 14:10:29.0984 2148 kbdclass - ok 14:10:30.0004 2148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 14:10:30.0034 2148 kbdhid - ok 14:10:30.0054 2148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 14:10:30.0064 2148 KeyIso - ok 14:10:30.0104 2148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 14:10:30.0134 2148 KSecDD - ok 14:10:30.0174 2148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 14:10:30.0184 2148 KSecPkg - ok 14:10:30.0204 2148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 14:10:30.0244 2148 ksthunk - ok 14:10:30.0284 2148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 14:10:30.0324 2148 KtmRm - ok 14:10:30.0354 2148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 14:10:30.0404 2148 LanmanServer - ok 14:10:30.0444 2148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 14:10:30.0504 2148 LanmanWorkstation - ok 14:10:30.0534 2148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 14:10:30.0574 2148 lltdio - ok 14:10:30.0594 2148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 14:10:30.0644 2148 lltdsvc - ok 14:10:30.0664 2148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 14:10:30.0704 2148 lmhosts - ok 14:10:30.0754 2148 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 14:10:30.0784 2148 LMS - ok 14:10:30.0794 2148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 14:10:30.0814 2148 LSI_FC - ok 14:10:30.0824 2148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 14:10:30.0844 2148 LSI_SAS - ok 14:10:30.0854 2148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 14:10:30.0864 2148 LSI_SAS2 - ok 14:10:30.0874 2148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 14:10:30.0894 2148 LSI_SCSI - ok 14:10:30.0894 2148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 14:10:30.0944 2148 luafv - ok 14:10:30.0984 2148 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys 14:10:31.0004 2148 MBAMProtector - ok 14:10:31.0044 2148 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 14:10:31.0064 2148 MBAMScheduler - ok 14:10:31.0084 2148 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:10:31.0104 2148 MBAMService - ok 14:10:31.0194 2148 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 14:10:31.0224 2148 McNASvc - ok 14:10:31.0254 2148 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 14:10:31.0274 2148 McShield - ok 14:10:31.0294 2148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 14:10:31.0324 2148 Mcx2Svc - ok 14:10:31.0344 2148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 14:10:31.0364 2148 megasas - ok 14:10:31.0384 2148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 14:10:31.0404 2148 MegaSR - ok 14:10:31.0434 2148 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 14:10:31.0444 2148 MEIx64 - ok 14:10:31.0464 2148 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys 14:10:31.0484 2148 mfeapfk - ok 14:10:31.0494 2148 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys 14:10:31.0514 2148 mfeavfk - ok 14:10:31.0534 2148 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 14:10:31.0554 2148 mfefire - ok 14:10:31.0554 2148 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\windows\system32\drivers\mfefirek.sys 14:10:31.0574 2148 mfefirek - ok 14:10:31.0584 2148 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\windows\system32\drivers\mfehidk.sys 14:10:31.0614 2148 mfehidk - ok 14:10:31.0644 2148 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys 14:10:31.0654 2148 mfenlfk - ok 14:10:31.0674 2148 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\windows\system32\drivers\mferkdet.sys 14:10:31.0694 2148 mferkdet - ok 14:10:31.0734 2148 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 14:10:31.0744 2148 mfevtp - ok 14:10:31.0754 2148 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys 14:10:31.0774 2148 mfewfpk - ok 14:10:31.0804 2148 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 14:10:31.0824 2148 Microsoft Office Groove Audit Service - ok 14:10:31.0844 2148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 14:10:31.0884 2148 MMCSS - ok 14:10:31.0894 2148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 14:10:31.0924 2148 Modem - ok 14:10:31.0944 2148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 14:10:31.0974 2148 monitor - ok 14:10:32.0004 2148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 14:10:32.0014 2148 mouclass - ok 14:10:32.0044 2148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 14:10:32.0064 2148 mouhid - ok 14:10:32.0084 2148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 14:10:32.0094 2148 mountmgr - ok 14:10:32.0154 2148 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:10:32.0184 2148 MozillaMaintenance - ok 14:10:32.0194 2148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 14:10:32.0224 2148 mpio - ok 14:10:32.0234 2148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 14:10:32.0274 2148 mpsdrv - ok 14:10:32.0304 2148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 14:10:32.0354 2148 MpsSvc - ok 14:10:32.0374 2148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 14:10:32.0404 2148 MRxDAV - ok 14:10:32.0434 2148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 14:10:32.0484 2148 mrxsmb - ok 14:10:32.0494 2148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 14:10:32.0504 2148 mrxsmb10 - ok 14:10:32.0534 2148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 14:10:32.0554 2148 mrxsmb20 - ok 14:10:32.0574 2148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 14:10:32.0584 2148 msahci - ok 14:10:32.0604 2148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 14:10:32.0624 2148 msdsm - ok 14:10:32.0644 2148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 14:10:32.0674 2148 MSDTC - ok 14:10:32.0704 2148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 14:10:32.0734 2148 Msfs - ok 14:10:32.0794 2148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 14:10:32.0834 2148 mshidkmdf - ok 14:10:32.0844 2148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 14:10:32.0864 2148 msisadrv - ok 14:10:32.0884 2148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 14:10:32.0934 2148 MSiSCSI - ok 14:10:32.0944 2148 msiserver - ok 14:10:32.0974 2148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 14:10:33.0004 2148 MSKSSRV - ok 14:10:33.0034 