| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: wssetup.exe - Virus ja/ nein?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2013, 14:59
| #1 |
 |  wssetup.exe - Virus ja/ nein? Hi, hatte mal vor einiger Zeit Sweet Home 3D. Wie ich schon wo anderes gelesen habe, ist dies von Perion Network ltd. Seit nun ca. ein - 2 wochen kommt immer beim neustart die anfrage ob ich wssetup.exe ausführen will. -> Ist dies ein Virus ja/ nein? -> Wenn ja: Wie schädlich ist er? (Hab mich weiterhin überall eingeloggt Facebook etc.) -> Ich habe schon gelesen, dass es zur Bereinigung Anleitungen hier im Forum gibt. Muss ich die befolgen oder reicht es wenn ich einfach dem Pfad folge und wssetup.exe lösche? |
|
11.06.2013, 15:10
| #2 |
| /// Malware-holic   |  wssetup.exe - Virus ja/ nein? hi warscheinlich adware
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
11.06.2013, 15:27
| #3 |
| | wssetup.exe - Virus ja/ nein? Danke für die schnelle antwort! hier die log-files:
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 11.06.2013 16:31:21 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 56,28% Memory free 7,60 Gb Paging File | 6,02 Gb Available in Paging File | 79,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 424,66 Gb Total Space | 272,44 Gb Free Space | 64,15% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 20,45 Gb Free Space | 51,13% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.11 16:08:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe PRC - [2012.08.15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2012.05.29 15:50:04 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe PRC - [2010.01.13 10:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WButton.exe PRC - [2009.12.14 11:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files (x86)\Launch Manager\HotkeyApp.exe PRC - [2009.12.11 15:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\OSD.exe PRC - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe PRC - [2009.11.02 15:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2013.05.27 10:58:08 | 000,016,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe MOD - [2013.05.27 10:56:42 | 000,382,976 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.1.22\wincfi39.dll MOD - [2009.11.02 15:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 15:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService) SRV:64bit: - [2007.05.29 12:06:05 | 001,053,104 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdfcoms.exe -- (lxdf_device) SRV:64bit: - [2007.05.29 12:05:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) SRV - [2013.05.26 13:12:28 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.15 18:47:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.15 12:08:44 | 002,467,664 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 19:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe -- (NIS) SRV - [2012.09.15 22:29:18 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.10 09:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.10 09:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.11.07 04:46:52 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets) SRV - [2009.10.22 17:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe -- (WisLMSvc) SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdfcoms.exe -- (lxdf_device) SRV - [2007.05.29 12:05:48 | 000,033,712 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.03 21:58:49 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.08.08 19:50:44 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM) DRV:64bit: - [2012.07.28 02:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.04.01 10:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010.02.10 16:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.01.08 04:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.22 19:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.12.11 05:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.18 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.13 17:39:42 | 000,909,408 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764) DRV:64bit: - [2009.07.31 03:46:22 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 13:47:44 | 000,032,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF) DRV:64bit: - [2009.05.13 13:26:14 | 000,015,896 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10hid.sys -- (X10Hid) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.05.22 15:06:46 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\ex64.sys -- (NAVEX15) DRV - [2013.05.22 15:06:46 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\eng64.sys -- (NAVENG) DRV - [2012.11.30 17:26:28 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130608.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2F868CD0-AD97-437E-BD93-53B418FA2571}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=b4f8336b-4611-44f0-923f-349b2900928c&apn_sauid=4F0BF6F6-C7F4-4908-9EB2-CFC93614F817 IE - HKCU\..\SearchScopes\{873ACA02-5E0E-4BF3-A16C-1A3217884D7A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10001&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.cojobo.net/proxy.pac." FF - prefs.js..network.proxy.backup.ftp: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "proxy-1.cojobo.net" FF - prefs.js..network.proxy.ssl_port: 3128 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.12.03 21:59:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.06.11 15:40:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.15 16:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2013.05.25 23:47:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions [2013.05.20 11:45:13 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.09.15 16:39:32 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91} [2013.05.16 17:19:58 | 000,000,000 | ---D | M] (WOT) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.15 16:36:44 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\Foxdie@tanjihay.com [2013.04.05 15:30:34 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\ich@maltegoetz.de [2012.09.23 14:03:28 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\n1faaxrq.default\extensions\toolbar@stumbleupon.com [2013.05.25 23:47:23 | 002,168,615 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\extensions\firebug@software.joehewitt.com.xpi [2013.05.08 19:34:02 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.15 20:36:58 | 000,002,322 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\searchplugins\askcom.xml [2013.06.11 15:40:49 | 000,002,120 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\searchplugins\MyStart.xml [2013.01.22 18:11:02 | 000,002,482 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\searchplugins\safesearch.xml [2012.09.23 18:03:14 | 000,003,915 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\n1faaxrq.default\searchplugins\sweetim.xml [2013.05.26 13:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.26 13:12:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.11 15:40:57 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\COFFPLGN [2012.12.03 21:59:14 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPLGN O1 HOSTS File: ([2012.12.03 22:41:57 | 000,000,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_16_Premium\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/****/Videos/gudrun/components/hidinputmonitorx.ocx (HidInputMonitorX Control) O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/****/Videos/gudrun/components/A9.ocx (A9Helper.A9) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/****/Videos/gudrun/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 10.21.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24451CC3-ED24-4154-906D-2DAA1B426EFB}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3AA168C-50E9-4DF6-B9A9-C21845E56634}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpReg: Lexmark 6500 Series - hkey= - key= - C:\Program Files (x86)\Lexmark 6500 Series\fm3032.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: lxdfamon - hkey= - key= - C:\Program Files (x86)\Lexmark 6500 Series\lxdfamon.exe () MsConfig:64bit - StartUpReg: lxdfmon.exe - hkey= - key= - C:\Program Files (x86)\Lexmark 6500 Series\lxdfmon.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.02 15:17:48 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.06.02 15:17:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.06.02 15:17:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [2013.06.02 15:17:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT [2013.05.30 12:00:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [2013.05.30 12:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeoGebra 4.2 [2013.05.27 20:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.26 13:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.23 16:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.05.23 16:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.05.18 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\****\Photo(graphie) [2010.12.16 21:39:36 | 000,302,592 | ---- | C] (Google) -- C:\Program Files (x86)\Common Files\webmmux.dll [2010.12.16 21:39:16 | 000,701,440 | ---- | C] (Google) -- C:\Program Files (x86)\Common Files\vp8encoder.dll [2010.12.16 21:39:16 | 000,412,672 | ---- | C] (Google) -- C:\Program Files (x86)\Common Files\vp8decoder.dll [2010.12.16 21:39:14 | 000,292,352 | ---- | C] (Google) -- C:\Program Files (x86)\Common Files\webmsplit.dll [2009.07.11 23:02:04 | 000,653,120 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCR90.dll [2009.07.11 23:02:02 | 000,569,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\MSVCP90.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.11 15:48:08 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 15:48:08 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.11 15:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.11 15:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.11 15:40:31 | 3062,837,248 | -HS- | M] () -- C:\hiberfil.sys [2013.06.10 20:06:07 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.10 20:06:07 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.10 20:06:07 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.10 20:06:07 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.10 20:06:07 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.04 20:48:22 | 001,189,258 | ---- | M] () -- C:\Users\****\Documents\Schlagzeug.MMM [2013.06.04 20:39:35 | 001,189,258 | ---- | M] () -- C:\Users\****\Documents\Schlagzeug_BAK1.MM_ [2013.06.04 20:28:20 | 001,189,258 | ---- | M] () -- C:\Users\****\Documents\Schlagzeug_BAK0.MM_ [2013.06.04 08:34:29 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\isolate.ini [2013.05.31 21:23:50 | 000,042,233 | ---- | M] () -- C:\Users\****\AppData\Local\recently-used.xbel [2013.05.24 04:09:47 | 000,008,063 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.cat [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys [2013.05.23 07:25:28 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.cat [2013.05.23 07:25:28 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa.inf [2013.05.21 15:31:12 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe [2013.05.21 15:30:18 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys [2013.05.21 07:02:00 | 000,002,852 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds.inf [2013.05.21 06:40:20 | 000,008,067 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.cat [2013.05.19 15:30:58 | 000,045,629 | ---- | M] () -- C:\Users\****\Documents\Facebook.jpg [2013.05.18 22:58:39 | 000,000,123 | ---- | M] () -- C:\Users\****\.gtk-bookmarks [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys [2013.05.16 07:02:14 | 000,001,437 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.inf [2013.05.15 17:31:15 | 000,473,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 20:39:35 | 001,189,258 | ---- | C] () -- C:\Users\****\Documents\Schlagzeug_BAK1.MM_ [2013.06.04 20:28:20 | 001,189,258 | ---- | C] () -- C:\Users\****\Documents\Schlagzeug_BAK0.MM_ [2013.06.02 15:17:48 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013.05.31 21:23:50 | 000,042,233 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel [2013.05.19 15:30:57 | 000,045,629 | ---- | C] () -- C:\Users\****\Documents\Facebook.jpg [2013.05.18 22:58:39 | 000,000,123 | ---- | C] () -- C:\Users\****\.gtk-bookmarks [2013.02.02 13:23:13 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.29 17:19:16 | 000,019,990 | ---- | C] () -- C:\Users\****\bookmarks-2012-12-26.json [2012.12.29 17:19:07 | 000,024,419 | ---- | C] () -- C:\Users\****\bookmarks-2012-12-29.json [2012.10.28 12:55:39 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2012.09.25 20:53:53 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.09.25 18:00:17 | 000,007,272 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.09.16 10:44:43 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.09.16 08:49:21 | 001,426,411 | ---- | C] () -- C:\Users\****\AppData\Local\Tempmusic.ogg [2012.09.15 23:28:59 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\lxdfinst.dll [2012.09.15 23:28:58 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdfcomx.dll [2012.09.15 23:28:57 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfinpa.dll [2012.09.15 23:28:57 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfiesc.dll [2012.09.15 23:28:56 | 000,647,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfpmui.dll [2012.09.15 23:28:53 | 001,200,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfserv.dll [2012.09.15 23:28:53 | 000,950,272 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfusb1.dll [2012.09.15 23:28:52 | 000,565,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdflmpm.dll [2012.09.15 23:28:52 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfprox.dll [2012.09.15 23:28:51 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfhbn3.dll [2012.09.15 23:28:51 | 000,320,432 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfih.exe [2012.09.15 23:28:50 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomc.dll [2012.09.15 23:28:50 | 000,598,960 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcoms.exe [2012.09.15 23:28:50 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcomm.dll [2012.09.15 23:28:49 | 000,365,488 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdfcfg.exe [2012.09.15 17:51:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012.09.15 15:32:18 | 000,017,408 | ---- | C] () -- C:\Users\****\AppData\Local\WebpageIcons.db [2012.01.20 15:10:52 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.01.12 02:00:44 | 000,030,208 | ---- | C] () -- C:\Program Files (x86)\Common Files\wmpinfo.dll [2011.01.12 02:00:42 | 000,240,128 | ---- | C] () -- C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll [2011.01.12 02:00:42 | 000,195,584 | ---- | C] () -- C:\Program Files (x86)\Common Files\dsfOggDemux2.dll [2011.01.12 02:00:42 | 000,146,944 | ---- | C] () -- C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll [2011.01.12 02:00:40 | 000,221,184 | ---- | C] () -- C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll [2011.01.12 02:00:40 | 000,204,800 | ---- | C] () -- C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.06.09 17:05:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2012.09.16 08:19:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\6500 Series [2013.05.10 15:50:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ableton [2012.12.03 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\AntiBrowserSpy 2009 [2013.03.19 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity [2012.11.16 19:42:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Engelmann Media [2013.06.01 21:04:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla [2012.09.23 18:17:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeScreenToVideo [2012.12.27 17:30:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Guitar Pro 6 [2012.10.04 10:53:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HDX4 GmbH [2012.09.15 23:41:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexmark Productivity Studio [2012.09.15 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2012.12.29 14:14:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MAGIX [2013.01.25 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag [2012.09.22 22:40:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds [2012.09.15 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Webocton - Scriptly ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.09.28 16:42:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.09.15 15:18:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.11 22:14:47 | 000,000,000 | ---D | M] -- C:\Fraps [2010.03.13 10:45:20 | 000,000,000 | ---D | M] -- C:\Intel [2012.09.15 23:36:59 | 000,000,000 | ---D | M] -- C:\logs [2012.09.15 17:07:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.03.14 15:39:59 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.09 15:43:50 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.04 15:47:34 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.09.15 15:18:30 | 000,000,000 | -HSD | M] -- C:\Programme [2012.09.15 15:18:31 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.15 23:18:42 | 000,000,000 | ---D | M] -- C:\Riot Games [2013.06.11 16:32:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.31 15:13:14 | 000,000,000 | R--D | M] -- C:\Users [2013.06.09 17:10:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.10 21:04:45 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.10.02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.10.02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.05.18 22:58:39 | 000,000,123 | ---- | M] () -- C:\Users\****\.gtk-bookmarks [2012.12.26 22:20:52 | 000,019,990 | ---- | M] () -- C:\Users\****\bookmarks-2012-12-26.json [2012.12.29 17:19:07 | 000,024,419 | ---- | M] () -- C:\Users\****\bookmarks-2012-12-29.json [2013.06.11 16:43:28 | 003,407,872 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2013.06.11 16:43:28 | 000,262,144 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1 [2012.09.15 15:18:40 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2 [2012.09.15 16:56:25 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.09.15 16:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.09.15 16:56:25 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.09.15 15:18:40 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.06.2013 16:08:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 53,67% Memory free
7,60 Gb Paging File | 5,74 Gb Available in Paging File | 75,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 272,44 Gb Free Space | 64,15% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 20,45 Gb Free Space | 51,13% Space Free | Partition Type: NTFS
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080B217A-5713-41D6-96A5-FA257EE88D57}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{10B5516F-B13E-48E8-898C-2E322E0F5249}" = lport=138 | protocol=17 | dir=in | app=system |
"{169FDC0B-D285-49DD-AC38-517BFD9397D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BDBF7BA-AA8F-43F9-BBD7-1AA0F2AF6BDA}" = rport=137 | protocol=17 | dir=out | app=system |
"{215E9254-3C03-4C9A-B2B5-F38236059F8F}" = rport=139 | protocol=6 | dir=out | app=system |
"{24320B6A-495D-4D16-8B85-09E274A204B4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{326F8A63-7E97-4BA4-970E-1EA3E09F8746}" = lport=139 | protocol=6 | dir=in | app=system |
"{439F7661-A973-441C-A374-645CE35E602A}" = rport=445 | protocol=6 | dir=out | app=system |
"{478B1A69-F64B-4E2F-9804-D04D2E54A6D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{662C662B-33D6-4CC7-A337-8D5D65107299}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{6F2FE2AE-0D62-4E3C-9686-E75017315780}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7E19A615-E5CB-4D59-A9A6-299618C237A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8085BE99-9C37-41FC-A89C-08E26848703F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{874A139A-6A02-431B-B546-3EB18AF74027}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B659E3C-1278-4917-A7D1-A38AD7F88F44}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF9532CD-9704-43BC-A937-54A81F3F17C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CB116079-E21B-4F12-BDB1-6B8E2D26B4AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC6913C9-C1E3-4355-AABD-B0A5784EA0E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E209E8-05A5-4442-8123-ECC3BB9511B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{0749F5B8-6898-4F2D-A01E-D985228E9EAF}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0AED765E-33BC-46AE-9065-0945895E640C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{0C34770D-E390-4BD2-8D45-53B12BEA2113}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe |
"{13CBF537-A4C1-408B-A568-097EDE28306F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1D5DC766-78E3-413C-BFB3-A7C62D5C5BF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1E79F20A-200B-4D70-AD94-2A407684A76C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{2327EFC1-BC3F-49C8-8FE6-C7E7294F9138}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{2DA3BB17-0261-4280-A6CC-7A836E27E29B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"{325C8B24-BA29-4F6E-99CD-19DC261F2E6A}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
"{399F9D12-18CF-4DDD-959A-34EBFC13D32E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe |
"{43A4ECF2-5FF6-47FF-9A89-ABE8A72812D3}" = protocol=6 | dir=in | app=c:\windows\system32\lxdfcfg.exe |
"{455D7707-D4AD-4F79-933C-AFFCD0FC4958}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{45C8C7C0-CB16-4EBE-8507-5F4D9E0DE983}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe |
"{4D1AFD32-25A9-4F59-8665-FC73EF98D660}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4D74F522-1418-40FE-8643-C6311DBC7207}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{4ECAF8B3-9D54-4B40-BA38-95C1B62F58D3}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfamon.exe |
"{5884C793-A397-406E-8581-E8BA76D20E65}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5BF93CA2-2932-49D7-996F-9E7F0A7EC496}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5D4FC475-DA69-4628-886D-0EF095BA0AFC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{6009193D-3B2A-49F3-BC80-C5534E576988}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A6F3B33-9188-4480-BB2A-72F4243493CE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{70582578-AA22-4517-9963-E8BFE031D273}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe |
"{795480BF-897C-45B9-AE70-2AAE4224E124}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe |
"{7C8A77BC-5AB8-4580-9E1C-BA472F5B51F7}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{80F38F46-1C10-4645-A4B8-B357FE988B3B}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{89171027-6DAC-4CF8-909E-D059556513CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8F3015D1-2BDB-42FE-96AE-F15ED5CDA003}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdftime.exe |
"{92FC56FB-9714-4A78-83BE-60A77E69E799}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{93D8CE1E-36A9-484F-BD7C-FDD823E18C8C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{979FB333-DB05-4639-A5D1-CFD56FF28F56}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9A45BA11-0533-464B-AC76-719F4F7707C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9DCCF960-76F3-41FF-AB12-DDCA202BD4FE}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdffax.exe |
"{9F3F8653-45DA-4B52-9F5E-3FE3C629230C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{9F617E55-59A5-43F2-BFF2-489797C5CC27}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9F9CEA82-8243-478C-A45F-B4D1F9E31FD5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A50FA28B-0E0B-4C3C-9F7C-0ECF7EC475A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdfcoms.exe |
"{A6CBA436-EC08-4421-85B4-7676B8E87530}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A8E9A11C-EEE1-4DF2-A50A-51961736BEB0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B060D63F-C113-4F84-AE59-1B5D478615E8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcfg.exe |
"{B1A469DD-5111-46D0-8CA7-5D2C0332D35F}" = protocol=17 | dir=in | app=c:\windows\system32\lxdfcoms.exe |
"{B32A4A2E-A0B1-4E14-B6F8-656E6E3378BC}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{B49A3841-B7A2-43E2-815B-924387727807}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe |
"{B6D659F5-69A7-4366-B074-436CCD65A0D2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{BFE383CC-F944-4C36-9883-4C1170982A29}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdfpswx.exe |
"{C5B8AA82-0BCC-45A3-AFB9-439AB53E89CB}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C7BD0779-6A99-4CBF-9BB1-E4AC0AF24E99}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{CFFE18E6-627E-43FE-8167-88BE5A750572}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D1AB9AF3-0F91-4279-A285-40ACC680510B}" = protocol=58 | dir=in | app=system |
"{D6A406A1-CA67-4C04-888A-6C6AD2D900F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB650915-DF01-4234-9E56-AC0BB795D8D0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{DCEF79C4-E8F7-4145-ACD8-E598DF87255C}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 6500 series\lxdfmon.exe |
"{E33F53AB-B22C-4B2D-AD7D-3A5F7F895231}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F4615D49-5503-4E2F-9692-62F145443CA6}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 6500 series\frun.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19DCDC0D-9D87-46DB-A4B0-08B35AA333A3}" = Corel Shell Extension - 64Bit
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Lexmark 6500 Series" = Lexmark 6500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7D66971C-652B-4065-A6B1-B3EE313C254B}" = BlueJ
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E04A4B52-7CF5-4B5A-0001-F5B55C390A4C}" = MyTube BigPack 5
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo ClipFinder HD_is1" = Ashampoo ClipFinder HD v.2.2.8
"Ashampoo Snap 5_is1" = Ashampoo Snap 5 v.5.1.5
"ASIO4ALL" = ASIO4ALL
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"Audacity_is1" = Audacity 2.0
"Disketch" = Disketch CD-Beschriftungssoftware
"FileZilla Client" = FileZilla Client 3.6.0.2
"FormatFactory" = FormatFactory 2.90
"IL Shared Libraries" = IL Shared Libraries
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Music Maker 16 Premium D" = MAGIX Music Maker 16 Premium
"MAGIX Music Maker Hip Hop Edition 3 D" = MAGIX Music Maker Hip Hop Edition 3 5.0.0.2 (D)
"MAGIX Music Maker Rock Edition 3 D" = MAGIX Music Maker Rock Edition 3 5.0.0.0 (D)
"MAGIX Music Maker Techno Edition 3 D" = MAGIX Music Maker Techno Edition 3 5.0.0.2 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Video deluxe 16 Premium D" = MAGIX Video deluxe 16 Premium 9.0.0.54 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.48
"NIS" = Norton Internet Security CBE
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"VLC media player" = VLC media player 2.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WNLT" = IB Updater Service
"X10Hardware" = X10 Hardware(TM)
"XMind_is1" = XMind 2012 (v3.3.1)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra 4.2" = GeoGebra 4.2
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.02.2013 18:21:51 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.2.0.30,
Zeitstempel: 0x511adc12 Name des fehlerhaften Moduls: League of Legends.exe, Version:
3.2.0.30, Zeitstempel: 0x511adc12 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0031ddfa
ID
des fehlerhaften Prozesses: 0x1230 Startzeit der fehlerhaften Anwendung: 0x01ce0bcac1dac7a0
Pfad
der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.211\deploy\League
of Legends.exe Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.211\deploy\League
of Legends.exe Berichtskennung: 1803bf52-77be-11e2-825c-00262df76f2e
Error - 16.02.2013 08:38:43 | Computer Name = ****-PC | Source = Application Hang | ID = 1002
Description = Programm GuitarPro.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f40 Startzeit:
01ce0c41f3366a81 Endzeit: 20 Anwendungspfad: C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
Berichts-ID:
c870d538-7835-11e2-91c6-00262df76f2e
Error - 19.02.2013 14:58:41 | Computer Name = ****-PC | Source = Application Hang | ID = 1002
Description = Programm MusicMaker.exe, Version 16.0.5.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dec Startzeit:
01ce0ed17cb11c16 Endzeit: 0 Anwendungspfad: C:\Program Files (x86)\MAGIX\MusicMaker16Premium\MusicMaker.exe
Berichts-ID:
Error - 26.02.2013 10:19:49 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:50 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:50 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:50 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:50 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:50 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
Error - 26.02.2013 10:19:51 | Computer Name = ****-PC | Source = MsiInstaller | ID = 11609
Description =
[ System Events ]
Error - 23.01.2013 13:40:11 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdfCATSCustConnectService erreicht.
