| |
| |||||||
Log-Analyse und Auswertung: Und noch ein System Doctor 2014 OpferWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
09.06.2013, 15:06
| #1 |
| |  Und noch ein System Doctor 2014 Opfer Habe eben auf einer Seite eines psychologischen Institutes gesurft und plötzlich kam eine dieser "üblichen und häufigen" vierecksfenster, welches für mich auf den ersten Blick aussah wie das typische jdwupdate, also Java Update...einmal zu schnell okay geklickt und zack, das wars. Ganz fieser System Doctor 2014... System: Laptop mit Windows 7 86 bit und Avira Antivir, welcher mich nicht gewarnt hat  Anbei die geforderten Logs: Code:
ATTFilter OTL logfile created on: 09.06.2013 14:35:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User 1\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free 5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32 Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe PRC - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp PRC - [2013.05.23 02:42:44 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.03.15 04:59:31 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.26 21:16:28 | 000,468,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.11.26 21:16:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.11.26 21:16:27 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2012.11.26 21:16:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.09.24 20:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10NETS.EXE ========== Modules (No Company Name) ========== MOD - [2013.06.09 13:07:32 | 000,708,608 | ---- | M] () -- C:\Users\USER1~1\AppData\Local\Temp\90BB.tmp MOD - [2012.11.26 21:16:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013.05.22 01:09:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 23:55:24 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.15 07:46:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.01.28 15:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2013.01.28 15:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.11.26 21:16:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.11.26 21:16:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10NETS.EXE -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) DRV - [2013.03.15 07:46:27 | 008,952,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.12.19 07:41:53 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.11.26 21:16:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.11.26 21:16:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.16 17:38:46 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.10.19 17:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.01.13 17:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 12:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2001.11.14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10uif.sys -- (X10UIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "https://secure.premiumize.me/d023a2c18839d55005656a58f0b2db16/proxy.pac" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.22 01:09:00 | 000,000,000 | ---D | M] [2012.11.04 22:23:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Extensions [2013.05.09 15:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions [2013.02.17 22:13:56 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\User 1\AppData\Roaming\mozilla\Firefox\Profiles\15xf9788.default\extensions\foxyproxy@eric.h.jung [2012.12.11 01:59:54 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\DivXWebPlayer@divx.com.xpi [2013.05.09 15:59:31 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.26 21:21:15 | 000,002,344 | ---- | M] () -- C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\15xf9788.default\searchplugins\askcom.xml [2013.05.22 01:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.05.22 01:09:04 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.11.12 12:41:04 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [SD2014] C:\Users\User 1\AppData\Roaming\9dfDadRV\9dfDadRV.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F2AE736-63A0-43CE-B69D-296AD6C1DFFD}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F099809A-F26F-44B2-B6B2-AF3F51D986F1}: DhcpNameServer = 192.168.221.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 14:33:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe [2013.06.09 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014 [2013.06.09 13:07:35 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\9dfDadRV [2013.05.23 17:29:10 | 000,000,000 | ---D | C] -- C:\Users\User 1\Documents\Amos Dateien [2013.05.22 01:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013.06.09 14:33:54 | 000,000,000 | ---- | M] () -- C:\Users\User 1\defogger_reenable [2013.06.09 14:24:50 | 000,050,477 | ---- | M] () -- C:\Users\User 1\Desktop\Defogger.exe [2013.06.09 14:15:50 | 000,377,856 | ---- | M] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe [2013.06.09 14:14:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User 1\Desktop\OTL.exe [2013.06.09 13:55:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 13:12:42 | 000,001,868 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk [2013.06.09 13:12:42 | 000,000,112 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url [2013.06.09 13:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 12:11:16 | 000,019,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.08 23:03:13 | 000,698,926 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.08 23:03:13 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.08 23:03:13 | 000,149,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.08 23:03:13 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.06.07 12:29:58 | 000,061,460 | ---- | M] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav [2013.05.23 02:42:43 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.05.22 23:43:54 | 003,971,473 | ---- | M] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf [2013.05.16 17:27:42 | 000,001,134 | ---- | M] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk [2013.05.16 12:28:02 | 000,274,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.05.10 17:45:58 | 000,000,991 | ---- | M] () -- C:\Users\User 1\Desktop\Word.exe.lnk ========== Files Created - No Company Name ========== [2013.06.09 14:33:54 | 000,000,000 | ---- | C] () -- C:\Users\User 1\defogger_reenable [2013.06.09 14:33:43 | 000,377,856 | ---- | C] () -- C:\Users\User 1\Desktop\gmer_2.1.19163.exe [2013.06.09 14:33:43 | 000,050,477 | ---- | C] () -- C:\Users\User 1\Desktop\Defogger.exe [2013.06.09 13:12:42 | 000,001,868 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk [2013.06.09 13:12:42 | 000,000,112 | ---- | C] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url [2013.06.06 17:18:44 | 000,061,460 | ---- | C] () -- C:\Users\User 1\Desktop\Daten 21 mai.sav [2013.05.23 02:42:43 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.05.22 23:43:54 | 003,971,473 | ---- | C] () -- C:\Users\User 1\Desktop\07-GT-I8700-Direy-6[1].pdf [2013.05.16 17:27:42 | 000,001,134 | ---- | C] () -- C:\Users\User 1\Desktop\OnlineTV.exe - Verknüpfung.lnk [2013.05.10 17:45:58 | 000,000,991 | ---- | C] () -- C:\Users\User 1\Desktop\Word.exe.lnk [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth2.dll [2013.04.29 12:57:02 | 000,000,000 | ---- | C] () -- C:\Windows\System32\clauth1.dll [2013.04.02 20:49:42 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll [2013.04.02 20:49:40 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2013.04.02 20:49:40 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2013.04.02 20:49:37 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll [2013.04.02 20:49:19 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2013.01.26 15:32:28 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2013.01.26 15:32:28 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2013.01.18 20:40:08 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2013.01.15 20:31:49 | 000,274,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.06 12:20:32 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.06.09 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\9dfDadRV [2013.01.11 13:53:32 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Canneverbe Limited [2012.12.28 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\PhonerLite [2012.12.10 20:13:57 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\Synaptics [2013.01.03 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\TuneUp Software [2013.01.18 21:09:03 | 000,000,000 | ---D | M] -- C:\Users\User 1\AppData\Roaming\X10Receiver.NET ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 14:35:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User 1\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,45% Memory free
5,99 Gb Paging File | 4,77 Gb Available in Paging File | 79,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 115,60 Gb Free Space | 38,78% Space Free | Partition Type: NTFS
Drive F: | 240,95 Mb Total Space | 127,87 Mb Free Space | 53,07% Space Free | Partition Type: FAT32
Computer Name: USER1-PC | User Name: User 1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA7795-B315-4068-B252-F846ADCB11A4}" = rport=445 | protocol=6 | dir=out | app=system |