2148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 14:10:33.0084 2148 MSPCLOCK - ok 14:10:33.0084 2148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 14:10:33.0124 2148 MSPQM - ok 14:10:33.0144 2148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 14:10:33.0174 2148 MsRPC - ok 14:10:33.0194 2148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 14:10:33.0214 2148 mssmbios - ok 14:10:33.0224 2148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 14:10:33.0264 2148 MSTEE - ok 14:10:33.0304 2148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 14:10:33.0314 2148 MTConfig - ok 14:10:33.0324 2148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 14:10:33.0334 2148 Mup - ok 14:10:33.0354 2148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 14:10:33.0404 2148 napagent - ok 14:10:33.0444 2148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 14:10:33.0474 2148 NativeWifiP - ok 14:10:33.0504 2148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 14:10:33.0544 2148 NDIS - ok 14:10:33.0554 2148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 14:10:33.0584 2148 NdisCap - ok 14:10:33.0604 2148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 14:10:33.0634 2148 NdisTapi - ok 14:10:33.0674 2148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 14:10:33.0714 2148 Ndisuio - ok 14:10:33.0714 2148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 14:10:33.0754 2148 NdisWan - ok 14:10:33.0764 2148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 14:10:33.0794 2148 NDProxy - ok 14:10:33.0794 2148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 14:10:33.0854 2148 NetBIOS - ok 14:10:33.0864 2148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 14:10:33.0934 2148 NetBT - ok 14:10:33.0944 2148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 14:10:33.0954 2148 Netlogon - ok 14:10:34.0034 2148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 14:10:34.0074 2148 Netman - ok 14:10:34.0134 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:34.0194 2148 NetMsmqActivator - ok 14:10:34.0214 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:34.0224 2148 NetPipeActivator - ok 14:10:34.0244 2148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 14:10:34.0304 2148 netprofm - ok 14:10:34.0314 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:34.0324 2148 NetTcpActivator - ok 14:10:34.0324 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:10:34.0344 2148 NetTcpPortSharing - ok 14:10:34.0354 2148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 14:10:34.0374 2148 nfrd960 - ok 14:10:34.0404 2148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 14:10:34.0424 2148 NlaSvc - ok 14:10:34.0434 2148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 14:10:34.0464 2148 Npfs - ok 14:10:34.0484 2148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 14:10:34.0534 2148 nsi - ok 14:10:34.0544 2148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 14:10:34.0574 2148 nsiproxy - ok 14:10:34.0604 2148 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 14:10:34.0654 2148 Ntfs - ok 14:10:34.0654 2148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 14:10:34.0684 2148 Null - ok 14:10:34.0714 2148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 14:10:34.0724 2148 nvraid - ok 14:10:34.0744 2148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 14:10:34.0764 2148 nvstor - ok 14:10:34.0784 2148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 14:10:34.0794 2148 nv_agp - ok 14:10:34.0834 2148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:10:34.0864 2148 odserv - ok 14:10:34.0884 2148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 14:10:34.0894 2148 ohci1394 - ok 14:10:34.0924 2148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:10:34.0944 2148 ose - ok 14:10:34.0964 2148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 14:10:35.0014 2148 p2pimsvc - ok 14:10:35.0034 2148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 14:10:35.0054 2148 p2psvc - ok 14:10:35.0074 2148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 14:10:35.0104 2148 Parport - ok 14:10:35.0124 2148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 14:10:35.0144 2148 partmgr - ok 14:10:35.0154 2148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 14:10:35.0174 2148 PcaSvc - ok 14:10:35.0184 2148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 14:10:35.0204 2148 pci - ok 14:10:35.0214 2148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 14:10:35.0224 2148 pciide - ok 14:10:35.0234 2148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 14:10:35.0254 2148 pcmcia - ok 14:10:35.0264 2148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 14:10:35.0294 2148 pcw - ok 14:10:35.0384 2148 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe 14:10:35.0404 2148 PDFProFiltSrvPP - ok 14:10:35.0434 2148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 14:10:35.0484 2148 PEAUTH - ok 14:10:35.0554 2148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 14:10:35.0584 2148 PerfHost - ok 14:10:35.0624 2148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 14:10:35.0704 2148 pla - ok 14:10:35.0734 2148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 14:10:35.0784 2148 PlugPlay - ok 14:10:35.0804 2148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 14:10:35.0834 2148 PNRPAutoReg - ok 14:10:35.0844 2148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 14:10:35.0864 2148 PNRPsvc - ok 14:10:35.0884 2148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 14:10:35.0924 2148 PolicyAgent - ok 14:10:35.0944 2148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 14:10:35.0984 2148 Power - ok 14:10:36.0004 2148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 14:10:36.0044 2148 PptpMiniport - ok 14:10:36.0054 2148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 14:10:36.0084 2148 Processor - ok 14:10:36.0104 2148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 14:10:36.0134 2148 ProfSvc - ok 14:10:36.0144 2148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 14:10:36.0154 2148 ProtectedStorage - ok 14:10:36.0174 2148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 14:10:36.0224 2148 Psched - ok 14:10:36.0284 2148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 14:10:36.0334 2148 ql2300 - ok 14:10:36.0344 