Error - 23.01.2013 13:40:11 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 23.01.2013 16:28:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description =
Error - 23.01.2013 16:28:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 23.01.2013 16:28:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 24.01.2013 11:18:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdfCATSCustConnectService erreicht.
Error - 24.01.2013 11:18:50 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 24.01.2013 11:20:23 | Computer Name = ****-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 25.01.2013 03:01:33 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
lxdfCATSCustConnectService erreicht.
Error - 25.01.2013 03:01:33 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Geändert von Trollo (11.06.2013 um 15:52 Uhr) |
|
11.06.2013, 17:57
| #4 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.06.2013, 19:38
| #5 |
| | wssetup.exe - Virus ja/ nein? Also er hat beim Scan nichts gefunden ist ja schon mal ganz gut ;-) Hier der Log-file: Code:
ATTFilter 20:33:18.0353 3636 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:33:18.0727 3636 ============================================================
20:33:18.0727 3636 Current date / time: 2013/06/11 20:33:18.0727
20:33:18.0727 3636 SystemInfo:
20:33:18.0727 3636
20:33:18.0727 3636 OS Version: 6.1.7601 ServicePack: 1.0
20:33:18.0727 3636 Product type: Workstation
20:33:18.0727 3636 ComputerName: ****-PC
20:33:18.0727 3636 UserName: ****
20:33:18.0727 3636 Windows directory: C:\Windows
20:33:18.0727 3636 System windows directory: C:\Windows
20:33:18.0727 3636 Running under WOW64
20:33:18.0727 3636 Processor architecture: Intel x64
20:33:18.0727 3636 Number of processors: 4
20:33:18.0727 3636 Page size: 0x1000
20:33:18.0727 3636 Boot type: Normal boot
20:33:18.0727 3636 ============================================================
20:33:19.0476 3636 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:33:19.0491 3636 ============================================================
20:33:19.0491 3636 \Device\Harddisk0\DR0:
20:33:19.0491 3636 MBR partitions:
20:33:19.0491 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:33:19.0491 3636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
20:33:19.0491 3636 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
20:33:19.0491 3636 ============================================================
20:33:19.0507 3636 C: <-> \Device\Harddisk0\DR0\Partition2
20:33:19.0569 3636 D: <-> \Device\Harddisk0\DR0\Partition3
20:33:19.0569 3636 ============================================================
20:33:19.0569 3636 Initialize success
20:33:19.0569 3636 ============================================================
20:35:02.0764 4012 ============================================================
20:35:02.0764 4012 Scan started
20:35:02.0764 4012 Mode: Manual;
20:35:02.0764 4012 ============================================================
20:35:04.0543 4012 ================ Scan system memory ========================
20:35:04.0543 4012 System memory - ok
20:35:04.0543 4012 ================ Scan services =============================
20:35:04.0870 4012 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:35:04.0870 4012 1394ohci - ok
20:35:04.0917 4012 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:35:04.0933 4012 ACPI - ok
20:35:04.0964 4012 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:35:04.0964 4012 AcpiPmi - ok
20:35:05.0120 4012 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:35:05.0120 4012 AdobeARMservice - ok
20:35:05.0557 4012 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:35:05.0572 4012 AdobeFlashPlayerUpdateSvc - ok
20:35:05.0619 4012 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:35:05.0635 4012 adp94xx - ok
20:35:05.0682 4012 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:35:05.0682 4012 adpahci - ok
20:35:05.0744 4012 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:35:05.0760 4012 adpu320 - ok
20:35:05.0775 4012 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:35:05.0775 4012 AeLookupSvc - ok
20:35:05.0822 4012 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:35:05.0838 4012 AFD - ok
20:35:05.0853 4012 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:35:05.0869 4012 agp440 - ok
20:35:05.0900 4012 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:35:05.0900 4012 ALG - ok
20:35:05.0931 4012 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:35:05.0931 4012 aliide - ok
20:35:05.0947 4012 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:35:05.0962 4012 amdide - ok
20:35:05.0978 4012 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:35:05.0994 4012 AmdK8 - ok
20:35:06.0025 4012 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:35:06.0025 4012 AmdPPM - ok
20:35:06.0072 4012 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:35:06.0072 4012 amdsata - ok
20:35:06.0150 4012 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:35:06.0150 4012 amdsbs - ok
20:35:06.0165 4012 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:35:06.0165 4012 amdxata - ok
20:35:06.0212 4012 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:35:06.0212 4012 AppID - ok
20:35:06.0243 4012 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:35:06.0243 4012 AppIDSvc - ok
20:35:06.0290 4012 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:35:06.0290 4012 Appinfo - ok
20:35:06.0337 4012 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:35:06.0337 4012 arc - ok
20:35:06.0352 4012 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:35:06.0368 4012 arcsas - ok
20:35:06.0384 4012 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:06.0399 4012 AsyncMac - ok
20:35:06.0446 4012 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:35:06.0446 4012 atapi - ok
20:35:06.0524 4012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:35:06.0524 4012 AudioEndpointBuilder - ok
20:35:06.0540 4012 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:35:06.0555 4012 AudioSrv - ok
20:35:06.0602 4012 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:35:06.0602 4012 AxInstSV - ok
20:35:06.0664 4012 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:35:06.0664 4012 b06bdrv - ok
20:35:06.0711 4012 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:35:06.0711 4012 b57nd60a - ok
20:35:06.0836 4012 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
20:35:06.0836 4012 BBSvc - ok
20:35:06.0914 4012 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
20:35:06.0914 4012 BBUpdate - ok
20:35:06.0961 4012 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:35:06.0961 4012 BDESVC - ok
20:35:07.0008 4012 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:35:07.0023 4012 Beep - ok
20:35:07.0086 4012 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:35:07.0101 4012 BFE - ok
20:35:07.0522 4012 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
20:35:07.0538 4012 BHDrvx64 - ok
20:35:07.0647 4012 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:35:07.0663 4012 BITS - ok
20:35:07.0694 4012 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:35:07.0694 4012 blbdrive - ok
20:35:07.0741 4012 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:35:07.0741 4012 bowser - ok
20:35:07.0772 4012 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:35:07.0772 4012 BrFiltLo - ok
20:35:07.0788 4012 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:35:07.0788 4012 BrFiltUp - ok
20:35:07.0834 4012 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:35:07.0834 4012 Browser - ok
20:35:07.0881 4012 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:35:07.0881 4012 Brserid - ok
20:35:07.0928 4012 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:35:07.0928 4012 BrSerWdm - ok
20:35:07.0959 4012 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:35:07.0959 4012 BrUsbMdm - ok
20:35:07.0990 4012 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:35:07.0990 4012 BrUsbSer - ok
20:35:08.0037 4012 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:35:08.0037 4012 BTHMODEM - ok
20:35:08.0084 4012 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:35:08.0100 4012 bthserv - ok
20:35:08.0193 4012 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
20:35:08.0193 4012 ccSet_NIS - ok
20:35:08.0224 4012 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:35:08.0224 4012 cdfs - ok
20:35:08.0271 4012 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:35:08.0271 4012 cdrom - ok
20:35:08.0318 4012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:35:08.0318 4012 CertPropSvc - ok
20:35:08.0365 4012 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:35:08.0365 4012 circlass - ok
20:35:08.0412 4012 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:35:08.0412 4012 CLFS - ok
20:35:08.0490 4012 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:08.0490 4012 clr_optimization_v2.0.50727_32 - ok
20:35:08.0583 4012 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:35:08.0614 4012 clr_optimization_v2.0.50727_64 - ok
20:35:08.0677 4012 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:35:08.0724 4012 clr_optimization_v4.0.30319_32 - ok
20:35:08.0786 4012 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:35:08.0786 4012 clr_optimization_v4.0.30319_64 - ok
20:35:08.0833 4012 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:35:08.0833 4012 CmBatt - ok
20:35:08.0864 4012 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:35:08.0864 4012 cmdide - ok
20:35:08.0911 4012 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:35:08.0911 4012 CNG - ok
20:35:08.0942 4012 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:35:08.0942 4012 Compbatt - ok
20:35:08.0973 4012 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:35:08.0973 4012 CompositeBus - ok
20:35:09.0004 4012 COMSysApp - ok
20:35:09.0020 4012 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:35:09.0020 4012 crcdisk - ok
20:35:09.0067 4012 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:35:09.0067 4012 CryptSvc - ok
20:35:09.0145 4012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:35:09.0145 4012 DcomLaunch - ok
20:35:09.0223 4012 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:35:09.0223 4012 defragsvc - ok
20:35:09.0270 4012 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:35:09.0285 4012 DfsC - ok
20:35:09.0332 4012 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:35:09.0332 4012 Dhcp - ok
20:35:09.0379 4012 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:35:09.0379 4012 discache - ok
20:35:09.0426 4012 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:35:09.0426 4012 Disk - ok
20:35:09.0457 4012 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:35:09.0457 4012 Dnscache - ok
20:35:09.0504 4012 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:35:09.0504 4012 dot3svc - ok
20:35:09.0535 4012 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:35:09.0550 4012 DPS - ok
20:35:09.0566 4012 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:35:09.0582 4012 drmkaud - ok
20:35:09.0628 4012 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:35:09.0644 4012 DXGKrnl - ok
20:35:09.0675 4012 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:35:09.0675 4012 EapHost - ok
20:35:09.0831 4012 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:35:09.0940 4012 ebdrv - ok
20:35:10.0034 4012 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:35:10.0034 4012 eeCtrl - ok
20:35:10.0081 4012 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:35:10.0081 4012 EFS - ok
20:35:10.0159 4012 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:35:10.0174 4012 ehRecvr - ok
20:35:10.0221 4012 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:35:10.0221 4012 ehSched - ok
20:35:10.0284 4012 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:35:10.0284 4012 elxstor - ok
20:35:10.0330 4012 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:35:10.0330 4012 EraserUtilRebootDrv - ok
20:35:10.0362 4012 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:35:10.0362 4012 ErrDev - ok
20:35:10.0408 4012 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:35:10.0408 4012 EventSystem - ok
20:35:10.0455 4012 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:35:10.0455 4012 exfat - ok
20:35:10.0518 4012 Fabs - ok
20:35:10.0564 4012 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:35:10.0564 4012 fastfat - ok
20:35:10.0642 4012 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:35:10.0658 4012 Fax - ok
20:35:10.0689 4012 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:35:10.0689 4012 fdc - ok
20:35:10.0736 4012 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:35:10.0736 4012 fdPHost - ok
20:35:10.0767 4012 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:35:10.0767 4012 FDResPub - ok
20:35:10.0814 4012 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:35:10.0814 4012 FileInfo - ok
20:35:10.0830 4012 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:35:10.0845 4012 Filetrace - ok
20:35:10.0986 4012 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
20:35:11.0110 4012 FirebirdServerMAGIXInstance - ok
20:35:11.0142 4012 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:35:11.0173 4012 flpydisk - ok
20:35:11.0220 4012 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:35:11.0220 4012 FltMgr - ok
20:35:11.0282 4012 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:35:11.0329 4012 FontCache - ok
20:35:11.0422 4012 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:35:11.0422 4012 FontCache3.0.0.0 - ok
20:35:11.0454 4012 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:35:11.0454 4012 FsDepends - ok
20:35:11.0485 4012 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:35:11.0485 4012 fssfltr - ok
20:35:11.0812 4012 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:35:11.0859 4012 fsssvc - ok
20:35:11.0906 4012 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:35:11.0906 4012 Fs_Rec - ok
20:35:11.0968 4012 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:35:11.0968 4012 fvevol - ok
20:35:12.0015 4012 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:35:12.0015 4012 gagp30kx - ok
20:35:12.0078 4012 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:35:12.0078 4012 gpsvc - ok
20:35:12.0140 4012 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:35:12.0140 4012 hamachi - ok
20:35:12.0280 4012 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:35:12.0358 4012 Hamachi2Svc - ok
20:35:12.0405 4012 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:35:12.0405 4012 hcw85cir - ok
20:35:12.0452 4012 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:35:12.0452 4012 HdAudAddService - ok
20:35:12.0514 4012 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:35:12.0514 4012 HDAudBus - ok
20:35:12.0561 4012 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:35:12.0561 4012 HECIx64 - ok
20:35:12.0577 4012 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:35:12.0577 4012 HidBatt - ok
20:35:12.0608 4012 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:35:12.0608 4012 HidBth - ok
20:35:12.0639 4012 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:35:12.0639 4012 HidIr - ok
20:35:12.0670 4012 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:35:12.0670 4012 hidserv - ok
20:35:12.0717 4012 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:35:12.0717 4012 HidUsb - ok
20:35:12.0748 4012 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:35:12.0764 4012 hkmsvc - ok
20:35:12.0826 4012 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:35:12.0826 4012 HomeGroupListener - ok
20:35:12.0858 4012 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:35:12.0873 4012 HomeGroupProvider - ok
20:35:12.0889 4012 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:35:12.0889 4012 HpSAMD - ok
20:35:12.0951 4012 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:35:12.0967 4012 HTTP - ok
20:35:13.0029 4012 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:35:13.0045 4012 hwpolicy - ok
20:35:13.0092 4012 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:35:13.0092 4012 i8042prt - ok
20:35:13.0154 4012 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:35:13.0154 4012 iaStor - ok
20:35:13.0232 4012 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:35:13.0232 4012 IAStorDataMgrSvc - ok
20:35:13.0263 4012 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:35:13.0279 4012 iaStorV - ok
20:35:13.0372 4012 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
20:35:13.0435 4012 IBUpdaterService - ok
20:35:13.0528 4012 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:35:13.0575 4012 idsvc - ok
20:35:13.0778 4012 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130608.001\IDSvia64.sys
20:35:13.0778 4012 IDSVia64 - ok
20:35:14.0558 4012 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:35:14.0839 4012 igfx - ok
20:35:14.0886 4012 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:35:14.0886 4012 iirsp - ok
20:35:14.0932 4012 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:35:14.0948 4012 IKEEXT - ok
20:35:14.0979 4012 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
20:35:14.0995 4012 Impcd - ok
20:35:15.0073 4012 [ 257CE93C4C83A869F67C8121A34D57EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:35:15.0088 4012 IntcAzAudAddService - ok
20:35:15.0120 4012 [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
20:35:15.0120 4012 IntcDAud - ok
20:35:15.0151 4012 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:35:15.0151 4012 intelide - ok
20:35:15.0182 4012 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:35:15.0182 4012 intelppm - ok
20:35:15.0198 4012 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:35:15.0198 4012 IPBusEnum - ok
20:35:15.0244 4012 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:35:15.0244 4012 IpFilterDriver - ok
20:35:15.0322 4012 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:35:15.0322 4012 iphlpsvc - ok
20:35:15.0354 4012 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:35:15.0354 4012 IPMIDRV - ok
20:35:15.0385 4012 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:35:15.0400 4012 IPNAT - ok
20:35:15.0447 4012 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:35:15.0447 4012 IRENUM - ok
20:35:15.0463 4012 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:35:15.0463 4012 isapnp - ok
20:35:15.0494 4012 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:35:15.0510 4012 iScsiPrt - ok
20:35:15.0525 4012 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:35:15.0541 4012 kbdclass - ok
20:35:15.0572 4012 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:35:15.0572 4012 kbdhid - ok
20:35:15.0603 4012 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:35:15.0603 4012 KeyIso - ok
20:35:15.0619 4012 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:35:15.0619 4012 KSecDD - ok
20:35:15.0650 4012 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:35:15.0650 4012 KSecPkg - ok
20:35:15.0681 4012 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:35:15.0681 4012 ksthunk - ok
20:35:15.0712 4012 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:35:15.0728 4012 KtmRm - ok
20:35:15.0775 4012 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
20:35:15.0775 4012 L1C - ok
20:35:15.0822 4012 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:35:15.0822 4012 LanmanServer - ok
20:35:15.0868 4012 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:35:15.0868 4012 LanmanWorkstation - ok
20:35:15.0931 4012 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:35:15.0931 4012 lltdio - ok
20:35:15.0962 4012 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:35:15.0978 4012 lltdsvc - ok
20:35:15.0993 4012 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:35:15.0993 4012 lmhosts - ok
20:35:16.0071 4012 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:35:16.0087 4012 LMS - ok
20:35:16.0118 4012 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:35:16.0118 4012 LSI_FC - ok
20:35:16.0149 4012 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:35:16.0149 4012 LSI_SAS - ok
20:35:16.0180 4012 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:35:16.0180 4012 LSI_SAS2 - ok
20:35:16.0227 4012 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:35:16.0227 4012 LSI_SCSI - ok
20:35:16.0258 4012 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:35:16.0274 4012 luafv - ok
20:35:16.0352 4012 [ 06407E13684E4B1AD56C62893E718248 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe
20:35:16.0368 4012 lxdfCATSCustConnectService - ok
20:35:16.0399 4012 lxdf_device - ok
20:35:16.0430 4012 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:35:16.0446 4012 Mcx2Svc - ok
20:35:16.0477 4012 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:35:16.0477 4012 megasas - ok
20:35:16.0508 4012 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:35:16.0524 4012 MegaSR - ok
20:35:16.0586 4012 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:35:16.0586 4012 MMCSS - ok
20:35:16.0648 4012 [ F7AB9BBD2D973607C0E69B1D79C7611F ] mod7764 C:\Windows\system32\DRIVERS\mod77-64.sys
20:35:16.0680 4012 mod7764 - ok
20:35:16.0726 4012 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:35:16.0726 4012 Modem - ok
20:35:16.0742 4012 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:35:16.0742 4012 monitor - ok
20:35:16.0789 4012 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:35:16.0789 4012 mouclass - ok
20:35:16.0836 4012 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:35:16.0836 4012 mouhid - ok
20:35:16.0882 4012 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:35:16.0882 4012 mountmgr - ok
20:35:16.0945 4012 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:35:16.0945 4012 MozillaMaintenance - ok
20:35:16.0992 4012 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:35:16.0992 4012 mpio - ok
20:35:17.0038 4012 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:35:17.0038 4012 mpsdrv - ok
20:35:17.0101 4012 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:35:17.0101 4012 MpsSvc - ok
20:35:17.0179 4012 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:35:17.0179 4012 MRxDAV - ok
20:35:17.0210 4012 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:35:17.0226 4012 mrxsmb - ok
20:35:17.0241 4012 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:35:17.0241 4012 mrxsmb10 - ok
20:35:17.0288 4012 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:35:17.0304 4012 mrxsmb20 - ok
20:35:17.0335 4012 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:35:17.0335 4012 msahci - ok
20:35:17.0366 4012 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:35:17.0366 4012 msdsm - ok
20:35:17.0382 4012 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:35:17.0382 4012 MSDTC - ok