"{0BB12F77-9C90-48D0-9CE7-9D21D45000A3}" = rport=137 | protocol=17 | dir=out | app=system |
"{200533A3-C20D-4619-9F1E-5B0A67CDEE04}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{29B10AC1-D575-4B67-A8E7-C1A2DFB0D57D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{30BCFF4F-C14C-477C-B8A4-345C02BF3A6A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{404C1DA1-075E-4DED-B480-9BD9F8176841}" = lport=139 | protocol=6 | dir=in | app=system |
"{41847E14-EF6A-4DD5-9C79-2977F3FE7C64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B7E8D19-BA95-475E-AC6B-E41B0DCEB58F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CCCBC0A-FC4A-4F44-87BE-CBF89B2142F8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5358AC8B-AE30-480E-AD74-E088AD79E77F}" = lport=445 | protocol=6 | dir=in | app=system |
"{59956AE5-8FCC-40DA-894F-7A76DDAF0A9C}" = rport=138 | protocol=17 | dir=out | app=system |
"{67F0B680-2CCA-480C-BD58-88DCDC015836}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72D4B1D4-6009-46AE-A251-F2137BEF6A48}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C582013-E2EC-400B-9B11-C7D7ABA5C67C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D821895-8856-493B-8646-0F63B159A27A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABC6F194-635A-449C-9A8B-4E2073C7BA5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AD6A1A0A-03B1-4C70-9CD1-C2067EE570DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{CEAF2AE1-F9BF-4A2F-B678-E3914EB6B3B8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF3DB56F-10A6-4732-862D-28DD354276C9}" = rport=139 | protocol=6 | dir=out | app=system |
"{D0F145DB-A3BB-4B43-BACD-502ED9C38E5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D92B0609-E644-4FA6-9998-BB070F8DDF80}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E109C6D5-00DD-462B-8051-865356BB7EE1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB3D2E19-3390-4A67-873D-30B4E29C1525}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1173F20E-673D-4CFB-ACA8-E464E997EF3B}" = protocol=6 | dir=out | app=system |
"{1C1ED9CC-38D7-4AAC-BF03-6DAE10D9048E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4EDCDCAD-6BDC-4DB8-ADE3-5F065CDC61BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8B621A46-00F0-426F-8B5F-406454B6840D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8DFD76E2-4D6F-46BF-BDA5-91C62525F74A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A355A502-FF71-4909-82F5-CA55541087A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A90F37AD-158D-4BA0-A2FE-76C32378B15F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A9B31C75-3C0A-4C73-BEB6-4C603B07DF61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4A073B3-598D-4D2B-A74A-F00A99A416D6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BDAF98CD-5752-4210-860E-54ED4956ACBF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C93718B3-1996-4F14-83EB-93A3E953875F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CA271526-F5BD-421F-9D9B-4325563FD67D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBEE1936-694D-4629-B117-91FCDE7D4755}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7FD8B8C-7536-4986-A245-5F196ECBDFF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8F66029-2FA2-4D86-999D-3688F5581543}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EF4267E1-DBD0-4A05-B02D-6FC3B6AED1EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F0B9ED16-4A6A-41E3-B8EC-2A8B648081A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{09F157B7-5F36-44EF-8B42-A6CB6E3B8DF3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{21EC2607-C0BD-40E6-ACD0-5A2DEEEBAB15}C:\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\phonerlite\phonerlite.exe |
"TCP Query User{3BEE6CF7-1401-4AE6-A2D5-CE465D691C9B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"TCP Query User{49F6B3F2-204B-490F-8EFF-43D0267D5119}C:\mein tv v2.6\vlc.exe" = protocol=6 | dir=in | app=c:\mein tv v2.6\vlc.exe |
"TCP Query User{7426579B-709B-4C59-A2D6-BCCB27478603}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"TCP Query User{936A3F85-EFA0-4258-93AB-0169665F34FE}C:\program files\mein tv v2.4\vlc.exe" = protocol=6 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe |
"TCP Query User{9B37E488-6EF3-4716-980C-7061B0482613}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"TCP Query User{D126BB7C-2853-4C13-8E32-4581B32ECD05}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{EBB03D78-C928-49AD-8D6B-947F49554730}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"UDP Query User{0EA7A66D-D372-4849-94AA-E38788DF125B}C:\program files\ibm\spss\statistics\19\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\stats.exe |
"UDP Query User{26A2B299-7358-4E6A-BEB3-CAF29AC3E5D8}C:\mein tv v2.6\vlc.exe" = protocol=17 | dir=in | app=c:\mein tv v2.6\vlc.exe |
"UDP Query User{29D0A844-B55B-4D03-8540-5972E79ADAD9}C:\program files\mein tv v2.4\vlc.exe" = protocol=17 | dir=in | app=c:\program files\mein tv v2.4\vlc.exe |
"UDP Query User{465B4E38-4E22-45B9-9A84-1F24FACBFBE1}C:\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\phonerlite\phonerlite.exe |
"UDP Query User{7B2CB0E9-9710-4E9D-A793-B7FB35D42737}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"UDP Query User{9163191B-56C8-41F4-87FE-E60D54666F61}C:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{B607DCCF-A232-4855-8E17-B17D41F7751A}C:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\19\jre\bin\javaw.exe |
"UDP Query User{BC175B21-646C-4C08-9432-38CA0FBE02CE}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{CF766CA9-66AC-4A17-9887-EBDE92E8A032}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06C43FAA-7226-41EF-A05E-9AE0AA849FFE}" = IBM SPSS Statistics 19
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{304B71E3-1017-4717-86BC-F1D18519FEF2}" = IBM SPSS Amos 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5A3F5B7-60AD-4298-BB2F-7B4CEDBF3896}_is1" = X10Receiver.NET v2
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.8.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VLC media player" = VLC media player 2.0.5
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2013 12:13:47 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 03.06.2013 06:55:37 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 03.06.2013 06:56:01 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 05.06.2013 18:37:52 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 05.06.2013 18:38:17 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 17:27:04 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 17:27:27 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 08.06.2013 20:56:05 | Computer Name = User1-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 21.0.0.4879,
Zeitstempel: 0x518ec3cc Name des fehlerhaften Moduls: xul.dll, Version: 21.0.0.4879,
Zeitstempel: 0x518ec306 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001c9789 ID des fehlerhaften
Prozesses: 0xc14 Startzeit der fehlerhaften Anwendung: 0x01ce6498c3070b75 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 5c905c3a-d09f-11e2-866c-002269db33d6
Error - 09.06.2013 06:48:35 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack200.exe"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
Error - 09.06.2013 06:49:03 | Computer Name = User1-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll".
Fehler in Manifest- oder Richtliniendatei "C:\Program Files\IBM\SPSS\Statistics\19\JRE\bin\unpack.dll"
in Zeile 19. Der Wert "6.0.0.6u9b41" des "version"-Attributs im assemblyIdentity-Element
ist ungültig.
[ System Events ]
Error - 20.04.2013 07:19:54 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 21.04.2013 14:14:19 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 22.04.2013 13:32:28 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 23.04.2013 16:31:59 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:05 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:06 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 27.04.2013 03:58:07 | Computer Name = User1-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 30.04.2013 18:45:18 | Computer Name = User1-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 16:03:39
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\USER1~1\AppData\Local\Temp\pgloapob.sys
---- System - GMER 2.1 ----
SSDT 920F0336 ZwCreateSection
SSDT 920F0340 ZwRequestWaitReplyPort
SSDT 920F033B ZwSetContextThread
SSDT 920F0345 ZwSetSecurityObject
SSDT 920F034A ZwSystemDebugControl
SSDT 920F02D7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 8306C9A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8308C4F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 83093894 4 Bytes [36, 03, 0F, 92] {ADD ECX, [SS:EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 83093BF0 4 Bytes [40, 03, 0F, 92] {INC EAX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 83093C34 4 Bytes [3B, 03, 0F, 92]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 83093CB0 4 Bytes [45, 03, 0F, 92] {INC EBP; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 83093D04 4 Bytes [4A, 03, 0F, 92] {DEC EDX; ADD ECX, [EDI]; XCHG EDX, EAX}
.text ...