2148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 14:10:36.0364 2148 ql40xx - ok 14:10:36.0384 2148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 14:10:36.0414 2148 QWAVE - ok 14:10:36.0414 2148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 14:10:36.0454 2148 QWAVEdrv - ok 14:10:36.0464 2148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 14:10:36.0494 2148 RasAcd - ok 14:10:36.0524 2148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 14:10:36.0554 2148 RasAgileVpn - ok 14:10:36.0574 2148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 14:10:36.0614 2148 RasAuto - ok 14:10:36.0624 2148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 14:10:36.0654 2148 Rasl2tp - ok 14:10:36.0684 2148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 14:10:36.0724 2148 RasMan - ok 14:10:36.0724 2148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 14:10:36.0764 2148 RasPppoe - ok 14:10:36.0774 2148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 14:10:36.0814 2148 RasSstp - ok 14:10:36.0824 2148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 14:10:36.0864 2148 rdbss - ok 14:10:36.0874 2148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 14:10:36.0914 2148 rdpbus - ok 14:10:36.0914 2148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 14:10:36.0944 2148 RDPCDD - ok 14:10:36.0954 2148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 14:10:37.0004 2148 RDPENCDD - ok 14:10:37.0004 2148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 14:10:37.0034 2148 RDPREFMP - ok 14:10:37.0074 2148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 14:10:37.0124 2148 RdpVideoMiniport - ok 14:10:37.0144 2148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 14:10:37.0174 2148 RDPWD - ok 14:10:37.0194 2148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 14:10:37.0214 2148 rdyboost - ok 14:10:37.0254 2148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 14:10:37.0314 2148 RemoteAccess - ok 14:10:37.0334 2148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 14:10:37.0384 2148 RemoteRegistry - ok 14:10:37.0404 2148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 14:10:37.0444 2148 RpcEptMapper - ok 14:10:37.0454 2148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 14:10:37.0484 2148 RpcLocator - ok 14:10:37.0514 2148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 14:10:37.0554 2148 RpcSs - ok 14:10:37.0574 2148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 14:10:37.0624 2148 rspndr - ok 14:10:37.0644 2148 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 14:10:37.0664 2148 RSUSBSTOR - ok 14:10:37.0694 2148 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys 14:10:37.0724 2148 RTL8192Ce - ok 14:10:37.0734 2148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 14:10:37.0744 2148 SamSs - ok 14:10:37.0764 2148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 14:10:37.0774 2148 sbp2port - ok 14:10:37.0794 2148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 14:10:37.0834 2148 SCardSvr - ok 14:10:37.0864 2148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 14:10:37.0904 2148 scfilter - ok 14:10:37.0934 2148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 14:10:37.0994 2148 Schedule - ok 14:10:38.0014 2148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 14:10:38.0044 2148 SCPolicySvc - ok 14:10:38.0074 2148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 14:10:38.0114 2148 SDRSVC - ok 14:10:38.0154 2148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 14:10:38.0194 2148 secdrv - ok 14:10:38.0204 2148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 14:10:38.0244 2148 seclogon - ok 14:10:38.0254 2148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 14:10:38.0304 2148 SENS - ok 14:10:38.0334 2148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 14:10:38.0364 2148 SensrSvc - ok 14:10:38.0384 2148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 14:10:38.0414 2148 Serenum - ok 14:10:38.0444 2148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 14:10:38.0454 2148 Serial - ok 14:10:38.0474 2148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 14:10:38.0504 2148 sermouse - ok 14:10:38.0524 2148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 14:10:38.0574 2148 SessionEnv - ok 14:10:38.0594 2148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 14:10:38.0614 2148 sffdisk - ok 14:10:38.0634 2148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 14:10:38.0654 2148 sffp_mmc - ok 14:10:38.0674 2148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 14:10:38.0684 2148 sffp_sd - ok 14:10:38.0694 2148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 14:10:38.0714 2148 sfloppy - ok 14:10:38.0744 2148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 14:10:38.0784 2148 SharedAccess - ok 14:10:38.0804 2148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 14:10:38.0844 2148 ShellHWDetection - ok 14:10:38.0864 2148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 14:10:38.0884 2148 SiSRaid2 - ok 14:10:38.0894 2148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 14:10:38.0914 2148 SiSRaid4 - ok 14:10:38.0944 2148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 14:10:38.0974 2148 Smb - ok 14:10:39.0004 2148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 14:10:39.0034 2148 SNMPTRAP - ok 14:10:39.0044 2148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 14:10:39.0064 2148 spldr - ok 14:10:39.0074 2148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 14:10:39.0114 2148 Spooler - ok 14:10:39.0174 2148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 14:10:39.0234 2148 sppsvc - ok 14:10:39.0254 2148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 14:10:39.0284 2148 sppuinotify - ok 14:10:39.0324 2148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 14:10:39.0394 2148 srv - ok 14:10:39.0404 2148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 14:10:39.0444 2148 srv2 - ok 14:10:39.0444 2148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 14:10:39.0464 2148 srvnet - ok 14:10:39.0494 2148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 14:10:39.0554 2148 SSDPSRV - ok 14:10:39.0564 2148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 14:10:39.0604 2148 SstpSvc - ok 14:10:39.0624 2148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 