20:35:17.0428 4012 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:35:17.0428 4012 Msfs - ok
20:35:17.0460 4012 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:35:17.0460 4012 mshidkmdf - ok
20:35:17.0491 4012 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:35:17.0491 4012 msisadrv - ok
20:35:17.0522 4012 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:35:17.0522 4012 MSiSCSI - ok
20:35:17.0538 4012 msiserver - ok
20:35:17.0569 4012 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:35:17.0569 4012 MSKSSRV - ok
20:35:17.0569 4012 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:35:17.0584 4012 MSPCLOCK - ok
20:35:17.0600 4012 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:35:17.0600 4012 MSPQM - ok
20:35:17.0647 4012 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:35:17.0678 4012 MsRPC - ok
20:35:17.0694 4012 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:35:17.0694 4012 mssmbios - ok
20:35:17.0725 4012 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:35:17.0725 4012 MSTEE - ok
20:35:17.0756 4012 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:35:17.0756 4012 MTConfig - ok
20:35:17.0772 4012 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:35:17.0772 4012 Mup - ok
20:35:17.0834 4012 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:35:17.0850 4012 napagent - ok
20:35:17.0896 4012 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:35:17.0896 4012 NativeWifiP - ok
20:35:18.0037 4012 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\ENG64.SYS
20:35:18.0037 4012 NAVENG - ok
20:35:18.0786 4012 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\EX64.SYS
20:35:18.0817 4012 NAVEX15 - ok
20:35:18.0864 4012 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:35:18.0879 4012 NDIS - ok
20:35:18.0926 4012 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:35:18.0926 4012 NdisCap - ok
20:35:18.0942 4012 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:35:18.0942 4012 NdisTapi - ok
20:35:18.0973 4012 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:35:18.0973 4012 Ndisuio - ok
20:35:19.0004 4012 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:35:19.0004 4012 NdisWan - ok
20:35:19.0020 4012 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:35:19.0020 4012 NDProxy - ok
20:35:19.0066 4012 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:35:19.0066 4012 NetBIOS - ok
20:35:19.0113 4012 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:35:19.0113 4012 NetBT - ok
20:35:19.0129 4012 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:35:19.0129 4012 Netlogon - ok
20:35:19.0191 4012 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:35:19.0191 4012 Netman - ok
20:35:19.0207 4012 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:35:19.0207 4012 netprofm - ok
20:35:19.0254 4012 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:35:19.0285 4012 NetTcpPortSharing - ok
20:35:19.0316 4012 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:35:19.0316 4012 nfrd960 - ok
20:35:19.0425 4012 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe
20:35:19.0425 4012 NIS - ok
20:35:19.0472 4012 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:35:19.0472 4012 NlaSvc - ok
20:35:19.0519 4012 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
20:35:19.0519 4012 NPF - ok
20:35:19.0534 4012 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:35:19.0550 4012 Npfs - ok
20:35:19.0566 4012 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:35:19.0566 4012 nsi - ok
20:35:19.0581 4012 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:35:19.0581 4012 nsiproxy - ok
20:35:19.0675 4012 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:35:19.0722 4012 Ntfs - ok
20:35:19.0800 4012 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:35:19.0800 4012 Null - ok
20:35:19.0831 4012 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:35:19.0831 4012 nvraid - ok
20:35:19.0878 4012 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:35:19.0893 4012 nvstor - ok
20:35:19.0924 4012 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:35:19.0924 4012 nv_agp - ok
20:35:19.0956 4012 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:35:19.0956 4012 ohci1394 - ok
20:35:20.0034 4012 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:35:20.0034 4012 ose - ok
20:35:20.0517 4012 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:35:20.0658 4012 osppsvc - ok
20:35:20.0767 4012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:35:20.0767 4012 p2pimsvc - ok
20:35:20.0798 4012 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:35:20.0814 4012 p2psvc - ok
20:35:20.0860 4012 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:35:20.0860 4012 Parport - ok
20:35:20.0876 4012 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:35:20.0892 4012 partmgr - ok
20:35:20.0907 4012 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:35:20.0923 4012 PcaSvc - ok
20:35:20.0938 4012 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:35:20.0938 4012 pci - ok
20:35:20.0970 4012 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:35:20.0970 4012 pciide - ok
20:35:21.0001 4012 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:35:21.0001 4012 pcmcia - ok
20:35:21.0032 4012 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:35:21.0032 4012 pcw - ok
20:35:21.0063 4012 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:35:21.0063 4012 PEAUTH - ok
20:35:21.0188 4012 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:35:21.0219 4012 PerfHost - ok
20:35:21.0375 4012 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:35:21.0438 4012 pla - ok
20:35:21.0500 4012 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:35:21.0500 4012 PlugPlay - ok
20:35:21.0531 4012 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:35:21.0547 4012 PNRPAutoReg - ok
20:35:21.0562 4012 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:35:21.0578 4012 PNRPsvc - ok
20:35:21.0625 4012 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:35:21.0625 4012 PolicyAgent - ok
20:35:21.0672 4012 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:35:21.0687 4012 Power - ok
20:35:21.0734 4012 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:35:21.0734 4012 PptpMiniport - ok
20:35:21.0765 4012 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:35:21.0765 4012 Processor - ok
20:35:21.0796 4012 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:35:21.0796 4012 ProfSvc - ok
20:35:21.0812 4012 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:35:21.0812 4012 ProtectedStorage - ok
20:35:21.0874 4012 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:35:21.0890 4012 Psched - ok
20:35:21.0937 4012 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
20:35:21.0937 4012 PSI_SVC_2 - ok
20:35:22.0264 4012 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:35:22.0311 4012 ql2300 - ok
20:35:22.0358 4012 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:35:22.0358 4012 ql40xx - ok
20:35:22.0389 4012 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:35:22.0405 4012 QWAVE - ok
20:35:22.0420 4012 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:35:22.0420 4012 QWAVEdrv - ok
20:35:22.0436 4012 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:35:22.0436 4012 RasAcd - ok
20:35:22.0483 4012 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:35:22.0483 4012 RasAgileVpn - ok
20:35:22.0514 4012 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:35:22.0514 4012 RasAuto - ok
20:35:22.0545 4012 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:35:22.0545 4012 Rasl2tp - ok
20:35:22.0592 4012 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:35:22.0592 4012 RasMan - ok
20:35:22.0654 4012 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:35:22.0654 4012 RasPppoe - ok
20:35:22.0686 4012 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:35:22.0686 4012 RasSstp - ok
20:35:22.0748 4012 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:35:22.0748 4012 rdbss - ok
20:35:22.0779 4012 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:35:22.0779 4012 rdpbus - ok
20:35:22.0810 4012 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:35:22.0810 4012 RDPCDD - ok
20:35:22.0842 4012 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:35:22.0842 4012 RDPENCDD - ok
20:35:22.0842 4012 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:35:22.0842 4012 RDPREFMP - ok
20:35:22.0873 4012 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:35:22.0888 4012 RDPWD - ok
20:35:22.0935 4012 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:35:22.0951 4012 rdyboost - ok
20:35:22.0966 4012 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:35:22.0966 4012 RemoteAccess - ok
20:35:23.0013 4012 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:35:23.0013 4012 RemoteRegistry - ok
20:35:23.0091 4012 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:35:23.0107 4012 RichVideo - ok
20:35:23.0185 4012 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
20:35:23.0185 4012 rpcapd - ok
20:35:23.0216 4012 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:35:23.0216 4012 RpcEptMapper - ok
20:35:23.0232 4012 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:35:23.0247 4012 RpcLocator - ok
20:35:23.0294 4012 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:35:23.0310 4012 RpcSs - ok
20:35:23.0325 4012 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:35:23.0356 4012 rspndr - ok
20:35:23.0419 4012 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:35:23.0419 4012 RSUSBSTOR - ok
20:35:23.0481 4012 [ 8E843C0340C30994161C10FBA87EEA18 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
20:35:23.0481 4012 rtl8192se - ok
20:35:23.0512 4012 RtsUIR - ok
20:35:23.0528 4012 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:35:23.0528 4012 SamSs - ok
20:35:23.0559 4012 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:35:23.0559 4012 sbp2port - ok
20:35:23.0606 4012 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:35:23.0622 4012 SCardSvr - ok
20:35:23.0653 4012 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:35:23.0653 4012 scfilter - ok
20:35:23.0715 4012 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:35:23.0793 4012 Schedule - ok
20:35:23.0840 4012 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:35:23.0840 4012 SCPolicySvc - ok
20:35:23.0887 4012 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:35:23.0887 4012 SDRSVC - ok
20:35:23.0934 4012 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:35:23.0934 4012 secdrv - ok
20:35:23.0965 4012 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:35:23.0965 4012 seclogon - ok
20:35:24.0012 4012 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:35:24.0012 4012 SENS - ok
20:35:24.0027 4012 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:35:24.0027 4012 SensrSvc - ok
20:35:24.0074 4012 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:35:24.0074 4012 Serenum - ok
20:35:24.0121 4012 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:35:24.0121 4012 Serial - ok
20:35:24.0168 4012 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:35:24.0168 4012 sermouse - ok
20:35:24.0214 4012 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:35:24.0214 4012 SessionEnv - ok
20:35:24.0246 4012 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:35:24.0246 4012 sffdisk - ok
20:35:24.0277 4012 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:35:24.0277 4012 sffp_mmc - ok
20:35:24.0308 4012 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:35:24.0308 4012 sffp_sd - ok
20:35:24.0324 4012 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:35:24.0339 4012 sfloppy - ok
20:35:24.0355 4012 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:35:24.0370 4012 SharedAccess - ok
20:35:24.0417 4012 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:35:24.0417 4012 ShellHWDetection - ok
20:35:24.0448 4012 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:35:24.0464 4012 SiSRaid2 - ok
20:35:24.0495 4012 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:35:24.0495 4012 SiSRaid4 - ok
20:35:24.0589 4012 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:35:24.0589 4012 SkypeUpdate - ok
20:35:24.0636 4012 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:35:24.0636 4012 Smb - ok
20:35:24.0667 4012 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:35:24.0682 4012 SNMPTRAP - ok
20:35:24.0698 4012 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:35:24.0698 4012 spldr - ok
20:35:24.0729 4012 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:35:24.0729 4012 Spooler - ok
20:35:24.0838 4012 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:35:24.0932 4012 sppsvc - ok
20:35:24.0963 4012 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:35:24.0963 4012 sppuinotify - ok
20:35:25.0057 4012 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
20:35:25.0072 4012 SRTSP - ok
20:35:25.0104 4012 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
20:35:25.0104 4012 SRTSPX - ok
20:35:25.0150 4012 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:35:25.0150 4012 srv - ok
20:35:25.0182 4012 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:35:25.0182 4012 srv2 - ok
20:35:25.0197 4012 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:35:25.0213 4012 srvnet - ok
20:35:25.0244 4012 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:35:25.0244 4012 SSDPSRV - ok
20:35:25.0275 4012 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:35:25.0275 4012 SstpSvc - ok
20:35:25.0306 4012 Steam Client Service - ok
20:35:25.0322 4012 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:35:25.0322 4012 stexstor - ok
20:35:25.0369 4012 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:35:25.0384 4012 stisvc - ok
20:35:25.0494 4012 [ 3FB1D84D673B4A9AF3856C8843C7A464 ] StumbleUponUpdater C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
20:35:25.0494 4012 StumbleUponUpdater - ok
20:35:25.0525 4012 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:35:25.0525 4012 swenum - ok
20:35:25.0556 4012 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:35:25.0572 4012 swprv - ok
20:35:25.0603 4012 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
20:35:25.0618 4012 SymDS - ok
20:35:25.0681 4012 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
20:35:25.0712 4012 SymEFA - ok
20:35:25.0774 4012 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
20:35:25.0774 4012 SymEvent - ok
20:35:25.0806 4012 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
20:35:25.0806 4012 SymIM - ok
20:35:25.0837 4012 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
20:35:25.0852 4012 SymIRON - ok
20:35:25.0884 4012 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
20:35:25.0899 4012 SymNetS - ok
20:35:25.0930 4012 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:35:25.0946 4012 SynTP - ok
20:35:26.0024 4012 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:35:26.0071 4012 SysMain - ok
20:35:26.0118 4012 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:35:26.0118 4012 TabletInputService - ok
20:35:26.0149 4012 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:35:26.0164 4012 TapiSrv - ok
20:35:26.0211 4012 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:35:26.0211 4012 TBS - ok
20:35:26.0289 4012 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:35:26.0367 4012 Tcpip - ok
20:35:26.0414 4012 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:35:26.0430 4012 TCPIP6 - ok
20:35:26.0461 4012 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:35:26.0461 4012 tcpipreg - ok
20:35:26.0492 4012 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:35:26.0508 4012 TDPIPE - ok
20:35:26.0523 4012 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:35:26.0523 4012 TDTCP - ok
20:35:26.0570 4012 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:35:26.0570 4012 tdx - ok
20:35:26.0601 4012 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:35:26.0601 4012 TermDD - ok
20:35:26.0648 4012 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:35:26.0664 4012 TermService - ok
20:35:26.0695 4012 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:35:26.0695 4012 Themes - ok
20:35:26.0742 4012 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:35:26.0742 4012 THREADORDER - ok
20:35:26.0788 4012 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:35:26.0788 4012 TrkWks - ok
20:35:26.0913 4012 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:35:26.0929 4012 TrustedInstaller - ok
20:35:26.0991 4012 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:35:27.0007 4012 tssecsrv - ok
20:35:27.0054 4012 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:35:27.0054 4012 TsUsbFlt - ok
20:35:27.0116 4012 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:35:27.0132 4012 tunnel - ok
20:35:27.0163 4012 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:35:27.0163 4012 uagp35 - ok
20:35:27.0210 4012 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:35:27.0210 4012 udfs - ok
20:35:27.0256 4012 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:35:27.0256 4012 UI0Detect - ok
20:35:27.0288 4012 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:35:27.0288 4012 uliagpkx - ok
20:35:27.0303 4012 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:35:27.0303 4012 umbus - ok
20:35:27.0334 4012 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:35:27.0350 4012 UmPass - ok
20:35:27.0584 4012 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:35:27.0662 4012 UNS - ok
20:35:27.0693 4012 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:35:27.0709 4012 upnphost - ok
20:35:27.0756 4012 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:35:27.0756 4012 usbaudio - ok
20:35:27.0802 4012 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:35:27.0802 4012 usbccgp - ok
20:35:27.0818 4012 USBCCID - ok
20:35:27.0849 4012 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:35:27.0849 4012 usbcir - ok
20:35:27.0880 4012 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:35:27.0880 4012 usbehci - ok
20:35:27.0896 4012 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:35:27.0912 4012 usbhub - ok
20:35:27.0958 4012 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:35:27.0958 4012 usbohci - ok
20:35:27.0990 4012 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:35:27.0990 4012 usbprint - ok
20:35:28.0021 4012 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:35:28.0021 4012 usbscan - ok
20:35:28.0068 4012 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:35:28.0068 4012 USBSTOR - ok
20:35:28.0099 4012 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:35:28.0099 4012 usbuhci - ok
20:35:28.0146 4012 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:35:28.0146 4012 usbvideo - ok
20:35:28.0192 4012 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:35:28.0192 4012 UxSms - ok
20:35:28.0208 4012 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:35:28.0208 4012 VaultSvc - ok
20:35:28.0239 4012 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:35:28.0239 4012 vdrvroot - ok
20:35:28.0270 4012 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:35:28.0286 4012 vds - ok
20:35:28.0302 4012 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:35:28.0302 4012 vga - ok
20:35:28.0333 4012 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:35:28.0333 4012 VgaSave - ok
20:35:28.0364 4012 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:35:28.0364 4012 vhdmp - ok
20:35:28.0395 4012 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:35:28.0395 4012 viaide - ok
20:35:28.0411 4012 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:35:28.0426 4012 volmgr - ok
20:35:28.0458 4012 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:35:28.0473 4012 volmgrx - ok
20:35:28.0504 4012 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:35:28.0504 4012 volsnap - ok
20:35:28.0551 4012 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:35:28.0551 4012 vsmraid - ok
20:35:28.0614 4012 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:35:28.0660 4012 VSS - ok
20:35:28.0692 4012 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:35:28.0692 4012 vwifibus - ok
20:35:28.0723 4012 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:35:28.0723 4012 vwififlt - ok
20:35:28.0754 4012 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:35:28.0754 4012 W32Time - ok
20:35:28.0785 4012 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:35:28.0785 4012 WacomPen - ok
20:35:28.0816 4012 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:35:28.0816 4012 WANARP - ok
20:35:28.0816 4012 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:35:28.0832 4012 Wanarpv6 - ok
20:35:28.0894 4012 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:35:28.0957 4012 wbengine - ok
20:35:29.0004 4012 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:35:29.0019 4012 WbioSrvc - ok
20:35:29.0097 4012 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:35:29.0113 4012 wcncsvc - ok
20:35:29.0128 4012 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:35:29.0128 4012 WcsPlugInService - ok
20:35:29.0160 4012 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:35:29.0160 4012 Wd - ok
20:35:29.0238 4012 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:35:29.0253 4012 Wdf01000 - ok
20:35:29.0284 4012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:35:29.0284 4012 WdiServiceHost - ok
20:35:29.0300 4012 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:35:29.0300 4012 WdiSystemHost - ok
20:35:29.0316 4012 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:35:29.0331 4012 WebClient - ok
20:35:29.0347 4012 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:35:29.0347 4012 Wecsvc - ok
20:35:29.0362 4012 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:35:29.0362 4012 wercplsupport - ok
20:35:29.0394 4012 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:35:29.0409 4012 WerSvc - ok
20:35:29.0425 4012 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:35:29.0425 4012 WfpLwf - ok
20:35:29.0440 4012 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:35:29.0456 4012 WIMMount - ok
20:35:29.0487 4012 WinDefend - ok
20:35:29.0503 4012 WinHttpAutoProxySvc - ok
20:35:29.0550 4012 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:35:29.0550 4012 Winmgmt - ok
20:35:29.0628 4012 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:35:29.0706 4012 WinRM - ok
20:35:29.0768 4012 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:35:29.0768 4012 WinUsb - ok
20:35:29.0815 4012 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
20:35:29.0815 4012 WisLMSvc - ok
20:35:29.0862 4012 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:35:29.0877 4012 Wlansvc - ok