---- Devices - GMER 2.1 ----
Device \Driver\BTHUSB \Device\00000080 bthport.sys
Device \Driver\BTHUSB \Device\0000007e bthport.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269db33d6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269db33d6 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
09.06.2013, 15:11
| #2 |
| /// Malware-holic   | Und noch ein System Doctor 2014 Opfer Hi,
__________________otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SD2014] C:\Users\User 1\AppData\Roaming\9dfDadRV\9dfDadRV.exe ()
[2013.06.09 13:12:42 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014
[2013.06.09 13:07:35 | 000,000,000 | ---D | C] -- C:\Users\User 1\AppData\Roaming\9dfDadRV
[2013.06.09 13:12:42 | 000,001,868 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014.lnk
[2013.06.09 13:12:42 | 000,000,112 | ---- | M] () -- C:\Users\User 1\Desktop\System Doctor 2014 support.url
:files
:Commands
[emptytemp]
starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
09.06.2013, 15:30
| #3 |
| | Und noch ein System Doctor 2014 Opfer Erstmal vielen Dank dir für deine klasse Hilfestellung!
__________________Sieht so aus als wäre der Müll nach dem Neustart weg. zip File habe ich wie gefordert hochgeladen. Anbei auch das log File: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SD2014 deleted successfully.
C:\Users\User 1\AppData\Roaming\9dfDadRV\9dfDadRV.exe moved successfully.
C:\Users\User 1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Doctor 2014 folder moved successfully.
C:\Users\User 1\AppData\Roaming\9dfDadRV folder moved successfully.
C:\Users\User 1\Desktop\System Doctor 2014.lnk moved successfully.
C:\Users\User 1\Desktop\System Doctor 2014 support.url moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User 1
->Temp folder emptied: 2067488 bytes
->Temporary Internet Files folder emptied: 5925142 bytes
->Java cache emptied: 208003 bytes
->FireFox cache emptied: 65589302 bytes
->Flash cache emptied: 50316 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81684 bytes
RecycleBin emptied: 18150662527 bytes
Total Files Cleaned = 17.380,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06092013_162038
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
09.06.2013, 15:37
| #4 |
| /// Malware-holic | Und noch ein System Doctor 2014 Opfer thx, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.06.2013, 15:50
| #5 |
| | Und noch ein System Doctor 2014 Opfer Anbei der Report. Gefunden wurde nur noch X10 und das sollte meines Wissens der Treiber für meine Laptop Fernbedienung sein. Wars das damit? Code:
ATTFilter 16:43:35.0096 3940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:43:35.0206 3940 ============================================================
16:43:35.0206 3940 Current date / time: 2013/06/09 16:43:35.0206
16:43:35.0206 3940 SystemInfo:
16:43:35.0206 3940
16:43:35.0206 3940 OS Version: 6.1.7601 ServicePack: 1.0
16:43:35.0206 3940 Product type: Workstation
16:43:35.0206 3940 ComputerName: USER1-PC
16:43:35.0206 3940 UserName: User 1
16:43:35.0206 3940 Windows directory: C:\Windows
16:43:35.0206 3940 System windows directory: C:\Windows
16:43:35.0206 3940 Processor architecture: Intel x86
16:43:35.0206 3940 Number of processors: 2
16:43:35.0206 3940 Page size: 0x1000
16:43:35.0206 3940 Boot type: Normal boot
16:43:35.0206 3940 ============================================================
16:43:35.0752 3940 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:43:35.0752 3940 Drive \Device\Harddisk1\DR2 - Size: 0xF500000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:43:35.0752 3940 ============================================================
16:43:35.0752 3940 \Device\Harddisk0\DR0:
16:43:35.0752 3940 MBR partitions:
16:43:35.0752 3940 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:43:35.0752 3940 \Device\Harddisk1\DR2:
16:43:35.0752 3940 MBR partitions:
16:43:35.0752 3940 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x63, BlocksNum 0x7A79D
16:43:35.0752 3940 ============================================================
16:43:35.0783 3940 C: <-> \Device\Harddisk0\DR0\Partition1
16:43:35.0783 3940 ============================================================
16:43:35.0783 3940 Initialize success
16:43:35.0783 3940 ============================================================
16:44:21.0460 2852 ============================================================
16:44:21.0460 2852 Scan started
16:44:21.0460 2852 Mode: Manual; SigCheck; TDLFS;
16:44:21.0460 2852 ============================================================
16:44:21.0663 2852 ================ Scan system memory ========================
16:44:21.0663 2852 System memory - ok
16:44:21.0663 2852 ================ Scan services =============================
16:44:21.0834 2852 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:44:21.0959 2852 1394ohci - ok
16:44:21.0990 2852 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:44:22.0006 2852 ACPI - ok
16:44:22.0006 2852 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:44:22.0053 2852 AcpiPmi - ok
16:44:22.0099 2852 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:44:22.0131 2852 AdobeFlashPlayerUpdateSvc - ok
16:44:22.0162 2852 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:44:22.0193 2852 adp94xx - ok
16:44:22.0193 2852 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:44:22.0240 2852 adpahci - ok
16:44:22.0255 2852 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:44:22.0271 2852 adpu320 - ok
16:44:22.0287 2852 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:44:22.0349 2852 AeLookupSvc - ok
16:44:22.0380 2852 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:44:22.0411 2852 AFD - ok
16:44:22.0427 2852 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:44:22.0458 2852 agp440 - ok
16:44:22.0489 2852 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:44:22.0536 2852 aic78xx - ok
16:44:22.0567 2852 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:44:22.0614 2852 ALG - ok
16:44:22.0630 2852 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:44:22.0645 2852 aliide - ok
16:44:22.0645 2852 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:44:22.0661 2852 amdagp - ok
16:44:22.0692 2852 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:44:22.0708 2852 amdide - ok
16:44:22.0723 2852 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:44:22.0770 2852 AmdK8 - ok
16:44:22.0770 2852 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:44:22.0801 2852 AmdPPM - ok
16:44:22.0817 2852 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:44:22.0848 2852 amdsata - ok
16:44:22.0879 2852 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:44:22.0895 2852 amdsbs - ok
16:44:22.0911 2852 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:44:22.0926 2852 amdxata - ok
16:44:22.0973 2852 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:44:23.0004 2852 AntiVirSchedulerService - ok
16:44:23.0035 2852 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:44:23.0051 2852 AntiVirService - ok
16:44:23.0098 2852 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:44:23.0285 2852 AppID - ok
16:44:23.0316 2852 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:44:23.0394 2852 AppIDSvc - ok
16:44:23.0425 2852 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
16:44:23.0472 2852 Appinfo - ok
16:44:23.0519 2852 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:44:23.0535 2852 arc - ok
16:44:23.0550 2852 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:44:23.0581 2852 arcsas - ok
16:44:23.0659 2852 [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:44:23.0706 2852 aspnet_state - ok
16:44:23.0722 2852 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:44:23.0862 2852 AsyncMac - ok
16:44:23.0893 2852 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:44:23.0909 2852 atapi - ok
16:44:23.0940 2852 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:44:23.0987 2852 AudioEndpointBuilder - ok
16:44:24.0018 2852 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:44:24.0034 2852 Audiosrv - ok
16:44:24.0065 2852 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:44:24.0081 2852 avgntflt - ok
16:44:24.0112 2852 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:44:24.0127 2852 avipbb - ok
16:44:24.0143 2852 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:44:24.0159 2852 avkmgr - ok
16:44:24.0190 2852 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:44:24.0283 2852 AxInstSV - ok
16:44:24.0315 2852 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:44:24.0377 2852 b06bdrv - ok
16:44:24.0408 2852 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:44:24.0424 2852 b57nd60x - ok
16:44:24.0471 2852 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:44:24.0549 2852 BDESVC - ok
16:44:24.0549 2852 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:44:24.0595 2852 Beep - ok
16:44:24.0627 2852 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:44:24.0689 2852 BFE - ok