14:10:39.0644 2148 stexstor - ok 14:10:39.0694 2148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 14:10:39.0744 2148 stisvc - ok 14:10:39.0754 2148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 14:10:39.0764 2148 swenum - ok 14:10:39.0794 2148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 14:10:39.0854 2148 swprv - ok 14:10:39.0914 2148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 14:10:39.0954 2148 SysMain - ok 14:10:39.0974 2148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 14:10:39.0994 2148 TabletInputService - ok 14:10:40.0014 2148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 14:10:40.0054 2148 TapiSrv - ok 14:10:40.0074 2148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 14:10:40.0124 2148 TBS - ok 14:10:40.0174 2148 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys 14:10:40.0234 2148 Tcpip - ok 14:10:40.0264 2148 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 14:10:40.0294 2148 TCPIP6 - ok 14:10:40.0334 2148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 14:10:40.0354 2148 tcpipreg - ok 14:10:40.0364 2148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 14:10:40.0404 2148 TDPIPE - ok 14:10:40.0444 2148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 14:10:40.0454 2148 TDTCP - ok 14:10:40.0474 2148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 14:10:40.0524 2148 tdx - ok 14:10:40.0534 2148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 14:10:40.0554 2148 TermDD - ok 14:10:40.0574 2148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 14:10:40.0624 2148 TermService - ok 14:10:40.0634 2148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 14:10:40.0654 2148 Themes - ok 14:10:40.0674 2148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 14:10:40.0704 2148 THREADORDER - ok 14:10:40.0714 2148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 14:10:40.0744 2148 TrkWks - ok 14:10:40.0774 2148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 14:10:40.0804 2148 TrustedInstaller - ok 14:10:40.0824 2148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 14:10:40.0864 2148 tssecsrv - ok 14:10:40.0884 2148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 14:10:40.0924 2148 TsUsbFlt - ok 14:10:40.0944 2148 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 14:10:40.0964 2148 TsUsbGD - ok 14:10:41.0044 2148 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe 14:10:41.0094 2148 TuneUp.UtilitiesSvc - ok 14:10:41.0124 2148 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys 14:10:41.0134 2148 TuneUpUtilitiesDrv - ok 14:10:41.0164 2148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 14:10:41.0204 2148 tunnel - ok 14:10:41.0224 2148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 14:10:41.0234 2148 uagp35 - ok 14:10:41.0254 2148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 14:10:41.0304 2148 udfs - ok 14:10:41.0344 2148 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe 14:10:41.0364 2148 ufad-ws60 - ok 14:10:41.0394 2148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 14:10:41.0404 2148 UI0Detect - ok 14:10:41.0414 2148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 14:10:41.0434 2148 uliagpkx - ok 14:10:41.0454 2148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 14:10:41.0484 2148 umbus - ok 14:10:41.0504 2148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 14:10:41.0524 2148 UmPass - ok 14:10:41.0614 2148 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 14:10:41.0664 2148 UNS - ok 14:10:41.0684 2148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 14:10:41.0734 2148 upnphost - ok 14:10:41.0764 2148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 14:10:41.0784 2148 usbccgp - ok 14:10:41.0804 2148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 14:10:41.0844 2148 usbcir - ok 14:10:41.0864 2148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 14:10:41.0884 2148 usbehci - ok 14:10:41.0904 2148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 14:10:41.0954 2148 usbhub - ok 14:10:41.0994 2148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 14:10:42.0034 2148 usbohci - ok 14:10:42.0054 2148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 14:10:42.0094 2148 usbprint - ok 14:10:42.0104 2148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 14:10:42.0124 2148 usbscan - ok 14:10:42.0144 2148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 14:10:42.0184 2148 USBSTOR - ok 14:10:42.0194 2148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 14:10:42.0224 2148 usbuhci - ok 14:10:42.0244 2148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 14:10:42.0284 2148 UxSms - ok 14:10:42.0284 2148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 14:10:42.0294 2148 VaultSvc - ok 14:10:42.0314 2148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 14:10:42.0334 2148 vdrvroot - ok 14:10:42.0344 2148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 14:10:42.0404 2148 vds - ok 14:10:42.0424 2148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 14:10:42.0434 2148 vga - ok 14:10:42.0444 2148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 14:10:42.0484 2148 VgaSave - ok 14:10:42.0504 2148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 14:10:42.0524 2148 vhdmp - ok 14:10:42.0534 2148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 14:10:42.0544 2148 viaide - ok 14:10:42.0564 2148 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe 14:10:42.0574 2148 VMAuthdService - ok 14:10:42.0594 2148 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\windows\system32\drivers\vmci.sys 14:10:42.0604 2148 vmci - ok 14:10:42.0614 2148 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\windows\system32\drivers\VMkbd.sys 14:10:42.0624 2148 vmkbd - ok 14:10:42.0644 2148 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys 14:10:42.0654 2148 VMnetAdapter - ok 14:10:42.0654 2148 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys 14:10:42.0674 2148 VMnetBridge - ok 14:10:42.0684 2148 VMnetDHCP - ok 14:10:42.0694 2148 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys 14:10:42.0704 2148 VMnetuserif - ok 14:10:42.0714 2148 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\windows\system32\Drivers\vmusb.sys 14:10:42.0724 2148 vmusb - ok 14:10:42.0764 2148 