20:35:30.0548 4012 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:35:30.0610 4012 wlidsvc - ok
20:35:30.0657 4012 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:35:30.0657 4012 WmiAcpi - ok
20:35:30.0720 4012 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:35:30.0735 4012 wmiApSrv - ok
20:35:30.0766 4012 WMPNetworkSvc - ok
20:35:30.0782 4012 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:35:30.0798 4012 WPCSvc - ok
20:35:30.0829 4012 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:35:30.0829 4012 WPDBusEnum - ok
20:35:30.0876 4012 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:35:30.0876 4012 ws2ifsl - ok
20:35:30.0907 4012 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:35:30.0907 4012 wscsvc - ok
20:35:30.0922 4012 WSearch - ok
20:35:31.0406 4012 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:35:31.0484 4012 wuauserv - ok
20:35:31.0500 4012 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:35:31.0515 4012 WudfPf - ok
20:35:31.0546 4012 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:35:31.0546 4012 WUDFRd - ok
20:35:31.0578 4012 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:35:31.0593 4012 wudfsvc - ok
20:35:31.0624 4012 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:35:31.0624 4012 WwanSvc - ok
20:35:31.0687 4012 [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
20:35:31.0687 4012 X10Hid - ok
20:35:31.0734 4012 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
20:35:31.0734 4012 x10nets - ok
20:35:31.0796 4012 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
20:35:31.0796 4012 XUIF - ok
20:35:31.0827 4012 ================ Scan global ===============================
20:35:31.0858 4012 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:35:31.0874 4012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:35:31.0890 4012 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:35:31.0905 4012 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:35:31.0936 4012 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:35:31.0936 4012 [Global] - ok
20:35:31.0936 4012 ================ Scan MBR ==================================
20:35:31.0968 4012 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
20:35:35.0275 4012 \Device\Harddisk0\DR0 - ok
20:35:35.0275 4012 ================ Scan VBR ==================================
20:35:35.0290 4012 [ 56301140A3C91A5C1DAD71C89DE78A9F ] \Device\Harddisk0\DR0\Partition1
20:35:35.0290 4012 \Device\Harddisk0\DR0\Partition1 - ok
20:35:35.0322 4012 [ DE3B932713AAD7095AC3A00C4F0A245E ] \Device\Harddisk0\DR0\Partition2
20:35:35.0322 4012 \Device\Harddisk0\DR0\Partition2 - ok
20:35:35.0353 4012 [ B194FE945CEFEF9FB26C96C6E6BE0016 ] \Device\Harddisk0\DR0\Partition3
20:35:35.0353 4012 \Device\Harddisk0\DR0\Partition3 - ok
20:35:35.0353 4012 ============================================================
20:35:35.0353 4012 Scan finished
20:35:35.0353 4012 ============================================================
20:35:35.0384 3980 Detected object count: 0
20:35:35.0384 3980 Actual detected object count: 0
|
|
12.06.2013, 14:41
| #6 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? TDSS killer nach anleitung konfigurieren und ausführen bitteb
__________________ --> wssetup.exe - Virus ja/ nein? |
|
12.06.2013, 17:13
| #7 |
| | wssetup.exe - Virus ja/ nein? Anscheinend hatte ich irgendwas falsch gemacht... naja egal. Hier also der Log (4 Threads gefunden): Code:
ATTFilter 18:05:51.0437 3192 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:05:53.0528 3192 ============================================================
18:05:53.0528 3192 Current date / time: 2013/06/12 18:05:53.0528
18:05:53.0528 3192 SystemInfo:
18:05:53.0528 3192
18:05:53.0528 3192 OS Version: 6.1.7601 ServicePack: 1.0
18:05:53.0528 3192 Product type: Workstation
18:05:53.0528 3192 ComputerName: ****-PC
18:05:53.0528 3192 UserName: ****
18:05:53.0528 3192 Windows directory: C:\Windows
18:05:53.0528 3192 System windows directory: C:\Windows
18:05:53.0528 3192 Running under WOW64
18:05:53.0528 3192 Processor architecture: Intel x64
18:05:53.0528 3192 Number of processors: 4
18:05:53.0528 3192 Page size: 0x1000
18:05:53.0528 3192 Boot type: Normal boot
18:05:53.0528 3192 ============================================================
18:05:55.0057 3192 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:05:55.0072 3192 ============================================================
18:05:55.0072 3192 \Device\Harddisk0\DR0:
18:05:55.0072 3192 MBR partitions:
18:05:55.0072 3192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:05:55.0072 3192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
18:05:55.0072 3192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
18:05:55.0072 3192 ============================================================
18:05:55.0150 3192 C: <-> \Device\Harddisk0\DR0\Partition2
18:05:55.0384 3192 D: <-> \Device\Harddisk0\DR0\Partition3
18:05:55.0384 3192 ============================================================
18:05:55.0384 3192 Initialize success
18:05:55.0384 3192 ============================================================
18:06:54.0337 5096 ============================================================
18:06:54.0337 5096 Scan started
18:06:54.0337 5096 Mode: Manual; SigCheck; TDLFS;
18:06:54.0337 5096 ============================================================
18:06:55.0538 5096 ================ Scan system memory ========================
18:06:55.0538 5096 System memory - ok
18:06:55.0538 5096 ================ Scan services =============================
18:06:56.0006 5096 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:06:56.0224 5096 1394ohci - ok
18:06:56.0271 5096 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:06:56.0302 5096 ACPI - ok
18:06:56.0349 5096 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:06:56.0489 5096 AcpiPmi - ok
18:06:56.0926 5096 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:06:56.0942 5096 AdobeARMservice - ok
18:06:57.0160 5096 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:06:57.0176 5096 AdobeFlashPlayerUpdateSvc - ok
18:06:57.0223 5096 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:06:57.0254 5096 adp94xx - ok
18:06:57.0316 5096 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:06:57.0347 5096 adpahci - ok
18:06:57.0379 5096 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:06:57.0394 5096 adpu320 - ok
18:06:57.0441 5096 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:06:57.0644 5096 AeLookupSvc - ok
18:06:57.0691 5096 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:06:57.0769 5096 AFD - ok
18:06:57.0815 5096 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:06:57.0831 5096 agp440 - ok
18:06:57.0878 5096 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:06:57.0940 5096 ALG - ok
18:06:58.0003 5096 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:06:58.0034 5096 aliide - ok
18:06:58.0049 5096 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:06:58.0065 5096 amdide - ok
18:06:58.0112 5096 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:06:58.0174 5096 AmdK8 - ok
18:06:58.0221 5096 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:06:58.0252 5096 AmdPPM - ok
18:06:58.0315 5096 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:06:58.0330 5096 amdsata - ok
18:06:58.0408 5096 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:06:58.0439 5096 amdsbs - ok
18:06:58.0471 5096 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:06:58.0486 5096 amdxata - ok
18:06:58.0533 5096 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:06:58.0751 5096 AppID - ok
18:06:58.0783 5096 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:06:58.0861 5096 AppIDSvc - ok
18:06:58.0907 5096 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
18:06:58.0970 5096 Appinfo - ok
18:06:59.0048 5096 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:06:59.0063 5096 arc - ok
18:06:59.0079 5096 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:06:59.0095 5096 arcsas - ok
18:06:59.0141 5096 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:06:59.0188 5096 AsyncMac - ok
18:06:59.0235 5096 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:06:59.0266 5096 atapi - ok
18:06:59.0344 5096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:06:59.0469 5096 AudioEndpointBuilder - ok
18:06:59.0485 5096 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:06:59.0531 5096 AudioSrv - ok
18:06:59.0594 5096 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:06:59.0703 5096 AxInstSV - ok
18:06:59.0797 5096 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:06:59.0921 5096 b06bdrv - ok
18:07:00.0031 5096 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:07:00.0171 5096 b57nd60a - ok
18:07:00.0311 5096 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
18:07:00.0327 5096 BBSvc - ok
18:07:00.0389 5096 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
18:07:00.0405 5096 BBUpdate - ok
18:07:00.0452 5096 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:07:00.0483 5096 BDESVC - ok
18:07:00.0545 5096 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:07:00.0608 5096 Beep - ok
18:07:00.0701 5096 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:07:00.0795 5096 BFE - ok
18:07:01.0154 5096 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
18:07:01.0263 5096 BHDrvx64 - ok
18:07:01.0325 5096 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:07:01.0450 5096 BITS - ok
18:07:01.0481 5096 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:07:01.0513 5096 blbdrive - ok
18:07:01.0559 5096 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:07:01.0606 5096 bowser - ok
18:07:01.0653 5096 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:07:01.0778 5096 BrFiltLo - ok
18:07:01.0793 5096 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:07:01.0825 5096 BrFiltUp - ok
18:07:01.0871 5096 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:07:01.0949 5096 Browser - ok
18:07:01.0996 5096 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:07:02.0074 5096 Brserid - ok
18:07:02.0105 5096 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:07:02.0152 5096 BrSerWdm - ok
18:07:02.0199 5096 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:07:02.0246 5096 BrUsbMdm - ok
18:07:02.0324 5096 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:07:02.0371 5096 BrUsbSer - ok
18:07:02.0449 5096 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:07:02.0480 5096 BTHMODEM - ok
18:07:02.0542 5096 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:07:02.0636 5096 bthserv - ok
18:07:02.0729 5096 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
18:07:02.0761 5096 ccSet_NIS - ok
18:07:02.0792 5096 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:07:02.0885 5096 cdfs - ok
18:07:02.0948 5096 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:07:02.0995 5096 cdrom - ok
18:07:03.0073 5096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:07:03.0166 5096 CertPropSvc - ok
18:07:03.0197 5096 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:07:03.0244 5096 circlass - ok
18:07:03.0307 5096 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:07:03.0338 5096 CLFS - ok
18:07:03.0431 5096 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:03.0447 5096 clr_optimization_v2.0.50727_32 - ok
18:07:03.0509 5096 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:07:03.0525 5096 clr_optimization_v2.0.50727_64 - ok
18:07:03.0587 5096 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:07:03.0619 5096 clr_optimization_v4.0.30319_32 - ok
18:07:03.0665 5096 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:07:03.0681 5096 clr_optimization_v4.0.30319_64 - ok
18:07:03.0728 5096 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:07:03.0775 5096 CmBatt - ok
18:07:03.0837 5096 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:07:03.0853 5096 cmdide - ok
18:07:03.0899 5096 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:07:03.0977 5096 CNG - ok
18:07:04.0024 5096 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:07:04.0040 5096 Compbatt - ok
18:07:04.0087 5096 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:07:04.0149 5096 CompositeBus - ok
18:07:04.0180 5096 COMSysApp - ok
18:07:04.0211 5096 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:07:04.0227 5096 crcdisk - ok
18:07:04.0305 5096 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:07:04.0399 5096 CryptSvc - ok
18:07:04.0477 5096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:07:04.0586 5096 DcomLaunch - ok
18:07:04.0617 5096 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:07:04.0742 5096 defragsvc - ok
18:07:04.0804 5096 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:07:04.0867 5096 DfsC - ok
18:07:04.0913 5096 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:07:04.0991 5096 Dhcp - ok
18:07:05.0007 5096 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:07:05.0085 5096 discache - ok
18:07:05.0132 5096 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:07:05.0147 5096 Disk - ok
18:07:05.0225 5096 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:07:05.0272 5096 Dnscache - ok
18:07:05.0335 5096 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:07:05.0397 5096 dot3svc - ok
18:07:05.0428 5096 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:07:05.0491 5096 DPS - ok
18:07:05.0522 5096 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:07:05.0600 5096 drmkaud - ok
18:07:05.0725 5096 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:07:05.0771 5096 DXGKrnl - ok
18:07:05.0803 5096 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:07:05.0865 5096 EapHost - ok
18:07:06.0037 5096 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:07:06.0177 5096 ebdrv - ok
18:07:06.0380 5096 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:07:06.0411 5096 eeCtrl - ok
18:07:06.0427 5096 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:07:06.0505 5096 EFS - ok
18:07:06.0723 5096 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:07:06.0785 5096 ehRecvr - ok
18:07:06.0848 5096 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:07:06.0895 5096 ehSched - ok
18:07:06.0957 5096 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:07:06.0988 5096 elxstor - ok
18:07:07.0019 5096 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:07:07.0035 5096 EraserUtilRebootDrv - ok
18:07:07.0066 5096 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:07:07.0082 5096 ErrDev - ok
18:07:07.0160 5096 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:07:07.0222 5096 EventSystem - ok
18:07:07.0253 5096 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:07:07.0316 5096 exfat - ok
18:07:07.0378 5096 Fabs - ok
18:07:07.0394 5096 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:07:07.0472 5096 fastfat - ok
18:07:07.0519 5096 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:07:07.0612 5096 Fax - ok
18:07:07.0643 5096 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:07:07.0675 5096 fdc - ok
18:07:07.0721 5096 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:07:07.0799 5096 fdPHost - ok
18:07:07.0815 5096 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:07:07.0877 5096 FDResPub - ok
18:07:07.0909 5096 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:07:07.0924 5096 FileInfo - ok
18:07:07.0940 5096 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:07:08.0018 5096 Filetrace - ok
18:07:08.0143 5096 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
18:07:08.0252 5096 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
18:07:08.0252 5096 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
18:07:08.0299 5096 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:07:08.0314 5096 flpydisk - ok
18:07:08.0345 5096 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:07:08.0392 5096 FltMgr - ok
18:07:08.0455 5096 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
18:07:08.0533 5096 FontCache - ok
18:07:08.0611 5096 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:07:08.0626 5096 FontCache3.0.0.0 - ok
18:07:08.0657 5096 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:07:08.0689 5096 FsDepends - ok
18:07:08.0751 5096 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:07:08.0782 5096 fssfltr - ok
18:07:09.0203 5096 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:07:09.0266 5096 fsssvc - ok
18:07:09.0297 5096 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:07:09.0313 5096 Fs_Rec - ok
18:07:09.0359 5096 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:07:09.0406 5096 fvevol - ok
18:07:09.0437 5096 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:07:09.0453 5096 gagp30kx - ok
18:07:09.0515 5096 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:07:09.0593 5096 gpsvc - ok
18:07:09.0640 5096 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:07:09.0656 5096 hamachi - ok
18:07:09.0796 5096 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
18:07:09.0905 5096 Hamachi2Svc - ok
18:07:09.0952 5096 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:07:10.0015 5096 hcw85cir - ok
18:07:10.0046 5096 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:07:10.0108 5096 HdAudAddService - ok
18:07:10.0171 5096 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:07:10.0217 5096 HDAudBus - ok
18:07:10.0264 5096 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:07:10.0295 5096 HECIx64 - ok
18:07:10.0311 5096 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:07:10.0358 5096 HidBatt - ok
18:07:10.0420 5096 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:07:10.0451 5096 HidBth - ok
18:07:10.0483 5096 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:07:10.0514 5096 HidIr - ok
18:07:10.0545 5096 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:07:10.0623 5096 hidserv - ok
18:07:10.0685 5096 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:07:10.0701 5096 HidUsb - ok
18:07:10.0748 5096 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:07:10.0841 5096 hkmsvc - ok
18:07:10.0888 5096 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:07:10.0966 5096 HomeGroupListener - ok
18:07:10.0997 5096 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:07:11.0044 5096 HomeGroupProvider - ok
18:07:11.0075 5096 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:07:11.0091 5096 HpSAMD - ok
18:07:11.0278 5096 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:07:11.0372 5096 HTTP - ok
18:07:11.0419 5096 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:07:11.0450 5096 hwpolicy - ok
18:07:11.0465 5096 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:07:11.0481 5096 i8042prt - ok
18:07:11.0512 5096 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:07:11.0543 5096 iaStor - ok
18:07:11.0621 5096 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:07:11.0637 5096 IAStorDataMgrSvc - ok
18:07:11.0684 5096 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:07:11.0731 5096 iaStorV - ok
18:07:11.0809 5096 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
18:07:11.0918 5096 IBUpdaterService - ok
18:07:12.0058 5096 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:07:12.0089 5096 idsvc - ok
18:07:12.0183 5096 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130611.001\IDSvia64.sys
18:07:12.0230 5096 IDSVia64 - ok
18:07:13.0884 5096 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:07:14.0274 5096 igfx - ok
18:07:14.0352 5096 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:07:14.0383 5096 iirsp - ok
18:07:14.0430 5096 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:07:14.0539 5096 IKEEXT - ok
18:07:14.0570 5096 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:07:14.0632 5096 Impcd - ok
18:07:14.0742 5096 [ 257CE93C4C83A869F67C8121A34D57EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:07:14.0851 5096 IntcAzAudAddService - ok
18:07:14.0898 5096 [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:07:14.0960 5096 IntcDAud - ok
18:07:14.0991 5096 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:07:15.0007 5096 intelide - ok
18:07:15.0038 5096 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:07:15.0069 5096 intelppm - ok
18:07:15.0085 5096 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:07:15.0163 5096 IPBusEnum - ok
18:07:15.0194 5096 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:07:15.0241 5096 IpFilterDriver - ok
18:07:15.0428 5096 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:07:15.0522 5096 iphlpsvc - ok
18:07:15.0615 5096 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:07:15.0678 5096 IPMIDRV - ok
18:07:15.0756 5096 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:07:15.0849 5096 IPNAT - ok
18:07:15.0880 5096 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:07:15.0990 5096 IRENUM - ok
18:07:16.0021 5096 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:07:16.0021 5096 isapnp - ok
18:07:16.0083 5096 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:07:16.0099 5096 iScsiPrt - ok
18:07:16.0130 5096 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:07:16.0146 5096 kbdclass - ok
18:07:16.0177 5096 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:07:16.0208 5096 kbdhid - ok
18:07:16.0255 5096 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:07:16.0270 5096 KeyIso - ok
18:07:16.0348 5096 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:07:16.0380 5096 KSecDD - ok
18:07:16.0411 5096 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:07:16.0426 5096 KSecPkg - ok
18:07:16.0473 5096 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:07:16.0551 5096 ksthunk - ok
18:07:16.0692 5096 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:07:16.0801 5096 KtmRm - ok
18:07:16.0832 5096 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
18:07:16.0848 5096 L1C - ok
18:07:16.0894 5096 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:07:16.0957 5096 LanmanServer - ok
18:07:17.0019 5096 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:07:17.0097 5096 LanmanWorkstation - ok
18:07:17.0144 5096 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:07:17.0191 5096 lltdio - ok
18:07:17.0222 5096 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:07:17.0269 5096 lltdsvc - ok
18:07:17.0284 5096 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:07:17.0347 5096 lmhosts - ok
18:07:17.0440 5096 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:07:17.0472 5096 LMS - ok
18:07:17.0503 5096 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:07:17.0518 5096 LSI_FC - ok
18:07:17.0550 5096 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:07:17.0565 5096 LSI_SAS - ok
18:07:17.0596 5096 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:07:17.0612 5096 LSI_SAS2 - ok
18:07:17.0643 5096 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:07:17.0659 5096 LSI_SCSI - ok