16:44:24.0720 2852 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:44:24.0767 2852 BITS - ok
16:44:24.0767 2852 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:44:24.0798 2852 blbdrive - ok
16:44:24.0829 2852 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:44:24.0861 2852 bowser - ok
16:44:24.0892 2852 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:44:24.0970 2852 BrFiltLo - ok
16:44:24.0985 2852 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:44:25.0017 2852 BrFiltUp - ok
16:44:25.0048 2852 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:44:25.0095 2852 Browser - ok
16:44:25.0126 2852 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:44:25.0173 2852 Brserid - ok
16:44:25.0188 2852 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:44:25.0219 2852 BrSerWdm - ok
16:44:25.0219 2852 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:44:25.0251 2852 BrUsbMdm - ok
16:44:25.0251 2852 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:44:25.0266 2852 BrUsbSer - ok
16:44:25.0313 2852 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:44:25.0375 2852 BthEnum - ok
16:44:25.0391 2852 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:44:25.0438 2852 BTHMODEM - ok
16:44:25.0469 2852 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:44:25.0485 2852 BthPan - ok
16:44:25.0516 2852 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:44:25.0547 2852 BTHPORT - ok
16:44:25.0594 2852 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:44:25.0625 2852 bthserv - ok
16:44:25.0641 2852 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:44:25.0656 2852 BTHUSB - ok
16:44:25.0687 2852 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
16:44:25.0703 2852 btwaudio - ok
16:44:25.0719 2852 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
16:44:25.0734 2852 btwavdt - ok
16:44:25.0781 2852 [ 7CAA4410C25026B9BEE85F6C7F86B19B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:44:25.0828 2852 btwdins - ok
16:44:25.0843 2852 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
16:44:25.0859 2852 btwl2cap - ok
16:44:25.0875 2852 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
16:44:25.0875 2852 btwrchid - ok
16:44:25.0906 2852 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:44:25.0953 2852 cdfs - ok
16:44:25.0984 2852 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:44:26.0031 2852 cdrom - ok
16:44:26.0046 2852 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:44:26.0093 2852 CertPropSvc - ok
16:44:26.0109 2852 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:44:26.0140 2852 circlass - ok
16:44:26.0155 2852 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:44:26.0171 2852 CLFS - ok
16:44:26.0249 2852 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:44:26.0296 2852 clr_optimization_v2.0.50727_32 - ok
16:44:26.0327 2852 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:44:26.0343 2852 clr_optimization_v4.0.30319_32 - ok
16:44:26.0358 2852 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:44:26.0374 2852 CmBatt - ok
16:44:26.0405 2852 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:44:26.0452 2852 cmdide - ok
16:44:26.0483 2852 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
16:44:26.0514 2852 CNG - ok
16:44:26.0530 2852 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:44:26.0545 2852 Compbatt - ok
16:44:26.0561 2852 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:44:26.0592 2852 CompositeBus - ok
16:44:26.0608 2852 COMSysApp - ok
16:44:26.0623 2852 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:44:26.0639 2852 crcdisk - ok
16:44:26.0670 2852 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:44:26.0701 2852 CryptSvc - ok
16:44:26.0733 2852 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:44:26.0764 2852 DcomLaunch - ok
16:44:26.0779 2852 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:44:26.0842 2852 defragsvc - ok
16:44:26.0873 2852 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:44:26.0935 2852 DfsC - ok
16:44:26.0967 2852 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:44:26.0982 2852 Dhcp - ok
16:44:27.0013 2852 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:44:27.0060 2852 discache - ok
16:44:27.0076 2852 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:44:27.0076 2852 Disk - ok
16:44:27.0107 2852 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:44:27.0154 2852 Dnscache - ok
16:44:27.0185 2852 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:44:27.0263 2852 dot3svc - ok
16:44:27.0279 2852 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:44:27.0325 2852 DPS - ok
16:44:27.0372 2852 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:44:27.0388 2852 drmkaud - ok
16:44:27.0435 2852 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:44:27.0497 2852 DXGKrnl - ok
16:44:27.0513 2852 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:44:27.0544 2852 EapHost - ok
16:44:27.0653 2852 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:44:27.0809 2852 ebdrv - ok
16:44:27.0825 2852 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:44:27.0887 2852 EFS - ok
16:44:27.0934 2852 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:44:28.0012 2852 ehRecvr - ok
16:44:28.0043 2852 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:44:28.0121 2852 ehSched - ok
16:44:28.0168 2852 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:44:28.0199 2852 elxstor - ok
16:44:28.0230 2852 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:44:28.0261 2852 ErrDev - ok
16:44:28.0308 2852 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:44:28.0355 2852 EventSystem - ok
16:44:28.0371 2852 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:44:28.0402 2852 exfat - ok
16:44:28.0433 2852 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:44:28.0464 2852 fastfat - ok
16:44:28.0495 2852 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:44:28.0605 2852 Fax - ok
16:44:28.0620 2852 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:44:28.0651 2852 fdc - ok
16:44:28.0667 2852 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:44:28.0714 2852 fdPHost - ok
16:44:28.0729 2852 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:44:28.0761 2852 FDResPub - ok
16:44:28.0761 2852 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:44:28.0776 2852 FileInfo - ok
16:44:28.0792 2852 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:44:28.0823 2852 Filetrace - ok
16:44:28.0839 2852 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:44:28.0870 2852 flpydisk - ok
16:44:28.0901 2852 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:44:28.0917 2852 FltMgr - ok
16:44:28.0979 2852 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:44:29.0073 2852 FontCache - ok
16:44:29.0119 2852 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:44:29.0135 2852 FontCache3.0.0.0 - ok
16:44:29.0135 2852 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:44:29.0151 2852 FsDepends - ok
16:44:29.0197 2852 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:44:29.0229 2852 Fs_Rec - ok
16:44:29.0260 2852 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:44:29.0275 2852 fvevol - ok
16:44:29.0307 2852 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:44:29.0322 2852 gagp30kx - ok
16:44:29.0353 2852 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:44:29.0400 2852 gpsvc - ok
16:44:29.0416 2852 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:44:29.0431 2852 hcw85cir - ok
16:44:29.0478 2852 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:44:29.0541 2852 HdAudAddService - ok
16:44:29.0572 2852 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:44:29.0603 2852 HDAudBus - ok
16:44:29.0634 2852 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:44:29.0650 2852 HidBatt - ok
16:44:29.0665 2852 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:44:29.0681 2852 HidBth - ok
16:44:29.0697 2852 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:44:29.0728 2852 HidIr - ok
16:44:29.0743 2852 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:44:29.0775 2852 hidserv - ok
16:44:29.0806 2852 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:44:29.0821 2852 HidUsb - ok
16:44:29.0853 2852 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:44:29.0915 2852 hkmsvc - ok
16:44:29.0931 2852 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:44:29.0977 2852 HomeGroupListener - ok
16:44:29.0993 2852 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:44:30.0040 2852 HomeGroupProvider - ok
16:44:30.0071 2852 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:44:30.0087 2852 HpSAMD - ok
16:44:30.0133 2852 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:44:30.0196 2852 HTTP - ok
16:44:30.0227 2852 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:44:30.0227 2852 hwpolicy - ok
16:44:30.0258 2852 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:44:30.0305 2852 i8042prt - ok