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 14:10:42.0784 2148 VMUSBArbService - ok 14:10:42.0794 2148 VMware NAT Service - ok 14:10:42.0814 2148 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\windows\system32\drivers\vmx86.sys 14:10:42.0824 2148 vmx86 - ok 14:10:42.0844 2148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 14:10:42.0854 2148 volmgr - ok 14:10:42.0864 2148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 14:10:42.0884 2148 volmgrx - ok 14:10:42.0894 2148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 14:10:42.0914 2148 volsnap - ok 14:10:42.0934 2148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 14:10:42.0954 2148 vsmraid - ok 14:10:42.0984 2148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 14:10:43.0054 2148 VSS - ok 14:10:43.0074 2148 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys 14:10:43.0084 2148 vstor2-ws60 - ok 14:10:43.0104 2148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 14:10:43.0144 2148 vwifibus - ok 14:10:43.0164 2148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 14:10:43.0194 2148 vwififlt - ok 14:10:43.0234 2148 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys 14:10:43.0254 2148 vwifimp - ok 14:10:43.0274 2148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 14:10:43.0314 2148 W32Time - ok 14:10:43.0334 2148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 14:10:43.0344 2148 WacomPen - ok 14:10:43.0354 2148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 14:10:43.0404 2148 WANARP - ok 14:10:43.0424 2148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 14:10:43.0444 2148 Wanarpv6 - ok 14:10:43.0474 2148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 14:10:43.0544 2148 wbengine - ok 14:10:43.0564 2148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 14:10:43.0584 2148 WbioSrvc - ok 14:10:43.0594 2148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 14:10:43.0634 2148 wcncsvc - ok 14:10:43.0644 2148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 14:10:43.0694 2148 WcsPlugInService - ok 14:10:43.0714 2148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 14:10:43.0724 2148 Wd - ok 14:10:43.0754 2148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 14:10:43.0794 2148 Wdf01000 - ok 14:10:43.0794 2148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 14:10:43.0914 2148 WdiServiceHost - ok 14:10:43.0914 2148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 14:10:43.0934 2148 WdiSystemHost - ok 14:10:43.0974 2148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 14:10:44.0024 2148 WebClient - ok 14:10:44.0054 2148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 14:10:44.0094 2148 Wecsvc - ok 14:10:44.0104 2148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 14:10:44.0134 2148 wercplsupport - ok 14:10:44.0154 2148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 14:10:44.0204 2148 WerSvc - ok 14:10:44.0244 2148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 14:10:44.0274 2148 WfpLwf - ok 14:10:44.0284 2148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 14:10:44.0294 2148 WIMMount - ok 14:10:44.0304 2148 WinDefend - ok 14:10:44.0314 2148 WinHttpAutoProxySvc - ok 14:10:44.0334 2148 [ 66C365B542195C1F6E2FF4A7D8F3827C ] WinI2C-DDC C:\windows\system32\drivers\DDCDrv.sys 14:10:44.0354 2148 WinI2C-DDC - ok 14:10:44.0394 2148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 14:10:44.0434 2148 Winmgmt - ok 14:10:44.0474 2148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 14:10:44.0534 2148 WinRM - ok 14:10:44.0564 2148 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 14:10:44.0584 2148 WinUsb - ok 14:10:44.0604 2148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 14:10:44.0644 2148 Wlansvc - ok 14:10:44.0724 2148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:10:44.0774 2148 wlidsvc - ok 14:10:44.0804 2148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 14:10:44.0824 2148 WmiAcpi - ok 14:10:44.0844 2148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 14:10:44.0884 2148 wmiApSrv - ok 14:10:44.0904 2148 WMPNetworkSvc - ok 14:10:44.0924 2148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 14:10:44.0964 2148 WPCSvc - ok 14:10:44.0984 2148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 14:10:45.0014 2148 WPDBusEnum - ok 14:10:45.0024 2148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 14:10:45.0054 2148 ws2ifsl - ok 14:10:45.0064 2148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 14:10:45.0094 2148 wscsvc - ok 14:10:45.0104 2148 WSearch - ok 14:10:45.0144 2148 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys 14:10:45.0164 2148 wsvd - ok 14:10:45.0204 2148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 14:10:45.0254 2148 wuauserv - ok 14:10:45.0274 2148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 14:10:45.0304 2148 WudfPf - ok 14:10:45.0324 2148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 14:10:45.0354 2148 WUDFRd - ok 14:10:45.0384 2148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 14:10:45.0414 2148 wudfsvc - ok 14:10:45.0444 2148 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll 14:10:45.0474 2148 WwanSvc - ok 14:10:45.0504 2148 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe 14:10:45.0534 2148 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning 14:10:45.0534 2148 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1) 14:10:45.0564 2148 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys 14:10:45.0604 2148 yukonw7 - ok 14:10:45.0624 2148 ================ Scan global =============================== 14:10:45.0654 2148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 14:10:45.0674 2148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 14:10:45.0684 2148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll 14:10:45.0704 2148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 14:10:45.0724 2148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 14:10:45.0734 2148 [Global] - ok 14:10:45.0734 2148 ================ Scan MBR ================================== 14:10:45.0734 2148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:10:45.0984 2148 \Device\Harddisk0\DR0 - ok 14:10:45.0984 2148 ================ Scan VBR ================================== 14:10:46.0014 2148 [ 97CC909410A7487DA7F63FFEC4B14A4E ] \Device\Harddisk0\DR0\Partition1 