18:07:17.0706 5096 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:07:17.0799 5096 luafv - ok
18:07:17.0924 5096 [ 06407E13684E4B1AD56C62893E718248 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe
18:07:17.0955 5096 lxdfCATSCustConnectService - ok
18:07:17.0971 5096 lxdf_device - ok
18:07:18.0018 5096 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:07:18.0049 5096 Mcx2Svc - ok
18:07:18.0080 5096 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:07:18.0096 5096 megasas - ok
18:07:18.0189 5096 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:07:18.0236 5096 MegaSR - ok
18:07:18.0267 5096 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:07:18.0345 5096 MMCSS - ok
18:07:18.0423 5096 [ F7AB9BBD2D973607C0E69B1D79C7611F ] mod7764 C:\Windows\system32\DRIVERS\mod77-64.sys
18:07:18.0486 5096 mod7764 - ok
18:07:18.0517 5096 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:07:18.0579 5096 Modem - ok
18:07:18.0610 5096 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:07:18.0657 5096 monitor - ok
18:07:18.0704 5096 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:07:18.0735 5096 mouclass - ok
18:07:18.0782 5096 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:07:18.0829 5096 mouhid - ok
18:07:18.0891 5096 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:07:18.0907 5096 mountmgr - ok
18:07:18.0969 5096 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:07:18.0985 5096 MozillaMaintenance - ok
18:07:19.0032 5096 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:07:19.0047 5096 mpio - ok
18:07:19.0094 5096 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:07:19.0172 5096 mpsdrv - ok
18:07:19.0422 5096 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:07:19.0500 5096 MpsSvc - ok
18:07:19.0546 5096 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:07:19.0609 5096 MRxDAV - ok
18:07:19.0687 5096 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:07:19.0765 5096 mrxsmb - ok
18:07:19.0874 5096 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:07:19.0952 5096 mrxsmb10 - ok
18:07:19.0999 5096 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:07:20.0030 5096 mrxsmb20 - ok
18:07:20.0061 5096 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:07:20.0092 5096 msahci - ok
18:07:20.0155 5096 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:07:20.0186 5096 msdsm - ok
18:07:20.0202 5096 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:07:20.0233 5096 MSDTC - ok
18:07:20.0264 5096 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:07:20.0311 5096 Msfs - ok
18:07:20.0342 5096 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:07:20.0373 5096 mshidkmdf - ok
18:07:20.0404 5096 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:07:20.0420 5096 msisadrv - ok
18:07:20.0451 5096 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:07:20.0514 5096 MSiSCSI - ok
18:07:20.0514 5096 msiserver - ok
18:07:20.0560 5096 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:07:20.0623 5096 MSKSSRV - ok
18:07:20.0623 5096 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:07:20.0701 5096 MSPCLOCK - ok
18:07:20.0732 5096 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:07:20.0794 5096 MSPQM - ok
18:07:20.0919 5096 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:07:20.0950 5096 MsRPC - ok
18:07:20.0982 5096 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:07:20.0997 5096 mssmbios - ok
18:07:21.0028 5096 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:07:21.0075 5096 MSTEE - ok
18:07:21.0122 5096 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:07:21.0138 5096 MTConfig - ok
18:07:21.0153 5096 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:07:21.0169 5096 Mup - ok
18:07:21.0231 5096 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:07:21.0294 5096 napagent - ok
18:07:21.0340 5096 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:07:21.0387 5096 NativeWifiP - ok
18:07:21.0606 5096 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\ENG64.SYS
18:07:21.0637 5096 NAVENG - ok
18:07:21.0730 5096 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\EX64.SYS
18:07:21.0840 5096 NAVEX15 - ok
18:07:21.0902 5096 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:07:21.0996 5096 NDIS - ok
18:07:22.0027 5096 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:07:22.0089 5096 NdisCap - ok
18:07:22.0136 5096 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:07:22.0183 5096 NdisTapi - ok
18:07:22.0214 5096 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:07:22.0261 5096 Ndisuio - ok
18:07:22.0308 5096 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:07:22.0386 5096 NdisWan - ok
18:07:22.0401 5096 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:07:22.0479 5096 NDProxy - ok
18:07:22.0526 5096 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:07:22.0588 5096 NetBIOS - ok
18:07:22.0635 5096 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:07:22.0698 5096 NetBT - ok
18:07:22.0713 5096 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:07:22.0729 5096 Netlogon - ok
18:07:22.0776 5096 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:07:22.0869 5096 Netman - ok
18:07:22.0885 5096 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:07:22.0932 5096 netprofm - ok
18:07:22.0978 5096 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:22.0978 5096 NetTcpPortSharing - ok
18:07:23.0010 5096 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:07:23.0025 5096 nfrd960 - ok
18:07:23.0696 5096 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe
18:07:23.0727 5096 NIS - ok
18:07:23.0743 5096 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:07:23.0805 5096 NlaSvc - ok
18:07:23.0852 5096 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
18:07:23.0868 5096 NPF - ok
18:07:23.0883 5096 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:07:23.0930 5096 Npfs - ok
18:07:23.0992 5096 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:07:24.0055 5096 nsi - ok
18:07:24.0070 5096 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:07:24.0148 5096 nsiproxy - ok
18:07:24.0273 5096 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:07:24.0336 5096 Ntfs - ok
18:07:24.0367 5096 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:07:24.0460 5096 Null - ok
18:07:24.0476 5096 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:07:24.0492 5096 nvraid - ok
18:07:24.0554 5096 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:07:24.0585 5096 nvstor - ok
18:07:24.0616 5096 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:07:24.0632 5096 nv_agp - ok
18:07:24.0663 5096 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:07:24.0710 5096 ohci1394 - ok
18:07:24.0772 5096 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:24.0788 5096 ose - ok
18:07:25.0038 5096 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:07:25.0303 5096 osppsvc - ok
18:07:25.0428 5096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:07:25.0474 5096 p2pimsvc - ok
18:07:25.0506 5096 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:07:25.0537 5096 p2psvc - ok
18:07:25.0552 5096 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:07:25.0584 5096 Parport - ok
18:07:25.0599 5096 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:07:25.0630 5096 partmgr - ok
18:07:25.0693 5096 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:07:25.0740 5096 PcaSvc - ok
18:07:25.0802 5096 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:07:25.0833 5096 pci - ok
18:07:25.0849 5096 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:07:25.0864 5096 pciide - ok
18:07:25.0896 5096 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:07:25.0911 5096 pcmcia - ok
18:07:25.0942 5096 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:07:25.0958 5096 pcw - ok
18:07:25.0989 5096 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:07:26.0067 5096 PEAUTH - ok
18:07:26.0301 5096 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:07:26.0379 5096 PerfHost - ok
18:07:26.0707 5096 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:07:26.0847 5096 pla - ok
18:07:26.0910 5096 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:07:26.0956 5096 PlugPlay - ok
18:07:26.0988 5096 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:07:27.0034 5096 PNRPAutoReg - ok
18:07:27.0050 5096 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:07:27.0081 5096 PNRPsvc - ok
18:07:27.0112 5096 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:07:27.0175 5096 PolicyAgent - ok
18:07:27.0222 5096 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:07:27.0284 5096 Power - ok
18:07:27.0331 5096 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:07:27.0409 5096 PptpMiniport - ok
18:07:27.0424 5096 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:07:27.0440 5096 Processor - ok
18:07:27.0487 5096 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:07:27.0534 5096 ProfSvc - ok
18:07:27.0549 5096 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:07:27.0580 5096 ProtectedStorage - ok
18:07:27.0627 5096 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:07:27.0690 5096 Psched - ok
18:07:27.0752 5096 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:07:27.0768 5096 PSI_SVC_2 - ok
18:07:28.0111 5096 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:07:28.0204 5096 ql2300 - ok
18:07:28.0236 5096 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:07:28.0267 5096 ql40xx - ok
18:07:28.0298 5096 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:07:28.0329 5096 QWAVE - ok
18:07:28.0345 5096 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:07:28.0392 5096 QWAVEdrv - ok
18:07:28.0407 5096 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:07:28.0454 5096 RasAcd - ok
18:07:28.0485 5096 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:07:28.0548 5096 RasAgileVpn - ok
18:07:28.0563 5096 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:07:28.0672 5096 RasAuto - ok
18:07:28.0719 5096 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:07:28.0782 5096 Rasl2tp - ok
18:07:28.0828 5096 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:07:28.0891 5096 RasMan - ok
18:07:28.0938 5096 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:07:29.0000 5096 RasPppoe - ok
18:07:29.0016 5096 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:07:29.0062 5096 RasSstp - ok
18:07:29.0109 5096 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:07:29.0172 5096 rdbss - ok
18:07:29.0203 5096 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:07:29.0218 5096 rdpbus - ok
18:07:29.0234 5096 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:07:29.0296 5096 RDPCDD - ok
18:07:29.0343 5096 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:07:29.0406 5096 RDPENCDD - ok
18:07:29.0406 5096 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:07:29.0452 5096 RDPREFMP - ok
18:07:29.0484 5096 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:07:29.0546 5096 RDPWD - ok
18:07:29.0593 5096 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:07:29.0624 5096 rdyboost - ok
18:07:29.0671 5096 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:07:29.0733 5096 RemoteAccess - ok
18:07:29.0764 5096 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:07:29.0827 5096 RemoteRegistry - ok
18:07:29.0920 5096 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:07:29.0936 5096 RichVideo ( UnsignedFile.Multi.Generic ) - warning
18:07:29.0936 5096 RichVideo - detected UnsignedFile.Multi.Generic (1)
18:07:30.0076 5096 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
18:07:30.0108 5096 rpcapd - ok
18:07:30.0139 5096 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:07:30.0232 5096 RpcEptMapper - ok
18:07:30.0264 5096 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:07:30.0326 5096 RpcLocator - ok
18:07:30.0388 5096 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:07:30.0451 5096 RpcSs - ok
18:07:30.0544 5096 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:07:30.0607 5096 rspndr - ok
18:07:30.0654 5096 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:07:30.0700 5096 RSUSBSTOR - ok
18:07:30.0763 5096 [ 8E843C0340C30994161C10FBA87EEA18 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:07:30.0810 5096 rtl8192se - ok
18:07:30.0825 5096 RtsUIR - ok
18:07:30.0841 5096 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:07:30.0856 5096 SamSs - ok
18:07:30.0888 5096 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:07:30.0934 5096 sbp2port - ok
18:07:30.0966 5096 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:07:31.0044 5096 SCardSvr - ok
18:07:31.0090 5096 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:07:31.0168 5096 scfilter - ok
18:07:31.0231 5096 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:07:31.0356 5096 Schedule - ok
18:07:31.0418 5096 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:07:31.0480 5096 SCPolicySvc - ok
18:07:31.0574 5096 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:07:31.0636 5096 SDRSVC - ok
18:07:31.0668 5096 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:07:31.0746 5096 secdrv - ok
18:07:31.0777 5096 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:07:31.0839 5096 seclogon - ok
18:07:31.0886 5096 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:07:31.0948 5096 SENS - ok
18:07:31.0964 5096 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:07:32.0042 5096 SensrSvc - ok
18:07:32.0073 5096 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:07:32.0120 5096 Serenum - ok
18:07:32.0151 5096 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:07:32.0167 5096 Serial - ok
18:07:32.0198 5096 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:07:32.0245 5096 sermouse - ok
18:07:32.0307 5096 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:07:32.0385 5096 SessionEnv - ok
18:07:32.0416 5096 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:07:32.0432 5096 sffdisk - ok
18:07:32.0463 5096 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:07:32.0510 5096 sffp_mmc - ok
18:07:32.0510 5096 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:07:32.0541 5096 sffp_sd - ok
18:07:32.0557 5096 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:07:32.0588 5096 sfloppy - ok
18:07:32.0619 5096 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:07:32.0682 5096 SharedAccess - ok
18:07:32.0713 5096 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:07:32.0775 5096 ShellHWDetection - ok
18:07:32.0822 5096 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:07:32.0838 5096 SiSRaid2 - ok
18:07:32.0869 5096 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:07:32.0884 5096 SiSRaid4 - ok
18:07:32.0947 5096 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:07:32.0978 5096 SkypeUpdate - ok
18:07:33.0025 5096 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:07:33.0087 5096 Smb - ok
18:07:33.0134 5096 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:07:33.0165 5096 SNMPTRAP - ok
18:07:33.0196 5096 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:07:33.0212 5096 spldr - ok
18:07:33.0243 5096 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:07:33.0321 5096 Spooler - ok
18:07:33.0446 5096 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:07:33.0618 5096 sppsvc - ok
18:07:33.0664 5096 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:07:33.0742 5096 sppuinotify - ok
18:07:34.0008 5096 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
18:07:34.0039 5096 SRTSP - ok
18:07:34.0070 5096 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
18:07:34.0070 5096 SRTSPX - ok
18:07:34.0132 5096 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:07:34.0195 5096 srv - ok
18:07:34.0210 5096 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:07:34.0257 5096 srv2 - ok
18:07:34.0304 5096 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:07:34.0335 5096 srvnet - ok
18:07:34.0382 5096 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:07:34.0429 5096 SSDPSRV - ok
18:07:34.0444 5096 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:07:34.0491 5096 SstpSvc - ok
18:07:34.0522 5096 Steam Client Service - ok
18:07:34.0538 5096 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:07:34.0554 5096 stexstor - ok
18:07:34.0616 5096 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:07:34.0694 5096 stisvc - ok
18:07:34.0897 5096 [ 3FB1D84D673B4A9AF3856C8843C7A464 ] StumbleUponUpdater C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
18:07:34.0897 5096 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - warning
18:07:34.0897 5096 StumbleUponUpdater - detected UnsignedFile.Multi.Generic (1)
18:07:34.0928 5096 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:07:34.0944 5096 swenum - ok
18:07:35.0053 5096 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:07:35.0115 5096 swprv - ok
18:07:35.0162 5096 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
18:07:35.0193 5096 SymDS - ok
18:07:35.0256 5096 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
18:07:35.0334 5096 SymEFA - ok
18:07:35.0380 5096 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:07:35.0412 5096 SymEvent - ok
18:07:35.0427 5096 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
18:07:35.0427 5096 SymIM - ok
18:07:35.0474 5096 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
18:07:35.0490 5096 SymIRON - ok
18:07:35.0536 5096 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
18:07:35.0568 5096 SymNetS - ok
18:07:35.0661 5096 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:07:35.0692 5096 SynTP - ok
18:07:35.0755 5096 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:07:35.0895 5096 SysMain - ok
18:07:35.0926 5096 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:07:35.0942 5096 TabletInputService - ok
18:07:35.0989 5096 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:07:36.0067 5096 TapiSrv - ok
18:07:36.0098 5096 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:07:36.0176 5096 TBS - ok
18:07:36.0254 5096 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:07:36.0363 5096 Tcpip - ok
18:07:36.0394 5096 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:07:36.0441 5096 TCPIP6 - ok
18:07:36.0488 5096 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:07:36.0519 5096 tcpipreg - ok
18:07:36.0550 5096 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:07:36.0597 5096 TDPIPE - ok
18:07:36.0628 5096 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:07:36.0660 5096 TDTCP - ok
18:07:36.0691 5096 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:07:36.0753 5096 tdx - ok
18:07:36.0800 5096 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:07:36.0831 5096 TermDD - ok
18:07:36.0878 5096 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:07:36.0925 5096 TermService - ok
18:07:36.0956 5096 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:07:37.0034 5096 Themes - ok
18:07:37.0065 5096 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:07:37.0112 5096 THREADORDER - ok
18:07:37.0143 5096 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:07:37.0221 5096 TrkWks - ok
18:07:37.0315 5096 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:07:37.0377 5096 TrustedInstaller - ok
18:07:37.0424 5096 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:07:37.0471 5096 tssecsrv - ok
18:07:37.0518 5096 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:07:37.0564 5096 TsUsbFlt - ok
18:07:37.0627 5096 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:07:37.0705 5096 tunnel - ok
18:07:37.0752 5096 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:07:37.0783 5096 uagp35 - ok
18:07:37.0830 5096 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:07:37.0923 5096 udfs - ok
18:07:37.0986 5096 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:07:38.0032 5096 UI0Detect - ok
18:07:38.0079 5096 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:07:38.0095 5096 uliagpkx - ok
18:07:38.0126 5096 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:07:38.0157 5096 umbus - ok
18:07:38.0204 5096 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:07:38.0220 5096 UmPass - ok
18:07:38.0968 5096 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:07:39.0093 5096 UNS - ok
18:07:39.0218 5096 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:07:39.0280 5096 upnphost - ok
18:07:39.0343 5096 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:07:39.0390 5096 usbaudio - ok
18:07:39.0452 5096 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:07:39.0514 5096 usbccgp - ok
18:07:39.0530 5096 USBCCID - ok
18:07:39.0561 5096 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:07:39.0592 5096 usbcir - ok
18:07:39.0624 5096 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:07:39.0655 5096 usbehci - ok
18:07:39.0780 5096 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:07:39.0826 5096 usbhub - ok
18:07:39.0842 5096 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:07:39.0889 5096 usbohci - ok
18:07:39.0920 5096 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:07:39.0967 5096 usbprint - ok
18:07:39.0982 5096 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:07:39.0998 5096 usbscan - ok
18:07:40.0045 5096 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:07:40.0107 5096 USBSTOR - ok
18:07:40.0138 5096 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:07:40.0170 5096 usbuhci - ok
18:07:40.0248 5096 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:07:40.0294 5096 usbvideo - ok
18:07:40.0326 5096 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:07:40.0388 5096 UxSms - ok
18:07:40.0435 5096 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:07:40.0466 5096 VaultSvc - ok
18:07:40.0513 5096 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:07:40.0528 5096 vdrvroot - ok
18:07:40.0560 5096 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:07:40.0638 5096 vds - ok
18:07:40.0684 5096 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:07:40.0700 5096 vga - ok
18:07:40.0716 5096 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:07:40.0762 5096 VgaSave - ok
18:07:40.0856 5096 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:07:40.0887 5096 vhdmp - ok
18:07:40.0934 5096 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:07:40.0950 5096 viaide - ok
18:07:40.0981 5096 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:07:40.0996 5096 volmgr - ok
18:07:41.0090 5096 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:07:41.0121 5096 volmgrx - ok
18:07:41.0152 5096 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:07:41.0168 5096 volsnap - ok
18:07:41.0215 5096 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:07:41.0246 5096 vsmraid - ok