16:44:30.0321 2852 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:44:30.0336 2852 iaStor - ok
16:44:30.0352 2852 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:44:30.0383 2852 iaStorV - ok
16:44:30.0445 2852 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:44:30.0555 2852 idsvc - ok
16:44:30.0601 2852 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:44:30.0617 2852 iirsp - ok
16:44:30.0679 2852 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:44:30.0757 2852 IKEEXT - ok
16:44:30.0773 2852 IntcAzAudAddService - ok
16:44:30.0789 2852 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:44:30.0804 2852 intelide - ok
16:44:30.0820 2852 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:44:30.0851 2852 intelppm - ok
16:44:30.0867 2852 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:44:30.0913 2852 IPBusEnum - ok
16:44:30.0929 2852 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:44:30.0976 2852 IpFilterDriver - ok
16:44:31.0007 2852 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:44:31.0038 2852 iphlpsvc - ok
16:44:31.0054 2852 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:44:31.0069 2852 IPMIDRV - ok
16:44:31.0085 2852 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:44:31.0132 2852 IPNAT - ok
16:44:31.0163 2852 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:44:31.0241 2852 IRENUM - ok
16:44:31.0257 2852 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:44:31.0288 2852 isapnp - ok
16:44:31.0288 2852 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:44:31.0319 2852 iScsiPrt - ok
16:44:31.0350 2852 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:44:31.0366 2852 kbdclass - ok
16:44:31.0381 2852 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:44:31.0413 2852 kbdhid - ok
16:44:31.0428 2852 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:44:31.0444 2852 KeyIso - ok
16:44:31.0459 2852 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:44:31.0491 2852 KSecDD - ok
16:44:31.0506 2852 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:44:31.0522 2852 KSecPkg - ok
16:44:31.0553 2852 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:44:31.0600 2852 KtmRm - ok
16:44:31.0647 2852 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:44:31.0725 2852 LanmanServer - ok
16:44:31.0771 2852 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:44:31.0818 2852 LanmanWorkstation - ok
16:44:31.0865 2852 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:44:31.0912 2852 lltdio - ok
16:44:31.0943 2852 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:44:31.0990 2852 lltdsvc - ok
16:44:32.0005 2852 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:44:32.0037 2852 lmhosts - ok
16:44:32.0083 2852 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:44:32.0099 2852 LSI_FC - ok
16:44:32.0115 2852 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:44:32.0130 2852 LSI_SAS - ok
16:44:32.0130 2852 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:44:32.0146 2852 LSI_SAS2 - ok
16:44:32.0161 2852 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:44:32.0177 2852 LSI_SCSI - ok
16:44:32.0193 2852 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:44:32.0224 2852 luafv - ok
16:44:32.0271 2852 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:44:32.0317 2852 Mcx2Svc - ok
16:44:32.0349 2852 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:44:32.0364 2852 megasas - ok
16:44:32.0380 2852 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:44:32.0411 2852 MegaSR - ok
16:44:32.0427 2852 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:44:32.0458 2852 MMCSS - ok
16:44:32.0473 2852 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:44:32.0505 2852 Modem - ok
16:44:32.0520 2852 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:44:32.0551 2852 monitor - ok
16:44:32.0583 2852 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:44:32.0598 2852 mouclass - ok
16:44:32.0629 2852 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:44:32.0692 2852 mouhid - ok
16:44:32.0723 2852 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:44:32.0739 2852 mountmgr - ok
16:44:32.0801 2852 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:44:32.0832 2852 MozillaMaintenance - ok
16:44:32.0848 2852 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:44:32.0879 2852 mpio - ok
16:44:32.0895 2852 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:44:32.0941 2852 mpsdrv - ok
16:44:32.0973 2852 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:44:33.0035 2852 MpsSvc - ok
16:44:33.0051 2852 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:44:33.0082 2852 MRxDAV - ok
16:44:33.0113 2852 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:44:33.0144 2852 mrxsmb - ok
16:44:33.0160 2852 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:44:33.0191 2852 mrxsmb10 - ok
16:44:33.0191 2852 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:44:33.0207 2852 mrxsmb20 - ok
16:44:33.0238 2852 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:44:33.0285 2852 msahci - ok
16:44:33.0300 2852 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:44:33.0316 2852 msdsm - ok
16:44:33.0347 2852 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:44:33.0378 2852 MSDTC - ok
16:44:33.0394 2852 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:44:33.0425 2852 Msfs - ok
16:44:33.0441 2852 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:44:33.0472 2852 mshidkmdf - ok
16:44:33.0472 2852 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:44:33.0487 2852 msisadrv - ok
16:44:33.0519 2852 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:44:33.0550 2852 MSiSCSI - ok
16:44:33.0565 2852 msiserver - ok
16:44:33.0581 2852 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:44:33.0612 2852 MSKSSRV - ok
16:44:33.0628 2852 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:44:33.0659 2852 MSPCLOCK - ok
16:44:33.0675 2852 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:44:33.0706 2852 MSPQM - ok
16:44:33.0721 2852 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:44:33.0721 2852 MsRPC - ok
16:44:33.0753 2852 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:44:33.0768 2852 mssmbios - ok
16:44:33.0768 2852 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:44:33.0799 2852 MSTEE - ok
16:44:33.0815 2852 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:44:33.0831 2852 MTConfig - ok
16:44:33.0862 2852 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:44:33.0862 2852 Mup - ok
16:44:33.0909 2852 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:44:33.0955 2852 napagent - ok
16:44:33.0987 2852 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:44:34.0049 2852 NativeWifiP - ok
16:44:34.0080 2852 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:44:34.0127 2852 NDIS - ok
16:44:34.0127 2852 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:44:34.0174 2852 NdisCap - ok
16:44:34.0189 2852 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:44:34.0221 2852 NdisTapi - ok
16:44:34.0252 2852 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:44:34.0283 2852 Ndisuio - ok
16:44:34.0314 2852 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:44:34.0361 2852 NdisWan - ok
16:44:34.0377 2852 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:44:34.0408 2852 NDProxy - ok
16:44:34.0455 2852 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:44:34.0501 2852 NetBIOS - ok
16:44:34.0517 2852 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:44:34.0579 2852 NetBT - ok
16:44:34.0595 2852 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:44:34.0611 2852 Netlogon - ok
16:44:34.0642 2852 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:44:34.0689 2852 Netman - ok
16:44:34.0735 2852 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:44:34.0798 2852 NetMsmqActivator - ok
16:44:34.0829 2852 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:44:34.0829 2852 NetPipeActivator - ok
16:44:34.0860 2852 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:44:34.0891 2852 netprofm - ok
16:44:34.0907 2852 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:44:34.0923 2852 NetTcpActivator - ok
16:44:34.0923 2852 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:44:34.0938 2852 NetTcpPortSharing - ok
16:44:35.0125 2852 [ 5B2DFA9C5C02DDF2A113CC0F551B59DF ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
16:44:35.0391 2852 NETw5s32 - ok
16:44:35.0531 2852 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
16:44:35.0734 2852 netw5v32 - ok
16:44:35.0765 2852 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:44:35.0781 2852 nfrd960 - ok
16:44:35.0812 2852 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:44:35.0843 2852 NlaSvc - ok
16:44:35.0859 2852 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:44:35.0890 2852 Npfs - ok
16:44:35.0905 2852 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:44:35.0937 2852 nsi - ok