14:10:46.0014 2148 \Device\Harddisk0\DR0\Partition1 - ok 14:10:46.0024 2148 [ A049AB8B697D90B5B729D9BCF01CE68D ] \Device\Harddisk0\DR0\Partition2 14:10:46.0024 2148 \Device\Harddisk0\DR0\Partition2 - ok 14:10:46.0024 2148 ============================================================ 14:10:46.0024 2148 Scan finished 14:10:46.0024 2148 ============================================================ 14:10:46.0034 3224 Detected object count: 3 14:10:46.0034 3224 Actual detected object count: 3 14:10:51.0774 3224 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:51.0774 3224 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:51.0774 3224 JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:51.0774 3224 JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:51.0774 3224 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user 14:10:51.0774 3224 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:10:54.0684 3020 Deinitialize success |
10.06.2013, 15:28 | #6 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen Hi, Scan mit Combofix
__________________ --> Mail delivery failed Nachrichten und außerdem Balue Screen |
10.06.2013, 17:10 | #7 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi, hier ist die Log-Datai: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Hotel Tourist 10.06.2013 18:01:53.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4008.2437 [GMT 2:00] ausgeführt von:: c:\users\Hotel Tourist\Desktop\amir\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Recent\httpq-ec.bstatic.comimageshotelmax3002322329576.jpg.URL c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 )))))))))))))))))))))))))))))) . . 2013-06-10 16:05 . 2013-06-10 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-10 12:07 . 2013-06-10 12:07 -------- d-----w- C:\TDSSKiller_Quarantine 2013-06-09 15:17 . 2013-06-09 15:17 -------- d-----w- c:\users\Hotel Tourist\AppData\Local\DoNotTrackPlus 2013-06-09 15:17 . 2013-06-09 15:17 -------- d-----w- c:\users\Hotel Tourist\AppData\Local\AskToolbar 2013-06-09 11:50 . 2013-06-09 11:50 -------- d-----w- c:\users\Hotel Tourist\AppData\Roaming\Avira 2013-06-09 11:45 . 2013-06-09 11:45 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys 2013-06-09 11:44 . 2013-06-09 11:45 -------- d-----w- c:\program files (x86)\Ask.com 2013-06-09 11:44 . 2013-06-09 11:44 -------- d-----w- c:\users\Hotel Tourist\AppData\Local\APN 2013-06-09 11:44 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-06-09 11:44 . 2013-02-26 14:56 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-06-09 11:44 . 2013-02-26 14:56 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-06-09 11:44 . 2013-06-09 11:44 -------- d-----w- c:\programdata\Avira 2013-06-09 11:44 . 2013-06-09 11:44 -------- d-----w- c:\program files (x86)\Avira 2013-06-09 11:32 . 2013-06-09 11:32 -------- d-----w- c:\users\Hotel Tourist\AppData\Roaming\Malwarebytes 2013-06-09 11:32 . 2013-06-09 11:32 -------- d-----w- c:\programdata\Malwarebytes 2013-06-09 11:32 . 2013-06-09 11:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-09 11:32 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-09 11:32 . 2013-06-09 11:32 -------- d-----w- c:\users\Hotel Tourist\AppData\Local\Programs 2013-06-07 16:29 . 2013-06-07 16:29 -------- d-----w- c:\users\Hotel Tourist\.jinit 2013-06-07 15:23 . 2013-06-07 15:23 -------- d-----w- C:\Intel 2013-06-07 15:16 . 2013-06-09 11:27 -------- d-----w- C:\avast! sandbox 2013-06-07 14:54 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D265DE-4ECD-4650-A6DB-CAA598F0C51F}\mpengine.dll 2013-06-06 19:04 . 2013-06-06 19:05 -------- d-----w- c:\programdata\2544a4 2013-05-23 22:53 . 2013-05-23 22:53 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll 2013-05-19 10:50 . 2013-04-14 03:11 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll 2013-05-19 10:50 . 2013-04-14 03:11 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll 2013-05-19 10:50 . 2013-04-14 03:11 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll 2013-05-15 22:00 . 2013-04-05 06:50 19231232 ----a-w- c:\windows\system32\mshtml.dll 2013-05-15 22:00 . 2013-04-05 06:50 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-05-15 12:52 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 12:52 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 12:52 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 12:51 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 12:51 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 12:51 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 12:51 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 12:51 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 12:51 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-15 12:51 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-15 12:51 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-15 12:51 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-13 13:25 . 2013-05-13 13:25 -------- d-----w- c:\program files\DomaIQ Uninstaller 2013-05-13 13:24 . 2013-05-13 13:24 -------- d-----w- c:\program files (x86)\Tuguu SL 2013-05-13 13:18 . 2013-06-10 12:09 -------- d-----w- c:\users\Hotel Tourist\AppData\Roaming\Yontoo 2013-05-13 13:18 . 2013-05-13 13:18 -------- d-----w- c:\program files (x86)\Yontoo 2013-05-13 13:18 . 2013-05-13 13:18 -------- d-----w- c:\users\Hotel Tourist\AppData\Roaming\Babylon 2013-05-13 13:18 . 2013-05-13 13:18 -------- d-----w- c:\programdata\Babylon . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-15 22:04 . 2011-10-19 18:13 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-15 08:37 . 2012-04-05 15:07 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-15 08:37 . 2011-10-16 22:24 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-09 08:58 . 2011-10-22 02:30 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-25 14:35 . 2013-04-25 14:35 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll 2013-04-25 14:35 . 2013-04-25 14:35 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll 2013-04-13 05:49 . 2013-05-15 12:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-15 12:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-15 12:52 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-15 12:52 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-15 12:52 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-15 12:52 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 17:17 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-03-22 23:02 . 