18:07:41.0480 5096 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:07:41.0558 5096 VSS - ok
18:07:41.0589 5096 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:07:41.0636 5096 vwifibus - ok
18:07:41.0667 5096 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:07:41.0714 5096 vwififlt - ok
18:07:41.0761 5096 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:07:41.0823 5096 W32Time - ok
18:07:41.0870 5096 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:07:41.0917 5096 WacomPen - ok
18:07:41.0948 5096 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:07:42.0026 5096 WANARP - ok
18:07:42.0026 5096 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:07:42.0073 5096 Wanarpv6 - ok
18:07:42.0166 5096 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:07:42.0260 5096 wbengine - ok
18:07:42.0291 5096 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:07:42.0338 5096 WbioSrvc - ok
18:07:42.0400 5096 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:07:42.0463 5096 wcncsvc - ok
18:07:42.0478 5096 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:07:42.0541 5096 WcsPlugInService - ok
18:07:42.0572 5096 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:07:42.0588 5096 Wd - ok
18:07:42.0634 5096 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:07:42.0666 5096 Wdf01000 - ok
18:07:42.0697 5096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:07:42.0790 5096 WdiServiceHost - ok
18:07:42.0806 5096 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:07:42.0822 5096 WdiSystemHost - ok
18:07:42.0853 5096 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:07:42.0900 5096 WebClient - ok
18:07:42.0931 5096 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:07:42.0993 5096 Wecsvc - ok
18:07:43.0024 5096 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:07:43.0087 5096 wercplsupport - ok
18:07:43.0118 5096 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:07:43.0165 5096 WerSvc - ok
18:07:43.0212 5096 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:07:43.0290 5096 WfpLwf - ok
18:07:43.0305 5096 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:07:43.0321 5096 WIMMount - ok
18:07:43.0321 5096 WinDefend - ok
18:07:43.0352 5096 WinHttpAutoProxySvc - ok
18:07:43.0383 5096 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:07:43.0477 5096 Winmgmt - ok
18:07:43.0836 5096 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:07:44.0023 5096 WinRM - ok
18:07:44.0054 5096 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:07:44.0070 5096 WinUsb - ok
18:07:44.0179 5096 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
18:07:44.0179 5096 WisLMSvc - ok
18:07:44.0257 5096 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:07:44.0319 5096 Wlansvc - ok
18:07:44.0943 5096 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:07:45.0084 5096 wlidsvc - ok
18:07:45.0115 5096 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:07:45.0162 5096 WmiAcpi - ok
18:07:45.0208 5096 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:07:45.0255 5096 wmiApSrv - ok
18:07:45.0286 5096 WMPNetworkSvc - ok
18:07:45.0318 5096 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:07:45.0349 5096 WPCSvc - ok
18:07:45.0380 5096 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:07:45.0396 5096 WPDBusEnum - ok
18:07:45.0427 5096 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:07:45.0474 5096 ws2ifsl - ok
18:07:45.0520 5096 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:07:45.0583 5096 wscsvc - ok
18:07:45.0583 5096 WSearch - ok
18:07:45.0676 5096 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:07:45.0848 5096 wuauserv - ok
18:07:45.0910 5096 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:07:45.0957 5096 WudfPf - ok
18:07:46.0020 5096 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:07:46.0051 5096 WUDFRd - ok
18:07:46.0113 5096 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:07:46.0160 5096 wudfsvc - ok
18:07:46.0207 5096 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
18:07:46.0269 5096 WwanSvc - ok
18:07:46.0316 5096 [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
18:07:46.0332 5096 X10Hid - ok
18:07:46.0394 5096 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
18:07:46.0410 5096 x10nets ( UnsignedFile.Multi.Generic ) - warning
18:07:46.0410 5096 x10nets - detected UnsignedFile.Multi.Generic (1)
18:07:46.0441 5096 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
18:07:46.0456 5096 XUIF - ok
18:07:46.0488 5096 ================ Scan global ===============================
18:07:46.0519 5096 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:07:46.0550 5096 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:07:46.0550 5096 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
18:07:46.0581 5096 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:07:46.0597 5096 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:07:46.0612 5096 [Global] - ok
18:07:46.0612 5096 ================ Scan MBR ==================================
18:07:46.0628 5096 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
18:07:50.0840 5096 \Device\Harddisk0\DR0 - ok
18:07:50.0840 5096 ================ Scan VBR ==================================
18:07:50.0871 5096 [ 56301140A3C91A5C1DAD71C89DE78A9F ] \Device\Harddisk0\DR0\Partition1
18:07:50.0871 5096 \Device\Harddisk0\DR0\Partition1 - ok
18:07:50.0934 5096 [ DE3B932713AAD7095AC3A00C4F0A245E ] \Device\Harddisk0\DR0\Partition2
18:07:50.0934 5096 \Device\Harddisk0\DR0\Partition2 - ok
18:07:50.0965 5096 [ B194FE945CEFEF9FB26C96C6E6BE0016 ] \Device\Harddisk0\DR0\Partition3
18:07:50.0965 5096 \Device\Harddisk0\DR0\Partition3 - ok
18:07:50.0965 5096 ============================================================
18:07:50.0965 5096 Scan finished
18:07:50.0965 5096 ============================================================
18:07:50.0980 3380 Detected object count: 4
18:07:50.0980 3380 Actual detected object count: 4
18:08:12.0883 3380 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:12.0883 3380 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:12.0883 3380 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:12.0883 3380 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:12.0883 3380 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:12.0883 3380 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:08:12.0883 3380 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
18:08:12.0883 3380 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2013, 17:49
| #8 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 18:12
| #9 |
| | wssetup.exe - Virus ja/ nein? ich weiß nicht, was ich falsch mache o_O - ich habe alle programme geschlossen - programm ausgeführt und die zwei häkchen ergänzt - scan gestartet - alles auf skip, continue, programm geschlossen und pc neugestartet ich hoffe jetzt passt alles... Code:
ATTFilter 19:05:08.0199 4420 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:05:08.0433 4420 ============================================================
19:05:08.0433 4420 Current date / time: 2013/06/12 19:05:08.0433
19:05:08.0433 4420 SystemInfo:
19:05:08.0433 4420
19:05:08.0433 4420 OS Version: 6.1.7601 ServicePack: 1.0
19:05:08.0433 4420 Product type: Workstation
19:05:08.0433 4420 ComputerName: ****-PC
19:05:08.0433 4420 UserName: ****
19:05:08.0433 4420 Windows directory: C:\Windows
19:05:08.0433 4420 System windows directory: C:\Windows
19:05:08.0433 4420 Running under WOW64
19:05:08.0433 4420 Processor architecture: Intel x64
19:05:08.0433 4420 Number of processors: 4
19:05:08.0433 4420 Page size: 0x1000
19:05:08.0433 4420 Boot type: Normal boot
19:05:08.0433 4420 ============================================================
19:05:08.0964 4420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:05:08.0964 4420 ============================================================
19:05:08.0964 4420 \Device\Harddisk0\DR0:
19:05:08.0964 4420 MBR partitions:
19:05:08.0964 4420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:05:08.0964 4420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000
19:05:08.0964 4420 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000
19:05:08.0964 4420 ============================================================
19:05:08.0995 4420 C: <-> \Device\Harddisk0\DR0\Partition2
19:05:09.0151 4420 D: <-> \Device\Harddisk0\DR0\Partition3
19:05:09.0151 4420 ============================================================
19:05:09.0151 4420 Initialize success
19:05:09.0151 4420 ============================================================
19:05:31.0802 0988 ============================================================
19:05:31.0802 0988 Scan started
19:05:31.0802 0988 Mode: Manual; SigCheck; TDLFS;
19:05:31.0802 0988 ============================================================
19:05:32.0036 0988 ================ Scan system memory ========================
19:05:32.0036 0988 System memory - ok
19:05:32.0036 0988 ================ Scan services =============================
19:05:32.0426 0988 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:05:32.0613 0988 1394ohci - ok
19:05:32.0676 0988 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:05:32.0707 0988 ACPI - ok
19:05:32.0754 0988 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:05:32.0801 0988 AcpiPmi - ok
19:05:32.0988 0988 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:33.0019 0988 AdobeARMservice - ok
19:05:33.0237 0988 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:05:33.0269 0988 AdobeFlashPlayerUpdateSvc - ok
19:05:33.0315 0988 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:33.0362 0988 adp94xx - ok
19:05:33.0409 0988 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:05:33.0425 0988 adpahci - ok
19:05:33.0456 0988 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:05:33.0487 0988 adpu320 - ok
19:05:33.0534 0988 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:05:33.0596 0988 AeLookupSvc - ok
19:05:33.0674 0988 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:05:33.0752 0988 AFD - ok
19:05:33.0783 0988 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:05:33.0815 0988 agp440 - ok
19:05:33.0877 0988 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:05:33.0971 0988 ALG - ok
19:05:34.0017 0988 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:05:34.0033 0988 aliide - ok
19:05:34.0049 0988 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:05:34.0064 0988 amdide - ok
19:05:34.0095 0988 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:05:34.0158 0988 AmdK8 - ok
19:05:34.0189 0988 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:05:34.0251 0988 AmdPPM - ok
19:05:34.0283 0988 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:05:34.0314 0988 amdsata - ok
19:05:34.0361 0988 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:34.0392 0988 amdsbs - ok
19:05:34.0407 0988 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:05:34.0423 0988 amdxata - ok
19:05:34.0470 0988 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:05:34.0548 0988 AppID - ok
19:05:34.0579 0988 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:05:34.0673 0988 AppIDSvc - ok
19:05:34.0735 0988 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:05:34.0782 0988 Appinfo - ok
19:05:34.0860 0988 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:05:34.0891 0988 arc - ok
19:05:34.0907 0988 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:05:34.0922 0988 arcsas - ok
19:05:34.0969 0988 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:35.0063 0988 AsyncMac - ok
19:05:35.0109 0988 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:05:35.0125 0988 atapi - ok
19:05:35.0203 0988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:35.0281 0988 AudioEndpointBuilder - ok
19:05:35.0312 0988 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:05:35.0359 0988 AudioSrv - ok
19:05:35.0406 0988 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:05:35.0499 0988 AxInstSV - ok
19:05:35.0562 0988 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:35.0655 0988 b06bdrv - ok
19:05:35.0702 0988 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:05:35.0749 0988 b57nd60a - ok
19:05:35.0843 0988 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
19:05:35.0889 0988 BBSvc - ok
19:05:35.0936 0988 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
19:05:35.0983 0988 BBUpdate - ok
19:05:36.0030 0988 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:05:36.0061 0988 BDESVC - ok
19:05:36.0123 0988 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:05:36.0248 0988 Beep - ok
19:05:36.0311 0988 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:05:36.0373 0988 BFE - ok
19:05:36.0576 0988 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys
19:05:36.0701 0988 BHDrvx64 - ok
19:05:36.0763 0988 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:05:36.0888 0988 BITS - ok
19:05:36.0919 0988 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:05:36.0950 0988 blbdrive - ok
19:05:36.0997 0988 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:05:37.0028 0988 bowser - ok
19:05:37.0075 0988 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:05:37.0137 0988 BrFiltLo - ok
19:05:37.0169 0988 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:05:37.0184 0988 BrFiltUp - ok
19:05:37.0215 0988 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:05:37.0278 0988 Browser - ok
19:05:37.0325 0988 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:05:37.0387 0988 Brserid - ok
19:05:37.0418 0988 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:05:37.0449 0988 BrSerWdm - ok
19:05:37.0496 0988 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:05:37.0559 0988 BrUsbMdm - ok
19:05:37.0590 0988 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:05:37.0621 0988 BrUsbSer - ok
19:05:37.0652 0988 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:05:37.0683 0988 BTHMODEM - ok
19:05:37.0730 0988 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:05:37.0824 0988 bthserv - ok
19:05:37.0933 0988 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
19:05:37.0949 0988 ccSet_NIS - ok
19:05:37.0980 0988 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:05:38.0058 0988 cdfs - ok
19:05:38.0105 0988 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:05:38.0167 0988 cdrom - ok
19:05:38.0229 0988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:05:38.0307 0988 CertPropSvc - ok
19:05:38.0323 0988 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:05:38.0385 0988 circlass - ok
19:05:38.0432 0988 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:05:38.0463 0988 CLFS - ok
19:05:38.0557 0988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:38.0573 0988 clr_optimization_v2.0.50727_32 - ok
19:05:38.0635 0988 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:38.0651 0988 clr_optimization_v2.0.50727_64 - ok
19:05:38.0713 0988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:38.0744 0988 clr_optimization_v4.0.30319_32 - ok
19:05:38.0775 0988 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:38.0791 0988 clr_optimization_v4.0.30319_64 - ok
19:05:38.0838 0988 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:05:38.0885 0988 CmBatt - ok
19:05:38.0947 0988 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:05:38.0978 0988 cmdide - ok
19:05:39.0025 0988 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:05:39.0072 0988 CNG - ok
19:05:39.0103 0988 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:05:39.0119 0988 Compbatt - ok
19:05:39.0150 0988 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:05:39.0212 0988 CompositeBus - ok
19:05:39.0228 0988 COMSysApp - ok
19:05:39.0243 0988 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:05:39.0259 0988 crcdisk - ok
19:05:39.0290 0988 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:05:39.0368 0988 CryptSvc - ok
19:05:39.0415 0988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:05:39.0477 0988 DcomLaunch - ok
19:05:39.0524 0988 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:05:39.0633 0988 defragsvc - ok
19:05:39.0680 0988 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:05:39.0758 0988 DfsC - ok
19:05:39.0805 0988 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:05:39.0883 0988 Dhcp - ok
19:05:39.0930 0988 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:05:40.0008 0988 discache - ok
19:05:40.0055 0988 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:05:40.0070 0988 Disk - ok
19:05:40.0101 0988 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:05:40.0164 0988 Dnscache - ok
19:05:40.0195 0988 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:05:40.0289 0988 dot3svc - ok
19:05:40.0320 0988 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:05:40.0398 0988 DPS - ok
19:05:40.0429 0988 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:05:40.0476 0988 drmkaud - ok
19:05:40.0523 0988 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:05:40.0569 0988 DXGKrnl - ok
19:05:40.0601 0988 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:05:40.0647 0988 EapHost - ok
19:05:40.0757 0988 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:05:40.0928 0988 ebdrv - ok
19:05:41.0006 0988 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:05:41.0037 0988 eeCtrl - ok
19:05:41.0069 0988 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:05:41.0147 0988 EFS - ok
19:05:41.0225 0988 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:05:41.0318 0988 ehRecvr - ok
19:05:41.0365 0988 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:05:41.0412 0988 ehSched - ok
19:05:41.0459 0988 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:05:41.0490 0988 elxstor - ok
19:05:41.0537 0988 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:05:41.0552 0988 EraserUtilRebootDrv - ok
19:05:41.0583 0988 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:05:41.0615 0988 ErrDev - ok
19:05:41.0661 0988 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:05:41.0739 0988 EventSystem - ok
19:05:41.0771 0988 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:05:41.0817 0988 exfat - ok
19:05:41.0895 0988 Fabs - ok
19:05:41.0911 0988 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:05:41.0989 0988 fastfat - ok
19:05:42.0067 0988 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:05:42.0161 0988 Fax - ok
19:05:42.0207 0988 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:05:42.0223 0988 fdc - ok
19:05:42.0254 0988 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:05:42.0301 0988 fdPHost - ok
19:05:42.0317 0988 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:05:42.0379 0988 FDResPub - ok
19:05:42.0426 0988 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:05:42.0441 0988 FileInfo - ok
19:05:42.0457 0988 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:05:42.0566 0988 Filetrace - ok
19:05:42.0675 0988 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
19:05:42.0816 0988 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:05:42.0816 0988 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:05:42.0863 0988 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:05:42.0878 0988 flpydisk - ok
19:05:42.0925 0988 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:05:42.0972 0988 FltMgr - ok
19:05:43.0019 0988 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:05:43.0112 0988 FontCache - ok
19:05:43.0190 0988 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:05:43.0206 0988 FontCache3.0.0.0 - ok
19:05:43.0237 0988 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:05:43.0268 0988 FsDepends - ok
19:05:43.0315 0988 [ C2E475625F2C6F7DCDE4E920523A0573 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:05:43.0346 0988 fssfltr - ok
19:05:43.0455 0988 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:05:43.0533 0988 fsssvc - ok
19:05:43.0565 0988 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:05:43.0580 0988 Fs_Rec - ok
19:05:43.0627 0988 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:05:43.0674 0988 fvevol - ok
19:05:43.0705 0988 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:05:43.0736 0988 gagp30kx - ok
19:05:43.0783 0988 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:05:43.0861 0988 gpsvc - ok
19:05:43.0908 0988 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:05:43.0923 0988 hamachi - ok
19:05:44.0048 0988 [ DBCF8F2EA9111510B5B86E1EE9CD8816 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:05:44.0157 0988 Hamachi2Svc - ok
19:05:44.0189 0988 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:05:44.0267 0988 hcw85cir - ok
19:05:44.0313 0988 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:05:44.0376 0988 HdAudAddService - ok
19:05:44.0423 0988 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:05:44.0454 0988 HDAudBus - ok
19:05:44.0516 0988 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:05:44.0532 0988 HECIx64 - ok
19:05:44.0563 0988 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:05:44.0610 0988 HidBatt - ok
19:05:44.0641 0988 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:05:44.0688 0988 HidBth - ok
19:05:44.0719 0988 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:05:44.0750 0988 HidIr - ok
19:05:44.0797 0988 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:05:44.0875 0988 hidserv - ok
19:05:44.0906 0988 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:05:44.0937 0988 HidUsb - ok
19:05:44.0984 0988 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:05:45.0078 0988 hkmsvc - ok
19:05:45.0125 0988 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:05:45.0203 0988 HomeGroupListener - ok
19:05:45.0249 0988 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:05:45.0296 0988 HomeGroupProvider - ok
19:05:45.0312 0988 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:05:45.0343 0988 HpSAMD - ok
19:05:45.0405 0988 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:05:45.0483 0988 HTTP - ok
19:05:45.0515 0988 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:05:45.0530 0988 hwpolicy - ok
19:05:45.0561 0988 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:05:45.0608 0988 i8042prt - ok
19:05:45.0655 0988 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:05:45.0686 0988 iaStor - ok
19:05:45.0749 0988 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:05:45.0764 0988 IAStorDataMgrSvc - ok
19:05:45.0795 0988 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:05:45.0827 0988 iaStorV - ok
19:05:45.0951 0988 [ C58305AC412A2DE95D461072E0AF5AAF ] IBUpdaterService C:\Windows\system32\dmwu.exe
19:05:46.0029 0988 IBUpdaterService - ok
19:05:46.0092 0988 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:05:46.0154 0988 idsvc - ok
19:05:46.0264 0988 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130611.001\IDSvia64.sys
19:05:46.0295 0988 IDSVia64 - ok