16:44:35.0952 2852 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:44:35.0983 2852 nsiproxy - ok
16:44:36.0030 2852 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:44:36.0061 2852 Ntfs - ok
16:44:36.0093 2852 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:44:36.0124 2852 Null - ok
16:44:36.0186 2852 [ A103F2A100B091809A120A1463BC9EB5 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:44:36.0233 2852 NVHDA - ok
16:44:36.0483 2852 [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:44:36.0623 2852 nvlddmkm - ok
16:44:36.0685 2852 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:44:36.0732 2852 nvraid - ok
16:44:36.0748 2852 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:44:36.0763 2852 nvstor - ok
16:44:36.0841 2852 [ 439FD6A5A34113388C51C48D0E5092AA ] nvsvc C:\Windows\system32\nvvsvc.exe
16:44:36.0904 2852 nvsvc - ok
16:44:36.0966 2852 [ E3C7676582502C5E4BB9288C3617AB59 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:44:37.0029 2852 nvUpdatusService - ok
16:44:37.0075 2852 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:44:37.0091 2852 nv_agp - ok
16:44:37.0107 2852 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:44:37.0138 2852 ohci1394 - ok
16:44:37.0169 2852 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:44:37.0216 2852 p2pimsvc - ok
16:44:37.0247 2852 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:44:37.0263 2852 p2psvc - ok
16:44:37.0278 2852 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:44:37.0309 2852 Parport - ok
16:44:37.0325 2852 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:44:37.0341 2852 partmgr - ok
16:44:37.0341 2852 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:44:37.0372 2852 Parvdm - ok
16:44:37.0403 2852 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:44:37.0434 2852 PcaSvc - ok
16:44:37.0481 2852 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:44:37.0512 2852 pci - ok
16:44:37.0512 2852 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:44:37.0528 2852 pciide - ok
16:44:37.0559 2852 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:44:37.0575 2852 pcmcia - ok
16:44:37.0575 2852 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:44:37.0590 2852 pcw - ok
16:44:37.0621 2852 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:44:37.0684 2852 PEAUTH - ok
16:44:37.0762 2852 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:44:37.0871 2852 pla - ok
16:44:37.0902 2852 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:44:37.0933 2852 PlugPlay - ok
16:44:37.0949 2852 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:44:37.0980 2852 PNRPAutoReg - ok
16:44:37.0996 2852 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:44:38.0011 2852 PNRPsvc - ok
16:44:38.0027 2852 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:44:38.0074 2852 PolicyAgent - ok
16:44:38.0105 2852 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:44:38.0167 2852 Power - ok
16:44:38.0183 2852 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:44:38.0230 2852 PptpMiniport - ok
16:44:38.0245 2852 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:44:38.0261 2852 Processor - ok
16:44:38.0308 2852 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:44:38.0323 2852 ProfSvc - ok
16:44:38.0339 2852 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:44:38.0355 2852 ProtectedStorage - ok
16:44:38.0386 2852 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:44:38.0401 2852 Psched - ok
16:44:38.0464 2852 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:44:38.0589 2852 ql2300 - ok
16:44:38.0635 2852 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:44:38.0651 2852 ql40xx - ok
16:44:38.0682 2852 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:44:38.0729 2852 QWAVE - ok
16:44:38.0745 2852 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:44:38.0745 2852 QWAVEdrv - ok
16:44:38.0776 2852 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:44:38.0791 2852 RasAcd - ok
16:44:38.0823 2852 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:44:38.0854 2852 RasAgileVpn - ok
16:44:38.0869 2852 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:44:38.0916 2852 RasAuto - ok
16:44:38.0932 2852 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:44:38.0979 2852 Rasl2tp - ok
16:44:39.0025 2852 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:44:39.0057 2852 RasMan - ok
16:44:39.0072 2852 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:39.0103 2852 RasPppoe - ok
16:44:39.0135 2852 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:44:39.0181 2852 RasSstp - ok
16:44:39.0197 2852 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:44:39.0228 2852 rdbss - ok
16:44:39.0244 2852 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:44:39.0275 2852 rdpbus - ok
16:44:39.0291 2852 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:44:39.0322 2852 RDPCDD - ok
16:44:39.0337 2852 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:44:39.0369 2852 RDPENCDD - ok
16:44:39.0369 2852 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:44:39.0400 2852 RDPREFMP - ok
16:44:39.0447 2852 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:44:39.0509 2852 RdpVideoMiniport - ok
16:44:39.0525 2852 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:44:39.0571 2852 RDPWD - ok
16:44:39.0603 2852 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:44:39.0618 2852 rdyboost - ok
16:44:39.0649 2852 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:44:39.0681 2852 RemoteAccess - ok
16:44:39.0712 2852 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:44:39.0759 2852 RemoteRegistry - ok
16:44:39.0805 2852 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:44:39.0821 2852 RFCOMM - ok
16:44:39.0852 2852 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:44:39.0883 2852 RpcEptMapper - ok
16:44:39.0899 2852 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:44:39.0915 2852 RpcLocator - ok
16:44:39.0946 2852 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:44:39.0961 2852 RpcSs - ok
16:44:39.0993 2852 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:44:40.0024 2852 rspndr - ok
16:44:40.0055 2852 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys
16:44:40.0071 2852 SABI - ok
16:44:40.0086 2852 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:44:40.0102 2852 SamSs - ok
16:44:40.0133 2852 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:44:40.0149 2852 sbp2port - ok
16:44:40.0180 2852 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:44:40.0211 2852 SCardSvr - ok
16:44:40.0242 2852 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:44:40.0289 2852 scfilter - ok
16:44:40.0320 2852 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:44:40.0383 2852 Schedule - ok
16:44:40.0383 2852 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:44:40.0414 2852 SCPolicySvc - ok
16:44:40.0445 2852 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:44:40.0523 2852 SDRSVC - ok
16:44:40.0570 2852 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:44:40.0617 2852 secdrv - ok
16:44:40.0648 2852 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:44:40.0726 2852 seclogon - ok
16:44:40.0741 2852 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:44:40.0773 2852 SENS - ok
16:44:40.0788 2852 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:44:40.0851 2852 SensrSvc - ok
16:44:40.0866 2852 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:44:40.0897 2852 Serenum - ok
16:44:40.0897 2852 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:44:40.0929 2852 Serial - ok
16:44:40.0960 2852 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:44:40.0975 2852 sermouse - ok
16:44:41.0022 2852 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:44:41.0069 2852 SessionEnv - ok
16:44:41.0100 2852 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:44:41.0163 2852 sffdisk - ok
16:44:41.0163 2852 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:44:41.0194 2852 sffp_mmc - ok
16:44:41.0194 2852 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:44:41.0225 2852 sffp_sd - ok
16:44:41.0241 2852 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:44:41.0256 2852 sfloppy - ok
16:44:41.0287 2852 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:44:41.0334 2852 SharedAccess - ok
16:44:41.0365 2852 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:44:41.0397 2852 ShellHWDetection - ok
16:44:41.0412 2852 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:44:41.0428 2852 sisagp - ok
16:44:41.0459 2852 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:44:41.0475 2852 SiSRaid2 - ok
16:44:41.0490 2852 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:44:41.0506 2852 SiSRaid4 - ok
16:44:41.0568 2852 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:44:41.0646 2852 SkypeUpdate - ok
16:44:41.0662 2852 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:44:41.0693 2852 Smb - ok