2013-03-22 23:02 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-03-22 23:02 . 2013-03-22 23:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-22 23:02 . 2013-03-22 23:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-03-22 23:02 . 2013-03-22 23:02 81408 ----a-w- c:\windows\system32\icardie.dll 2013-03-22 23:02 . 2013-03-22 23:02 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-03-22 23:02 . 2013-03-22 23:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-22 23:02 . 2013-03-22 23:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-22 23:02 . 2013-03-22 23:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-03-22 23:02 . 2013-03-22 23:02 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-22 23:02 . 2013-03-22 23:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-22 23:02 . 2013-03-22 23:02 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-03-22 23:02 . 2013-03-22 23:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-03-22 23:02 . 2013-03-22 23:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-22 23:02 . 2013-03-22 23:02 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-03-22 23:02 . 2013-03-22 23:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-22 23:02 . 2013-03-22 23:02 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-22 23:02 . 2013-03-22 23:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-22 23:02 . 2013-03-22 23:02 441856 ----a-w- c:\windows\system32\html.iec 2013-03-22 23:02 . 2013-03-22 23:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-22 23:02 . 2013-03-22 23:02 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-03-22 23:02 . 2013-03-22 23:02 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-22 23:02 . 2013-03-22 23:02 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-22 23:02 . 2013-03-22 23:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-22 23:02 . 2013-03-22 23:02 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-03-22 23:02 . 2013-03-22 23:02 235008 ----a-w- c:\windows\system32\url.dll 2013-03-22 23:02 . 2013-03-22 23:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-22 23:02 . 2013-03-22 23:02 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-03-22 23:02 . 2013-03-22 23:02 216064 ----a-w- c:\windows\system32\msls31.dll 2013-03-22 23:02 . 2013-03-22 23:02 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-22 23:02 . 2013-03-22 23:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-03-22 23:02 . 2013-03-22 23:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-03-22 23:02 . 2013-03-22 23:02 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-03-22 23:02 . 2013-03-22 23:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-22 23:02 . 2013-03-22 23:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-03-22 23:02 . 2013-03-22 23:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-22 23:02 . 2013-03-22 23:02 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-22 23:02 . 2013-03-22 23:02 144896 ----a-w- c:\windows\system32\wextract.exe 2013-03-22 23:02 . 2013-03-22 23:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-03-22 23:02 . 2013-03-22 23:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-22 23:02 . 2013-03-22 23:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-22 23:02 . 2013-03-22 23:02 13824 ----a-w- c:\windows\system32\mshta.exe 2013-03-22 23:02 . 2013-03-22 23:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-03-22 23:02 . 2013-03-22 23:02 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-03-22 23:02 . 2013-03-22 23:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-22 23:02 . 2013-03-22 23:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-22 23:02 . 2013-03-22 23:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-22 23:02 . 2013-03-22 23:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-22 23:02 . 2013-03-22 23:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-03-22 23:02 . 2013-03-22 23:02 102912 ----a-w- c:\windows\system32\inseng.dll 2013-03-19 06:04 . 2013-04-10 21:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 21:29 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 21:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 21:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 21:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 21:29 112640 ----a-w- c:\windows\system32\smss.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-04-30 10:02 1521800 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368] "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984] "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2012-01-17 232328] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312] . c:\users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ FAXRX.lnk - c:\program files (x86)\Brother\Brmfl10f\FAXRX.exe [2012-7-26 544768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Lenovo Dynamic Brightness System"=c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1 "CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" "jmekey"=c:\windows\jmesoft\hotkey.exe "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "c:\program files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" "jmesoft"=c:\windows\jmesoft\ServiceLoader.exe "Lenovo Eye Distance System"=c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1 "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] R4 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x] R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x] S1 aswKbd;aswKbd; [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 40020225 *NewlyCreated* - 90719796 *Deregistered* - 40020225 *Deregistered* - 90719796 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-06 03:31 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:37] . 2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 09:35] . 2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 09:35] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/ uLocal Page = c:\windows\system32\blank.