19:05:46.0576 0988 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:05:46.0950 0988 igfx - ok
19:05:46.0997 0988 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:05:47.0012 0988 iirsp - ok
19:05:47.0059 0988 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:05:47.0137 0988 IKEEXT - ok
19:05:47.0168 0988 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:05:47.0215 0988 Impcd - ok
19:05:47.0293 0988 [ 257CE93C4C83A869F67C8121A34D57EC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:05:47.0418 0988 IntcAzAudAddService - ok
19:05:47.0449 0988 [ DA24C1F66EE1B5A92E045376D7A44B58 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:05:47.0465 0988 IntcDAud - ok
19:05:47.0496 0988 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:05:47.0512 0988 intelide - ok
19:05:47.0543 0988 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:05:47.0574 0988 intelppm - ok
19:05:47.0605 0988 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:05:47.0668 0988 IPBusEnum - ok
19:05:47.0714 0988 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:05:47.0777 0988 IpFilterDriver - ok
19:05:47.0870 0988 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:05:47.0902 0988 iphlpsvc - ok
19:05:47.0948 0988 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:05:47.0995 0988 IPMIDRV - ok
19:05:48.0026 0988 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:05:48.0089 0988 IPNAT - ok
19:05:48.0136 0988 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:05:48.0182 0988 IRENUM - ok
19:05:48.0214 0988 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:05:48.0229 0988 isapnp - ok
19:05:48.0260 0988 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:05:48.0292 0988 iScsiPrt - ok
19:05:48.0307 0988 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:05:48.0323 0988 kbdclass - ok
19:05:48.0370 0988 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:05:48.0401 0988 kbdhid - ok
19:05:48.0448 0988 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:05:48.0463 0988 KeyIso - ok
19:05:48.0494 0988 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:05:48.0510 0988 KSecDD - ok
19:05:48.0541 0988 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:05:48.0572 0988 KSecPkg - ok
19:05:48.0588 0988 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:05:48.0666 0988 ksthunk - ok
19:05:48.0713 0988 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:05:48.0775 0988 KtmRm - ok
19:05:48.0822 0988 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:05:48.0853 0988 L1C - ok
19:05:48.0900 0988 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:05:48.0962 0988 LanmanServer - ok
19:05:49.0009 0988 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:05:49.0056 0988 LanmanWorkstation - ok
19:05:49.0103 0988 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:05:49.0165 0988 lltdio - ok
19:05:49.0196 0988 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:05:49.0243 0988 lltdsvc - ok
19:05:49.0259 0988 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:05:49.0306 0988 lmhosts - ok
19:05:49.0384 0988 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:05:49.0415 0988 LMS - ok
19:05:49.0446 0988 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:05:49.0462 0988 LSI_FC - ok
19:05:49.0493 0988 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:05:49.0508 0988 LSI_SAS - ok
19:05:49.0524 0988 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:05:49.0540 0988 LSI_SAS2 - ok
19:05:49.0571 0988 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:05:49.0586 0988 LSI_SCSI - ok
19:05:49.0618 0988 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:05:49.0696 0988 luafv - ok
19:05:49.0789 0988 [ 06407E13684E4B1AD56C62893E718248 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe
19:05:49.0820 0988 lxdfCATSCustConnectService - ok
19:05:49.0867 0988 lxdf_device - ok
19:05:49.0914 0988 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:05:49.0961 0988 Mcx2Svc - ok
19:05:49.0992 0988 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:05:50.0008 0988 megasas - ok
19:05:50.0039 0988 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:05:50.0054 0988 MegaSR - ok
19:05:50.0086 0988 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:05:50.0148 0988 MMCSS - ok
19:05:50.0226 0988 [ F7AB9BBD2D973607C0E69B1D79C7611F ] mod7764 C:\Windows\system32\DRIVERS\mod77-64.sys
19:05:50.0288 0988 mod7764 - ok
19:05:50.0320 0988 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:05:50.0398 0988 Modem - ok
19:05:50.0413 0988 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:05:50.0444 0988 monitor - ok
19:05:50.0491 0988 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:05:50.0522 0988 mouclass - ok
19:05:50.0554 0988 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:05:50.0600 0988 mouhid - ok
19:05:50.0632 0988 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:05:50.0647 0988 mountmgr - ok
19:05:50.0694 0988 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:05:50.0710 0988 MozillaMaintenance - ok
19:05:50.0741 0988 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:05:50.0772 0988 mpio - ok
19:05:50.0819 0988 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:05:50.0881 0988 mpsdrv - ok
19:05:50.0928 0988 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:05:50.0990 0988 MpsSvc - ok
19:05:51.0022 0988 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:05:51.0068 0988 MRxDAV - ok
19:05:51.0100 0988 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:05:51.0131 0988 mrxsmb - ok
19:05:51.0162 0988 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:05:51.0193 0988 mrxsmb10 - ok
19:05:51.0224 0988 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:05:51.0240 0988 mrxsmb20 - ok
19:05:51.0271 0988 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:05:51.0287 0988 msahci - ok
19:05:51.0318 0988 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:05:51.0349 0988 msdsm - ok
19:05:51.0380 0988 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:05:51.0396 0988 MSDTC - ok
19:05:51.0443 0988 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:05:51.0490 0988 Msfs - ok
19:05:51.0521 0988 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:05:51.0568 0988 mshidkmdf - ok
19:05:51.0599 0988 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:05:51.0614 0988 msisadrv - ok
19:05:51.0646 0988 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:05:51.0692 0988 MSiSCSI - ok
19:05:51.0692 0988 msiserver - ok
19:05:51.0739 0988 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:05:51.0802 0988 MSKSSRV - ok
19:05:51.0817 0988 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:05:51.0880 0988 MSPCLOCK - ok
19:05:51.0895 0988 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:05:51.0958 0988 MSPQM - ok
19:05:51.0989 0988 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:05:52.0036 0988 MsRPC - ok
19:05:52.0051 0988 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:05:52.0067 0988 mssmbios - ok
19:05:52.0098 0988 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:05:52.0160 0988 MSTEE - ok
19:05:52.0192 0988 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:05:52.0223 0988 MTConfig - ok
19:05:52.0238 0988 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:05:52.0254 0988 Mup - ok
19:05:52.0316 0988 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:05:52.0426 0988 napagent - ok
19:05:52.0472 0988 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:05:52.0535 0988 NativeWifiP - ok
19:05:52.0644 0988 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\ENG64.SYS
19:05:52.0675 0988 NAVENG - ok
19:05:52.0753 0988 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130611.003\EX64.SYS
19:05:52.0909 0988 NAVEX15 - ok
19:05:52.0956 0988 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:05:52.0987 0988 NDIS - ok
19:05:53.0034 0988 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:05:53.0096 0988 NdisCap - ok
19:05:53.0128 0988 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:05:53.0159 0988 NdisTapi - ok
19:05:53.0206 0988 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:05:53.0252 0988 Ndisuio - ok
19:05:53.0299 0988 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:05:53.0362 0988 NdisWan - ok
19:05:53.0377 0988 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:05:53.0455 0988 NDProxy - ok
19:05:53.0502 0988 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:05:53.0580 0988 NetBIOS - ok
19:05:53.0627 0988 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:05:53.0720 0988 NetBT - ok
19:05:53.0736 0988 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:05:53.0752 0988 Netlogon - ok
19:05:53.0814 0988 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:05:53.0892 0988 Netman - ok
19:05:53.0908 0988 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:05:53.0970 0988 netprofm - ok
19:05:54.0001 0988 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:54.0032 0988 NetTcpPortSharing - ok
19:05:54.0048 0988 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:05:54.0064 0988 nfrd960 - ok
19:05:54.0173 0988 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe
19:05:54.0188 0988 NIS - ok
19:05:54.0220 0988 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:05:54.0266 0988 NlaSvc - ok
19:05:54.0298 0988 [ 351533ACC2A069B94E80BBFC177E8FDF ] NPF C:\Windows\system32\drivers\npf.sys
19:05:54.0313 0988 NPF - ok
19:05:54.0329 0988 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:05:54.0376 0988 Npfs - ok
19:05:54.0407 0988 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:05:54.0469 0988 nsi - ok
19:05:54.0485 0988 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:05:54.0563 0988 nsiproxy - ok
19:05:54.0641 0988 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:05:54.0734 0988 Ntfs - ok
19:05:54.0750 0988 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:05:54.0828 0988 Null - ok
19:05:54.0859 0988 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:05:54.0875 0988 nvraid - ok
19:05:54.0906 0988 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:05:54.0922 0988 nvstor - ok
19:05:54.0968 0988 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:05:55.0000 0988 nv_agp - ok
19:05:55.0015 0988 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:05:55.0062 0988 ohci1394 - ok
19:05:55.0124 0988 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:55.0140 0988 ose - ok
19:05:55.0327 0988 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:05:55.0530 0988 osppsvc - ok
19:05:55.0577 0988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:05:55.0639 0988 p2pimsvc - ok
19:05:55.0670 0988 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:05:55.0702 0988 p2psvc - ok
19:05:55.0733 0988 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:05:55.0748 0988 Parport - ok
19:05:55.0780 0988 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:05:55.0795 0988 partmgr - ok
19:05:55.0842 0988 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:05:55.0889 0988 PcaSvc - ok
19:05:55.0920 0988 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:05:55.0951 0988 pci - ok
19:05:55.0982 0988 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:05:55.0998 0988 pciide - ok
19:05:56.0029 0988 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:05:56.0045 0988 pcmcia - ok
19:05:56.0092 0988 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:05:56.0123 0988 pcw - ok
19:05:56.0185 0988 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:05:56.0279 0988 PEAUTH - ok
19:05:56.0404 0988 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:05:56.0435 0988 PerfHost - ok
19:05:56.0528 0988 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:05:56.0669 0988 pla - ok
19:05:56.0731 0988 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:05:56.0778 0988 PlugPlay - ok
19:05:56.0809 0988 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:05:56.0856 0988 PNRPAutoReg - ok
19:05:56.0887 0988 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:05:56.0918 0988 PNRPsvc - ok
19:05:56.0965 0988 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:05:57.0028 0988 PolicyAgent - ok
19:05:57.0059 0988 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:05:57.0106 0988 Power - ok
19:05:57.0152 0988 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:05:57.0230 0988 PptpMiniport - ok
19:05:57.0262 0988 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:05:57.0277 0988 Processor - ok
19:05:57.0308 0988 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:05:57.0340 0988 ProfSvc - ok
19:05:57.0355 0988 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:05:57.0371 0988 ProtectedStorage - ok
19:05:57.0433 0988 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:05:57.0511 0988 Psched - ok
19:05:57.0558 0988 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:05:57.0605 0988 PSI_SVC_2 - ok
19:05:57.0652 0988 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:05:57.0761 0988 ql2300 - ok
19:05:57.0792 0988 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:05:57.0808 0988 ql40xx - ok
19:05:57.0854 0988 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:05:57.0901 0988 QWAVE - ok
19:05:57.0932 0988 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:05:57.0995 0988 QWAVEdrv - ok
19:05:58.0010 0988 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:05:58.0042 0988 RasAcd - ok
19:05:58.0073 0988 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:05:58.0120 0988 RasAgileVpn - ok
19:05:58.0151 0988 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:05:58.0229 0988 RasAuto - ok
19:05:58.0276 0988 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:05:58.0354 0988 Rasl2tp - ok
19:05:58.0385 0988 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:05:58.0463 0988 RasMan - ok
19:05:58.0494 0988 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:05:58.0541 0988 RasPppoe - ok
19:05:58.0556 0988 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:05:58.0619 0988 RasSstp - ok
19:05:58.0650 0988 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:05:58.0744 0988 rdbss - ok
19:05:58.0775 0988 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:05:58.0806 0988 rdpbus - ok
19:05:58.0837 0988 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:05:58.0900 0988 RDPCDD - ok
19:05:58.0931 0988 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:05:58.0993 0988 RDPENCDD - ok
19:05:59.0009 0988 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:05:59.0040 0988 RDPREFMP - ok
19:05:59.0087 0988 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:05:59.0149 0988 RDPWD - ok
19:05:59.0196 0988 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:05:59.0227 0988 rdyboost - ok
19:05:59.0274 0988 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:05:59.0336 0988 RemoteAccess - ok
19:05:59.0383 0988 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:05:59.0461 0988 RemoteRegistry - ok
19:05:59.0539 0988 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:05:59.0555 0988 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:05:59.0555 0988 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:05:59.0633 0988 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files (x86)\WinPcap\rpcapd.exe
19:05:59.0664 0988 rpcapd - ok
19:05:59.0695 0988 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:05:59.0773 0988 RpcEptMapper - ok
19:05:59.0820 0988 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:05:59.0836 0988 RpcLocator - ok
19:05:59.0914 0988 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:05:59.0992 0988 RpcSs - ok
19:06:00.0007 0988 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:06:00.0070 0988 rspndr - ok
19:06:00.0132 0988 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
19:06:00.0179 0988 RSUSBSTOR - ok
19:06:00.0226 0988 [ 8E843C0340C30994161C10FBA87EEA18 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
19:06:00.0304 0988 rtl8192se - ok
19:06:00.0304 0988 RtsUIR - ok
19:06:00.0335 0988 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:06:00.0350 0988 SamSs - ok
19:06:00.0382 0988 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:06:00.0397 0988 sbp2port - ok
19:06:00.0428 0988 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:06:00.0506 0988 SCardSvr - ok
19:06:00.0538 0988 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:06:00.0631 0988 scfilter - ok
19:06:00.0662 0988 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:06:00.0740 0988 Schedule - ok
19:06:00.0772 0988 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:06:00.0834 0988 SCPolicySvc - ok
19:06:00.0881 0988 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:06:00.0928 0988 SDRSVC - ok
19:06:00.0974 0988 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:06:01.0037 0988 secdrv - ok
19:06:01.0068 0988 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:06:01.0130 0988 seclogon - ok
19:06:01.0177 0988 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:06:01.0255 0988 SENS - ok
19:06:01.0286 0988 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:06:01.0349 0988 SensrSvc - ok
19:06:01.0396 0988 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:06:01.0427 0988 Serenum - ok
19:06:01.0458 0988 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:06:01.0489 0988 Serial - ok
19:06:01.0536 0988 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:06:01.0567 0988 sermouse - ok
19:06:01.0598 0988 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:06:01.0661 0988 SessionEnv - ok
19:06:01.0692 0988 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:06:01.0708 0988 sffdisk - ok
19:06:01.0739 0988 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:06:01.0770 0988 sffp_mmc - ok
19:06:01.0786 0988 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:06:01.0817 0988 sffp_sd - ok
19:06:01.0848 0988 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:06:01.0895 0988 sfloppy - ok
19:06:01.0926 0988 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:06:02.0004 0988 SharedAccess - ok
19:06:02.0035 0988 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:06:02.0098 0988 ShellHWDetection - ok
19:06:02.0129 0988 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:06:02.0160 0988 SiSRaid2 - ok
19:06:02.0191 0988 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:06:02.0222 0988 SiSRaid4 - ok
19:06:02.0316 0988 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:06:02.0347 0988 SkypeUpdate - ok
19:06:02.0378 0988 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:06:02.0441 0988 Smb - ok
19:06:02.0488 0988 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:06:02.0519 0988 SNMPTRAP - ok
19:06:02.0534 0988 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:06:02.0550 0988 spldr - ok
19:06:02.0597 0988 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:06:02.0659 0988 Spooler - ok
19:06:02.0800 0988 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:06:02.0971 0988 sppsvc - ok
19:06:03.0002 0988 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:06:03.0049 0988 sppuinotify - ok
19:06:03.0143 0988 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
19:06:03.0205 0988 SRTSP - ok
19:06:03.0221 0988 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
19:06:03.0236 0988 SRTSPX - ok
19:06:03.0268 0988 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:06:03.0314 0988 srv - ok
19:06:03.0346 0988 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:06:03.0377 0988 srv2 - ok
19:06:03.0408 0988 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:06:03.0439 0988 srvnet - ok
19:06:03.0470 0988 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:06:03.0517 0988 SSDPSRV - ok
19:06:03.0533 0988 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:06:03.0580 0988 SstpSvc - ok
19:06:03.0611 0988 Steam Client Service - ok
19:06:03.0626 0988 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:06:03.0642 0988 stexstor - ok
19:06:03.0704 0988 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:06:03.0782 0988 stisvc - ok
19:06:03.0923 0988 [ 3FB1D84D673B4A9AF3856C8843C7A464 ] StumbleUponUpdater C:\Users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
19:06:03.0938 0988 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - warning
19:06:03.0938 0988 StumbleUponUpdater - detected UnsignedFile.Multi.Generic (1)
19:06:03.0970 0988 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:06:03.0985 0988 swenum - ok
19:06:04.0032 0988 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:06:04.0110 0988 swprv - ok
19:06:04.0172 0988 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
19:06:04.0204 0988 SymDS - ok
19:06:04.0250 0988 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
19:06:04.0313 0988 SymEFA - ok
19:06:04.0375 0988 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:06:04.0406 0988 SymEvent - ok
19:06:04.0438 0988 [ BFD99DC6C7FEB2F8B20D488FDF3A9A55 ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
19:06:04.0453 0988 SymIM - ok
19:06:04.0484 0988 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
19:06:04.0500 0988 SymIRON - ok
19:06:04.0531 0988 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
19:06:04.0562 0988 SymNetS - ok
19:06:04.0625 0988 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:06:04.0656 0988 SynTP - ok
19:06:04.0734 0988 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:06:04.0828 0988 SysMain - ok
19:06:04.0843 0988 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:06:04.0874 0988 TabletInputService - ok
19:06:04.0890 0988 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:06:04.0952 0988 TapiSrv - ok
19:06:04.0984 0988 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:06:05.0062 0988 TBS - ok
19:06:05.0140 0988 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:06:05.0264 0988 Tcpip - ok
19:06:05.0327 0988 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:06:05.0374 0988 TCPIP6 - ok
19:06:05.0420 0988 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:06:05.0452 0988 tcpipreg - ok
19:06:05.0483 0988 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:06:05.0530 0988 TDPIPE - ok
19:06:05.0545 0988 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:06:05.0592 0988 TDTCP - ok
19:06:05.0623 0988 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:06:05.0686 0988 tdx - ok
19:06:05.0717 0988 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:06:05.0732 0988 TermDD - ok
19:06:05.0779 0988 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:06:05.0826 0988 TermService - ok
19:06:05.0857 0988 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:06:05.0904 0988 Themes - ok
19:06:05.0935 0988 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:06:05.0998 0988 THREADORDER - ok
19:06:06.0013 0988 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:06:06.0076 0988 TrkWks - ok
19:06:06.0138 0988 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:06:06.0216 0988 TrustedInstaller - ok