16:44:41.0724 2852 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:44:41.0740 2852 SNMPTRAP - ok
16:44:41.0755 2852 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:44:41.0771 2852 spldr - ok
16:44:41.0818 2852 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:44:41.0849 2852 Spooler - ok
16:44:41.0943 2852 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:44:42.0083 2852 sppsvc - ok
16:44:42.0099 2852 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:44:42.0145 2852 sppuinotify - ok
16:44:42.0161 2852 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:44:42.0208 2852 srv - ok
16:44:42.0223 2852 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:44:42.0255 2852 srv2 - ok
16:44:42.0255 2852 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:44:42.0270 2852 srvnet - ok
16:44:42.0301 2852 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:44:42.0348 2852 SSDPSRV - ok
16:44:42.0379 2852 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:44:42.0379 2852 ssmdrv - ok
16:44:42.0395 2852 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:44:42.0426 2852 SstpSvc - ok
16:44:42.0457 2852 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:44:42.0473 2852 stexstor - ok
16:44:42.0535 2852 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:44:42.0613 2852 StiSvc - ok
16:44:42.0629 2852 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:44:42.0645 2852 swenum - ok
16:44:42.0676 2852 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:44:42.0707 2852 swprv - ok
16:44:42.0738 2852 [ CA0112946ABE906A7A71A543C6D9987E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:44:42.0754 2852 SynTP - ok
16:44:42.0801 2852 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:44:42.0863 2852 SysMain - ok
16:44:42.0879 2852 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:44:42.0894 2852 TabletInputService - ok
16:44:42.0941 2852 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:44:42.0957 2852 TapiSrv - ok
16:44:42.0972 2852 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:44:43.0019 2852 TBS - ok
16:44:43.0050 2852 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:44:43.0128 2852 Tcpip - ok
16:44:43.0191 2852 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:44:43.0222 2852 TCPIP6 - ok
16:44:43.0253 2852 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:44:43.0269 2852 tcpipreg - ok
16:44:43.0300 2852 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:44:43.0347 2852 TDPIPE - ok
16:44:43.0362 2852 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:44:43.0393 2852 TDTCP - ok
16:44:43.0425 2852 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:44:43.0456 2852 tdx - ok
16:44:43.0471 2852 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:44:43.0487 2852 TermDD - ok
16:44:43.0518 2852 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:44:43.0565 2852 TermService - ok
16:44:43.0596 2852 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:44:43.0612 2852 Themes - ok
16:44:43.0627 2852 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:44:43.0659 2852 THREADORDER - ok
16:44:43.0674 2852 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:44:43.0705 2852 TrkWks - ok
16:44:43.0752 2852 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:44:43.0830 2852 TrustedInstaller - ok
16:44:43.0846 2852 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:43.0908 2852 tssecsrv - ok
16:44:43.0955 2852 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:44:43.0986 2852 TsUsbFlt - ok
16:44:44.0095 2852 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
16:44:44.0173 2852 TuneUp.UtilitiesSvc - ok
16:44:44.0205 2852 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
16:44:44.0220 2852 TuneUpUtilitiesDrv - ok
16:44:44.0267 2852 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:44:44.0314 2852 tunnel - ok
16:44:44.0361 2852 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:44:44.0376 2852 uagp35 - ok
16:44:44.0392 2852 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:44:44.0439 2852 udfs - ok
16:44:44.0470 2852 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:44:44.0501 2852 UI0Detect - ok
16:44:44.0548 2852 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:44:44.0563 2852 uliagpkx - ok
16:44:44.0595 2852 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:44:44.0610 2852 umbus - ok
16:44:44.0626 2852 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:44:44.0657 2852 UmPass - ok
16:44:44.0673 2852 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:44:44.0704 2852 upnphost - ok
16:44:44.0719 2852 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:44.0735 2852 usbccgp - ok
16:44:44.0766 2852 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:44:44.0813 2852 usbcir - ok
16:44:44.0813 2852 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:44:44.0829 2852 usbehci - ok
16:44:44.0875 2852 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:44:44.0891 2852 usbhub - ok
16:44:44.0907 2852 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:44:44.0922 2852 usbohci - ok
16:44:44.0953 2852 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:44:44.0969 2852 usbprint - ok
16:44:45.0000 2852 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:45.0031 2852 USBSTOR - ok
16:44:45.0031 2852 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:44:45.0047 2852 usbuhci - ok
16:44:45.0078 2852 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:44:45.0109 2852 usbvideo - ok
16:44:45.0125 2852 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:44:45.0187 2852 UxSms - ok
16:44:45.0250 2852 [ 57324E62405EC114C6C1A6F1C9704E8F ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:44:45.0265 2852 UxTuneUp - ok
16:44:45.0281 2852 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:44:45.0297 2852 VaultSvc - ok
16:44:45.0312 2852 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:44:45.0328 2852 vdrvroot - ok
16:44:45.0375 2852 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:44:45.0484 2852 vds - ok
16:44:45.0515 2852 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:45.0562 2852 vga - ok
16:44:45.0577 2852 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:44:45.0609 2852 VgaSave - ok
16:44:45.0640 2852 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:44:45.0655 2852 vhdmp - ok
16:44:45.0687 2852 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:44:45.0702 2852 viaagp - ok
16:44:45.0718 2852 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:44:45.0733 2852 ViaC7 - ok
16:44:45.0765 2852 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:44:45.0780 2852 viaide - ok
16:44:45.0796 2852 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:44:45.0811 2852 volmgr - ok
16:44:45.0811 2852 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:44:45.0827 2852 volmgrx - ok
16:44:45.0843 2852 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:44:45.0858 2852 volsnap - ok
16:44:45.0889 2852 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:44:45.0936 2852 vsmraid - ok
16:44:45.0983 2852 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:44:46.0092 2852 VSS - ok
16:44:46.0108 2852 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:44:46.0123 2852 vwifibus - ok
16:44:46.0139 2852 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:44:46.0170 2852 vwififlt - ok
16:44:46.0201 2852 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:44:46.0233 2852 W32Time - ok
16:44:46.0248 2852 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:44:46.0295 2852 WacomPen - ok
16:44:46.0311 2852 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:44:46.0342 2852 WANARP - ok
16:44:46.0342 2852 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:44:46.0373 2852 Wanarpv6 - ok
16:44:46.0420 2852 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:44:46.0529 2852 wbengine - ok
16:44:46.0560 2852 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:44:46.0607 2852 WbioSrvc - ok
16:44:46.0623 2852 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:44:46.0669 2852 wcncsvc - ok
16:44:46.0685 2852 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:46.0716 2852 WcsPlugInService - ok
16:44:46.0747 2852 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:44:46.0763 2852 Wd - ok
16:44:46.0794 2852 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:44:46.0841 2852 Wdf01000 - ok
16:44:46.0857 2852 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:44:46.0935 2852 WdiServiceHost - ok
16:44:46.0935 2852 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:44:46.0950 2852 WdiSystemHost - ok
16:44:46.0981 2852 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:44:47.0028 2852 WebClient - ok
16:44:47.0059 2852 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:44:47.0091 2852 Wecsvc - ok
16:44:47.0122 2852 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:44:47.0169 2852 wercplsupport - ok