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll TCP: DhcpNameServer = 192.168.2.1 DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://192.168.2.150:888/DVRemoteAx.cab DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} FF - ProfilePath - c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.hrs.de/web3/showSessionTimeout.do;jsessionid=C9EBD03F212CE69E2CA97CEF01F35DCD.50-2?activity=showSessionError&branch=30205010&cid=50-2&clientId=ZGVfX05FWFQ-|https://www.google.de/ FF - ExtSQL: 2013-05-13 15:18; plugin@yontoo.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\plugin@yontoo.com FF - ExtSQL: 2013-06-09 13:45; toolbar@ask.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\toolbar@ask.com FF - ExtSQL: !HIDDEN! 2013-04-09 04:17; speedanalysis@SpeedAnalysis.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: extensions.BabylonToolbar_i.id - 746c09fe000000000000ac8112880041 FF - user.js: extensions.BabylonToolbar_i.hardId - 746c09fe000000000000ac8112880041 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15381 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:41 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 746c09fe0000000000004437e64cba98 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15838 FF - user.js: extensions.delta.vrsn - 1.8.16.16 FF - user.js: extensions.delta.vrsni - 1.8.16.16 FF - user.js: extensions.delta.vrsnTs - 1.8.16.1615:18 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-40020225.sys HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-06-10 18:07:29 ComboFix-quarantined-files.txt 2013-06-10 16:07 . Vor Suchlauf: 15 Verzeichnis(se), 863.144.513.536 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 862.654.214.144 Bytes frei . - - End Of File - - E0DF9C14EE48BAABECD10810D4D1895D A36C5E4F47E84449FF07ED3517B43A31 |
10.06.2013, 19:10 | #8 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen poste alle bisherigen Malwarebytes logs mit funden. http://www.trojaner-board.de/125889-...en-posten.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.06.2013, 19:37 | #9 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi, schon erledigt und hier ist die Logdateien: mbam-log-2013-06-09 (13-34-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213665 Laufzeit: 2 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 3 C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe (Trojan.Zbot.FV) -> 2580 -> Löschen bei Neustart. C:\Users\Hotel Tourist\cirdeaqarycr.exe (Backdoor.Bot) -> 3004 -> Löschen bei Neustart. C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1556 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Mocab (Trojan.Zbot.FV) -> Daten: "C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cirdeaqarycr (Backdoor.Bot) -> Daten: C:\Users\Hotel Tourist\cirdeaqarycr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Löschen bei Neustart. Infizierte Dateien: 9 C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe (Trojan.Zbot.FV) -> Löschen bei Neustart. C:\Users\Hotel Tourist\cirdeaqarycr.exe (Backdoor.Bot) -> Löschen bei Neustart. C:\Users\Hotel Tourist\AppData\Roaming\ntuser.dat (Misused.Legit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\AppData\Roaming\Unexin\opedyj.exe (Trojan.FavLock.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Downloads\avira-premium-security-suite_V.170755026b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Downloads\avira-premium-security-suite_V.170757114b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Löschen bei Neustart. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Löschen bei Neustart. (Ende) Hi Markus,da der betroffene Computer nicht bei mir ist, würde dich bitte,wenn es geht,mir die schritte ,die man zusammen machen kann, auf einmal zu sagen,dass ich möglichst viele schritte auf einmal mache und nicht jedes Mal hinfahren muss.. Ich meine wenn es geht,wenn nicht dann ist alles ok und bin dir auf jeden Fall sehr dankbar |
10.06.2013, 21:51 | #10 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen malwarebytes updaten, vollständiger scan bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.06.2013, 23:26 | #11 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi, habe Das Programm erstmal aktualisieren lassen,also das war schon auf neusten Stand(Datenbank Version: v2013.06.09.01) aber vollständiger Scan werde ich auf jeden Fall Morgen hingehen und machen,soll ich noch irgendwas am Computer tun? Gute Nacht |
10.06.2013, 23:36 | #12 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen ja den vollständigen scan erst mal.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.06.2013, 15:05 | #13 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi, hier ist die Log-Datei: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.11.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Hotel Tourist :: HOTELTOURIST-PC [Administrator] Schutz: Deaktiviert 11.06.2013 14:07:02 mbam-log-2013-06-11 (14-07-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373541 Laufzeit: 43 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 9 C:\Program Files (x86)\Opera\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE.rar (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE.rar (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
11.06.2013, 17:47 | #14 |
/// Malware-holic | Mail delivery failed Nachrichten und außerdem Balue Screen C:\Program Files (x86)\Opera\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. http://www.trojaner-board.de/95393-c...-software.html deswegen gibts hier nur Hilfe beim neu aufsetzen. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.06.2013, 18:44 | #15 |
| Mail delivery failed Nachrichten und außerdem Balue Screen Hi,wie man einfach sehen kann,der Computer liegt in einem Hotel ,wo viele Leute es benutzen können,und wenn jemand was runtergeladen hat,muss ich jetzt nicht dafür gerade stehen,ich bitte dich mir dabei weiter zu helfen dass ich den Computer in Ordnung kriege und werde dann darauf aufpassen,dass keine was illegales runterladen kann... Vielen Dank |
Themen zu Mail delivery failed Nachrichten und außerdem Balue Screen |
adware.domaiq, avira searchfree toolbar, backdoor.bot, filescout.exe, flash player, iexplore.exe, iminent toolbar, install.exe, mail delivery, misused.legit, ntdll.dll, plug-in, preferences, pup.installbrain, revo uninstaller, rootkit.boot.cidox.b, rootkit.win32.backboot.gen, software, svchost.exe, trojan.agent, trojan.favlock.gen, trojan.zbot.fv, unerwarteter fehler, visual studio |