19:06:06.0247 0988 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:06:06.0294 0988 tssecsrv - ok
19:06:06.0341 0988 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:06:06.0388 0988 TsUsbFlt - ok
19:06:06.0466 0988 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:06:06.0528 0988 tunnel - ok
19:06:06.0559 0988 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:06:06.0575 0988 uagp35 - ok
19:06:06.0622 0988 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:06:06.0684 0988 udfs - ok
19:06:06.0715 0988 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:06:06.0762 0988 UI0Detect - ok
19:06:06.0793 0988 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:06:06.0809 0988 uliagpkx - ok
19:06:06.0840 0988 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:06:06.0871 0988 umbus - ok
19:06:06.0902 0988 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:06:06.0918 0988 UmPass - ok
19:06:07.0043 0988 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:06:07.0136 0988 UNS - ok
19:06:07.0168 0988 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:06:07.0214 0988 upnphost - ok
19:06:07.0261 0988 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:06:07.0324 0988 usbaudio - ok
19:06:07.0370 0988 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:06:07.0402 0988 usbccgp - ok
19:06:07.0417 0988 USBCCID - ok
19:06:07.0448 0988 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:06:07.0480 0988 usbcir - ok
19:06:07.0511 0988 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:06:07.0558 0988 usbehci - ok
19:06:07.0604 0988 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:06:07.0651 0988 usbhub - ok
19:06:07.0667 0988 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:06:07.0698 0988 usbohci - ok
19:06:07.0729 0988 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:06:07.0776 0988 usbprint - ok
19:06:07.0792 0988 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:06:07.0823 0988 usbscan - ok
19:06:07.0854 0988 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:06:07.0901 0988 USBSTOR - ok
19:06:07.0932 0988 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:06:07.0948 0988 usbuhci - ok
19:06:07.0994 0988 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:06:08.0041 0988 usbvideo - ok
19:06:08.0072 0988 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:06:08.0119 0988 UxSms - ok
19:06:08.0135 0988 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:06:08.0150 0988 VaultSvc - ok
19:06:08.0182 0988 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:06:08.0213 0988 vdrvroot - ok
19:06:08.0244 0988 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:06:08.0291 0988 vds - ok
19:06:08.0322 0988 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:06:08.0338 0988 vga - ok
19:06:08.0369 0988 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:06:08.0447 0988 VgaSave - ok
19:06:08.0462 0988 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:06:08.0494 0988 vhdmp - ok
19:06:08.0525 0988 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:06:08.0556 0988 viaide - ok
19:06:08.0587 0988 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:06:08.0603 0988 volmgr - ok
19:06:08.0650 0988 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:06:08.0681 0988 volmgrx - ok
19:06:08.0712 0988 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:06:08.0743 0988 volsnap - ok
19:06:08.0790 0988 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:06:08.0806 0988 vsmraid - ok
19:06:08.0884 0988 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:06:08.0977 0988 VSS - ok
19:06:09.0008 0988 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:06:09.0071 0988 vwifibus - ok
19:06:09.0086 0988 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:06:09.0133 0988 vwififlt - ok
19:06:09.0164 0988 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:06:09.0227 0988 W32Time - ok
19:06:09.0258 0988 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:06:09.0289 0988 WacomPen - ok
19:06:09.0336 0988 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:06:09.0414 0988 WANARP - ok
19:06:09.0430 0988 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:06:09.0476 0988 Wanarpv6 - ok
19:06:09.0539 0988 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:06:09.0648 0988 wbengine - ok
19:06:09.0695 0988 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:06:09.0726 0988 WbioSrvc - ok
19:06:09.0757 0988 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:06:09.0851 0988 wcncsvc - ok
19:06:09.0866 0988 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:06:09.0898 0988 WcsPlugInService - ok
19:06:09.0944 0988 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:06:09.0960 0988 Wd - ok
19:06:10.0007 0988 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:06:10.0085 0988 Wdf01000 - ok
19:06:10.0116 0988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:06:10.0210 0988 WdiServiceHost - ok
19:06:10.0210 0988 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:06:10.0241 0988 WdiSystemHost - ok
19:06:10.0272 0988 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:06:10.0303 0988 WebClient - ok
19:06:10.0334 0988 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:06:10.0397 0988 Wecsvc - ok
19:06:10.0412 0988 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:06:10.0490 0988 wercplsupport - ok
19:06:10.0522 0988 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:06:10.0568 0988 WerSvc - ok
19:06:10.0584 0988 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:06:10.0631 0988 WfpLwf - ok
19:06:10.0631 0988 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:06:10.0646 0988 WIMMount - ok
19:06:10.0662 0988 WinDefend - ok
19:06:10.0678 0988 WinHttpAutoProxySvc - ok
19:06:10.0709 0988 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:06:10.0771 0988 Winmgmt - ok
19:06:10.0849 0988 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:06:11.0021 0988 WinRM - ok
19:06:11.0083 0988 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:06:11.0099 0988 WinUsb - ok
19:06:11.0161 0988 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
19:06:11.0192 0988 WisLMSvc - ok
19:06:11.0239 0988 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:06:11.0270 0988 Wlansvc - ok
19:06:11.0411 0988 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:06:11.0520 0988 wlidsvc - ok
19:06:11.0551 0988 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:06:11.0582 0988 WmiAcpi - ok
19:06:11.0614 0988 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:06:11.0660 0988 wmiApSrv - ok
19:06:11.0692 0988 WMPNetworkSvc - ok
19:06:11.0723 0988 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:06:11.0754 0988 WPCSvc - ok
19:06:11.0785 0988 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:06:11.0832 0988 WPDBusEnum - ok
19:06:11.0863 0988 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:06:11.0910 0988 ws2ifsl - ok
19:06:11.0957 0988 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:06:12.0019 0988 wscsvc - ok
19:06:12.0019 0988 WSearch - ok
19:06:12.0113 0988 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:06:12.0269 0988 wuauserv - ok
19:06:12.0300 0988 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:06:12.0347 0988 WudfPf - ok
19:06:12.0378 0988 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:06:12.0394 0988 WUDFRd - ok
19:06:12.0409 0988 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:06:12.0440 0988 wudfsvc - ok
19:06:12.0472 0988 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:06:12.0518 0988 WwanSvc - ok
19:06:12.0581 0988 [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
19:06:12.0596 0988 X10Hid - ok
19:06:12.0643 0988 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
19:06:12.0674 0988 x10nets ( UnsignedFile.Multi.Generic ) - warning
19:06:12.0674 0988 x10nets - detected UnsignedFile.Multi.Generic (1)
19:06:12.0706 0988 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
19:06:12.0721 0988 XUIF - ok
19:06:12.0752 0988 ================ Scan global ===============================
19:06:12.0784 0988 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:06:12.0799 0988 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:06:12.0815 0988 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:06:12.0846 0988 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:06:12.0877 0988 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:06:12.0877 0988 [Global] - ok
19:06:12.0877 0988 ================ Scan MBR ==================================
19:06:12.0893 0988 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
19:06:16.0106 0988 \Device\Harddisk0\DR0 - ok
19:06:16.0106 0988 ================ Scan VBR ==================================
19:06:16.0106 0988 [ 56301140A3C91A5C1DAD71C89DE78A9F ] \Device\Harddisk0\DR0\Partition1
19:06:16.0122 0988 \Device\Harddisk0\DR0\Partition1 - ok
19:06:16.0153 0988 [ DE3B932713AAD7095AC3A00C4F0A245E ] \Device\Harddisk0\DR0\Partition2
19:06:16.0153 0988 \Device\Harddisk0\DR0\Partition2 - ok
19:06:16.0184 0988 [ B194FE945CEFEF9FB26C96C6E6BE0016 ] \Device\Harddisk0\DR0\Partition3
19:06:16.0184 0988 \Device\Harddisk0\DR0\Partition3 - ok
19:06:16.0184 0988 ============================================================
19:06:16.0184 0988 Scan finished
19:06:16.0184 0988 ============================================================
19:06:16.0200 4240 Detected object count: 4
19:06:16.0200 4240 Actual detected object count: 4
19:06:28.0259 4240 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:28.0259 4240 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:28.0259 4240 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:28.0259 4240 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:28.0274 4240 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:28.0274 4240 StumbleUponUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:28.0274 4240 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:28.0274 4240 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:37.0619 4568 Deinitialize success
|
|
12.06.2013, 18:14
| #10 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 18:27
| #11 |
| | wssetup.exe - Virus ja/ nein? ganz kurrz noch vorher: norton meckert kombofix seii nicht sicher und löscht es sofort. was tun? norton jz schon ausschalten? außerdem sind meine accounst noch sicher? habe mich ja trotz der meldung ja bei facebook und co. eingeloggt... bislang kann ich noch auf alles zugreifen |
|
12.06.2013, 18:35
| #12 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? erst einloggen dann fragen, is ja ne komische reihenfolge, aber ja sollten sie. norton dann schon während des downloads aus.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 19:29
| #13 |
| | wssetup.exe - Virus ja/ nein? hmm ja stimmt^^ also nur am anfang eine meldung, dass noch nicht alles bei Norton deaktiviert ist, hab ich dann aber gemacht (war n bissel umständlich). sonst aber nix. neugestartet -> DIE MELDUNG KOMMT NICHT MEHR!  das ganze Verzeichnis (C:\Users\****\AppData\Local\Temp\908209415\wssetup.exe) ist nicht mehr da :-D Noch n Quickscan mit Norton gemacht - nix.Hier der Log: Code:
ATTFilter ComboFix 13-06-08.02 - **** 12.06.2013 19:48:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3895.2327 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Norton Internet Security CBE *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security CBE *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security CBE *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLE59F.tmp
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 17:59 . 2013-06-12 17:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 14:02 . 2013-06-11 14:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1404000.028
2013-06-02 13:17 . 2013-06-02 13:18 -------- d-----w- c:\windows\SysWow64\jmdp
2013-06-02 13:17 . 2013-06-02 13:17 -------- d-----w- c:\windows\SysWow64\ARFC
2013-06-02 13:17 . 2013-05-21 13:31 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-06-02 13:17 . 2013-05-21 13:30 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-06-02 13:17 . 2013-02-05 07:25 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-06-02 13:17 . 2013-02-05 07:25 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-06-02 13:17 . 2013-06-08 00:44 -------- d-----w- c:\windows\SysWow64\WNLT
2013-05-30 10:00 . 2013-05-30 10:00 -------- d-----w- c:\program files (x86)\GeoGebra 4.2
2013-05-27 18:08 . 2013-05-27 18:08 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-27 18:08 . 2013-05-27 18:07 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-05-27 18:08 . 2013-05-27 18:07 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-05-27 18:07 . 2013-05-27 18:07 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-23 14:55 . 2013-05-23 14:55 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-05-18 20:22 . 2013-05-20 10:37 -------- d-----w- c:\users\****\Photo(graphie)
2013-05-15 13:12 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 18:46 . 2012-09-15 14:46 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:46 . 2012-09-15 14:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 14:48 . 2010-03-03 08:41 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-12 11:04 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-13 05:49 . 2013-05-15 13:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 13:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 13:12 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 13:12 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 13:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 13:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-08 17:13 . 2012-09-25 18:53 952 --sha-w- c:\programdata\KGyGaAvL.sys
2013-04-04 12:50 . 2012-09-15 17:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 12:35 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:35 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:35 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:35 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:35 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:35 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-15 17:54 . 2013-03-15 17:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-15 17:54 . 2013-03-15 17:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-15 17:54 . 2013-03-15 17:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-15 17:54 . 2013-03-15 17:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-15 17:54 . 2013-03-15 17:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-15 17:54 . 2013-03-15 17:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-15 17:54 . 2013-03-15 17:54 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-15 17:54 . 2013-03-15 17:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-15 17:54 . 2013-03-15 17:54 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-15 17:54 . 2013-03-15 17:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-15 17:54 . 2013-03-15 17:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-15 17:54 . 2013-03-15 17:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-15 17:54 . 2013-03-15 17:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-15 17:54 . 2013-03-15 17:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-15 17:54 . 2013-03-15 17:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-15 17:54 . 2013-03-15 17:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-15 17:54 . 2013-03-15 17:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-15 17:54 . 2013-03-15 17:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 17:54 . 2013-03-15 17:54 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-15 17:54 . 2013-03-15 17:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-15 17:54 . 2013-03-15 17:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-15 17:54 . 2013-03-15 17:54 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-15 17:54 . 2013-03-15 17:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-15 17:54 . 2013-03-15 17:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-15 17:54 . 2013-03-15 17:54 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-15 17:54 . 2013-03-15 17:54 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-15 17:54 . 2013-03-15 17:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-15 17:54 . 2013-03-15 17:54 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-15 17:54 . 2013-03-15 17:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-15 17:54 . 2013-03-15 17:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-15 17:54 . 2013-03-15 17:54 441856 ----a-w- c:\windows\system32\html.iec
2013-03-15 17:54 . 2013-03-15 17:54 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-15 17:54 . 2013-03-15 17:54 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-15 17:54 . 2013-03-15 17:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-15 17:54 . 2013-03-15 17:54 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-15 17:54 . 2013-03-15 17:54 235008 ----a-w- c:\windows\system32\url.dll
2013-03-15 17:54 . 2013-03-15 17:54 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-15 17:54 . 2013-03-15 17:54 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-15 17:54 . 2013-03-15 17:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-15 17:54 . 2013-03-15 17:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-15 17:54 . 2013-03-15 17:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-15 17:54 . 2013-03-15 17:54 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-15 17:54 . 2013-03-15 17:54 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-15 17:54 . 2013-03-15 17:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-15 17:54 . 2013-03-15 17:54 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-15 17:54 . 2013-03-15 17:54 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-15 17:54 . 2013-03-15 17:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-15 17:54 . 2013-03-15 17:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-15 17:54 . 2013-03-15 17:54 102912 ----a-w- c:\windows\system32\inseng.dll
2011-01-12 00:00 . 2011-01-12 00:00 30208 ----a-w- c:\program files (x86)\Common Files\wmpinfo.dll
2011-01-12 00:00 . 2011-01-12 00:00 240128 ----a-w- c:\program files (x86)\Common Files\dsfVorbisDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 195584 ----a-w- c:\program files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 00:00 . 2011-01-12 00:00 146944 ----a-w- c:\program files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 221184 ----a-w- c:\program files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 00:00 . 2011-01-12 00:00 204800 ----a-w- c:\program files (x86)\Common Files\dsfNativeFLACSource.dll
2010-12-16 19:39 . 2010-12-16 19:39 302592 ----a-w- c:\program files (x86)\Common Files\webmmux.dll
2010-12-16 19:39 . 2010-12-16 19:39 701440 ----a-w- c:\program files (x86)\Common Files\vp8encoder.dll
2010-12-16 19:39 . 2010-12-16 19:39 412672 ----a-w- c:\program files (x86)\Common Files\vp8decoder.dll
2010-12-16 19:39 . 2010-12-16 19:39 292352 ----a-w- c:\program files (x86)\Common Files\webmsplit.dll
2009-07-11 21:02 . 2009-07-11 21:02 653120 ----a-w- c:\program files (x86)\Common Files\MSVCR90.dll
2009-07-11 21:02 . 2009-07-11 21:02 569664 ----a-w- c:\program files (x86)\Common Files\MSVCP90.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-02 12:14 220632 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-02 12:14 220632 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-02 12:14 220632 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HotkeyApp"="c:\program files (x86)\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_16_Premium\TrayServer.exe" [2008-08-07 90112]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 StumbleUponUpdater;StumbleUpon Updater;c:\users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe;c:\users\****\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 mod7764;TV Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security CBE Settings Manager;c:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130611.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130611.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1403010.016\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]
S2 NIS;Norton Internet Security CBE;c:\program files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-15 18:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-02 12:14 244696 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-02 12:14 244696 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-02 12:14 244696 ----a-w- c:\users\****\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-02 10087456]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-02 877600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.aldi.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\n1faaxrq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10001&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe
AddRemove-{0E086923-AAA3-4F98-A6E2-48B64CE27553} - c:\programdata\{F21A5765-AACF-4530-991E-CE1346273F96}\Reaktor Factory Selection Setup PC.exe
AddRemove-{E9EA5F38-6299-45A1-9D23-F21729A19357} - c:\programdata\{970460A3-BA7D-4974-965A-D2CBA609B007}\Reaktor 5 Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security CBE\Engine\20.3.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4008165590-655134110-1656986159-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4008165590-655134110-1656986159-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 20:10:23
ComboFix-quarantined-files.txt 2013-06-12 18:10
.
Vor Suchlauf: 9 Verzeichnis(se), 293.560.930.304 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 293.417.033.728 Bytes frei
.
- - End Of File - - 1D6AC16DB27735EB7DE434B48AC22493
D41D8CD98F00B204E9800998ECF8427E
|
|
12.06.2013, 20:07
| #14 |
| /// Malware-holic | wssetup.exe - Virus ja/ nein? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 22:30
| #15 |
| | wssetup.exe - Virus ja/ nein? WICHTIG: Wie schon beschrieben wurde von ComboFix wssetup.exe gelöscht. Sie wurde aber wieder (ca. 21:19 Uhr) nachgeladen!! Wurde nach dem Scan aber nicht mehr gelöscht. Hier der Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 **** :: ****-PC [Administrator] 12.06.2013 21:15:27 mbam-log-2013-06-12 (21-15-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 507193 Laufzeit: 2 Stunde(n), 2 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
| Themen zu wssetup.exe - Virus ja/ nein? |
| anderes, anfrage, anleitungen, ausführen, bereinigung, einfach, einiger, facebook, forum, frage, gen, home, network, neustart, perion network, perion network ltd., reich, schädlich, sweet, virus, woche, wochen, wssetup.exe, überall |
WARNUNG an die MITLESER: 
Linear-Darstellung