16:44:47.0200 2852 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:44:47.0231 2852 WerSvc - ok
16:44:47.0262 2852 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:47.0293 2852 WfpLwf - ok
16:44:47.0309 2852 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:44:47.0325 2852 WIMMount - ok
16:44:47.0387 2852 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:44:47.0481 2852 WinDefend - ok
16:44:47.0496 2852 WinHttpAutoProxySvc - ok
16:44:47.0559 2852 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:44:47.0605 2852 Winmgmt - ok
16:44:47.0668 2852 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:44:47.0777 2852 WinRM - ok
16:44:47.0824 2852 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:44:47.0933 2852 Wlansvc - ok
16:44:47.0949 2852 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:44:47.0964 2852 WmiAcpi - ok
16:44:47.0995 2852 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:44:48.0027 2852 wmiApSrv - ok
16:44:48.0120 2852 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:44:48.0183 2852 WMPNetworkSvc - ok
16:44:48.0214 2852 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:44:48.0276 2852 WPCSvc - ok
16:44:48.0307 2852 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:44:48.0323 2852 WPDBusEnum - ok
16:44:48.0354 2852 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:44:48.0401 2852 ws2ifsl - ok
16:44:48.0417 2852 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:44:48.0448 2852 wscsvc - ok
16:44:48.0448 2852 WSearch - ok
16:44:48.0526 2852 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:44:48.0635 2852 wuauserv - ok
16:44:48.0666 2852 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:44:48.0682 2852 WudfPf - ok
16:44:48.0697 2852 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:48.0729 2852 WUDFRd - ok
16:44:48.0760 2852 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:44:48.0791 2852 wudfsvc - ok
16:44:48.0807 2852 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:44:48.0838 2852 WwanSvc - ok
16:44:48.0885 2852 [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
16:44:48.0916 2852 X10Hid - ok
16:44:48.0994 2852 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
16:44:48.0994 2852 x10nets ( UnsignedFile.Multi.Generic ) - warning
16:44:49.0009 2852 x10nets - detected UnsignedFile.Multi.Generic (1)
16:44:49.0025 2852 [ 2A35913CFE96E7B19097C9A1C3BC5182 ] X10UIF C:\Windows\system32\Drivers\x10uif.sys
16:44:49.0041 2852 X10UIF - ok
16:44:49.0087 2852 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
16:44:49.0087 2852 XUIF - ok
16:44:49.0134 2852 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:44:49.0181 2852 yukonw7 - ok
16:44:49.0181 2852 ================ Scan global ===============================
16:44:49.0197 2852 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:44:49.0228 2852 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:44:49.0243 2852 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:44:49.0259 2852 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:44:49.0306 2852 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:44:49.0321 2852 [Global] - ok
16:44:49.0321 2852 ================ Scan MBR ==================================
16:44:49.0337 2852 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:44:49.0789 2852 \Device\Harddisk0\DR0 - ok
16:44:49.0805 2852 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
16:44:50.0070 2852 \Device\Harddisk1\DR2 - ok
16:44:50.0070 2852 ================ Scan VBR ==================================
16:44:50.0070 2852 [ 7276D7581F5663F3050E579A99C7F005 ] \Device\Harddisk0\DR0\Partition1
16:44:50.0070 2852 \Device\Harddisk0\DR0\Partition1 - ok
16:44:50.0086 2852 [ 7B46CED370957BFF80D0527196ABC76E ] \Device\Harddisk1\DR2\Partition1
16:44:50.0086 2852 \Device\Harddisk1\DR2\Partition1 - ok
16:44:50.0086 2852 ============================================================
16:44:50.0086 2852 Scan finished
16:44:50.0086 2852 ============================================================
16:44:50.0117 2476 Detected object count: 1
16:44:50.0117 2476 Actual detected object count: 1
16:45:08.0416 2476 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:08.0416 2476 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
09.06.2013, 17:11
| #6 |
| /// Malware-holic | Und noch ein System Doctor 2014 Opfer Hi, Scan mit Combofix
__________________ --> Und noch ein System Doctor 2014 Opfer |
|
10.06.2013, 11:54
| #7 |
| | Und noch ein System Doctor 2014 OpferCode:
ATTFilter ComboFix 13-06-08.02 - User 1 10.06.2013 12:39:36.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3067.2226 [GMT 2:00]
ausgeführt von:: c:\users\User 1\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-10 bis 2013-06-10 ))))))))))))))))))))))))))))))
.
.
2013-06-09 14:20 . 2013-06-09 14:26 -------- d-----w- C:\_OTL
2013-06-07 10:41 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7B67F9FE-EB35-43C0-B9AB-F01A5A1EDD46}\mpengine.dll
2013-05-15 21:34 . 2013-03-19 04:53 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 21:34 . 2013-03-19 03:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 21:34 . 2013-04-10 03:14 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 21:34 . 2013-04-10 05:18 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 21:34 . 2013-04-10 05:18 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 21:34 . 2013-02-27 05:05 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 21:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-15 21:34 . 2013-02-27 04:49 47104 ----a-w- c:\windows\system32\appinfo.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 21:55 . 2012-11-04 20:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 21:55 . 2012-11-04 20:26 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 00:06 . 2012-11-04 20:48 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 21:34 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 21:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 09:41 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 09:25 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 09:25 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 09:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 09:25 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-15 05:46 . 2013-04-02 18:41 8952608 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:46 . 2013-04-02 18:41 6271872 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:46 . 2013-04-02 18:41 20542752 ----a-w- c:\windows\system32\nvoglv32.dll
2013-03-15 05:46 . 2013-04-02 18:41 13088000 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-03-15 05:46 . 2013-04-02 18:41 892704 ----a-w- c:\windows\system32\nvdispgenco3231422.dll
2013-03-15 05:46 . 2013-04-02 18:41 7959000 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:46 . 2013-04-02 18:41 2728736 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:46 . 2013-04-02 18:41 1995552 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:46 . 2013-04-02 18:41 15042928 ----a-w- c:\windows\system32\nvd3dum.dll
2013-03-15 05:46 . 2013-04-02 18:41 1012512 ----a-w- c:\windows\system32\nvdispco3231422.dll
2013-03-15 05:46 . 2013-04-02 18:41 2539128 ----a-w- c:\windows\system32\nvapi.dll
2013-03-15 05:46 . 2013-04-02 18:41 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 02:59 . 2013-04-02 18:43 4119328 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 02:59 . 2013-04-02 18:43 3014432 ----a-w- c:\windows\system32\nvsvc.dll
2013-03-15 02:59 . 2013-04-02 18:43 634144 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 02:59 . 2013-04-02 18:43 2555168 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-15 02:59 . 2013-04-02 18:43 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 02:59 . 2013-04-02 18:43 223008 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-26 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-11-26 86224]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-28 1724192]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-11-16 10088]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 21:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\15xf9788.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10 12:45:07
ComboFix-quarantined-files.txt 2013-06-10 10:45
.
Vor Suchlauf: 17 Verzeichnis(se), 142.134.517.760 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 142.042.058.752 Bytes frei
.
- - End Of File - - D6D1CF1E6D53A3132D31EF0115B07236
A36C5E4F47E84449FF07ED3517B43A31
|
|
10.06.2013, 12:03
| #8 |
| /// Malware-holic | Und noch ein System Doctor 2014 Opfer Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Und noch ein System Doctor 2014 Opfer |
| 7-zip, antivir, application/pdf:, autorun, avg, avira, bho, dringend, error, fehler, firefox, flash player, format, helper, home, install.exe, logfile, mozilla, plug-in, registry, richtlinie, rundll, scan, security, software, svchost.exe, system, tracker, udp, windows |
Textbox. 
WARNUNG an die MITLESER: 
Hybrid-Darstellung
