| |
| |||||||
Log-Analyse und Auswertung: Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sysWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.06.2013, 18:08
| #1 |
 |  Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Guten Abend, ich hoffe ich mache hier jetzt keinen Anfängerfehler der die alten Hasen gleich auf die Palme bringt :-) Als ich vorhin vom Abendessen zurück kam war mein Bildschirm komplett grau. Die Maus lies sich noch bewegen und mit Strg+Alt+Entf kam ich noch raus, aber wenn ich dann auf den TaskManager geklickt hab kam wieder der graue Bildschirm. Wie ich hier lesen konnte scheint es sich wohl um den GVU Trojaner zu handeln. Außerdem habe ich hier etwas von snap.do gelesen - das hab ich mir vor etwa 8 Wochen auch mal einfangen aber außer Deinstallation nichts weiter dagegen unternommen. Also: Der Rechner fährt nicht in den abgesicherten Modus. Das endet in einem BSOD ausgelöst von cng.sys. Im "normalen" Modus fährt er hoch, aber ich kann nix mit der Kiste anfangen. Auf der Platte ist noch ein uraltes Ubuntu das ich vor ewigkeiten mal installiert, aber nie genutzt habe. Von diesem System aus schreibe ich gerade. Einen Zweitrechner habe ich gerade nicht zur Verfügung. Aber evtl. ist es sogar ganz hilfreich von diesem Ubuntu aus irgendwas machen zu können? Da hier in den Forenregeln steht man solle erstmal garnix machen habe ich bis jetzt nichts weiteres unternommen :-) Wie soll ich vorgehen? Grüße Leo //EDIT: achja, Win 7 (Professional?) 64bit Dell XPS15 Notebook |
|
11.06.2013, 18:10
| #2 |
| /// Malware-holic   | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys N zweiten pc brächten wir schon.
__________________evtl. beim nachbarn oder so kommst du an nen pc mit brenner? download: ISO Burner - Download - Filepony isoburner anleitung: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html • Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen. Starte dein System neu und boote von der CD die du gerade erstellt hast. Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten, http://www.trojaner-board.de/81857-c...cd-booten.html • Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen. • Mache einen doppel Klick auf das OTLPE Icon. • Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes. • Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes. • entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist. • OTL sollte nun starten. Kopiere nun den Inhalt in die  Textbox. Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert • Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast. poste beide logs
__________________ |
|
11.06.2013, 18:16
| #3 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Hallo Markus,
__________________vielen Dank für die schnelle Antwort. Morgen bin ich wieder zu Hause, dort habe ich einen zweiten PC zur Verfügung. Ich melde mich dann sobald ich die obigen Schritte ausgeführt habe. Viele Grüße Leo |
|
11.06.2013, 18:18
| #4 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys alles klar
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 10:32
| #5 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Nachdem mein altes Notebook die ganze Nacht erstmal Windows Updates eingespielt hat konnte ich nun endlich die CD brennen. Wenn ich von dieser CD starte, kommt kurz nach dem Windows XP Startlogo ein BSOD -.- |
|
12.06.2013, 10:47
| #6 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Hi dann gehe mal ins bios, dort prüfe ob der ide oder ahci mode gewählt ist, meist unter advanced bzw sata Optionen, das bios erreichst du bei Neustart meist über die ENTF-Taste. wenn der Modus geendert wurde, dann bitte noch mal probieren.
__________________ --> Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys |
|
12.06.2013, 12:39
| #7 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Das Ding ist nun endlich durchgelaufen. Code:
ATTFilter OTL logfile created on: 6/12/2013 2:20:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 19.53 Gb Total Space | 10.69 Gb Free Space | 54.72% Space Free | Partition Type: NTFS
Drive D: | 679.00 Gb Total Space | 175.86 Gb Free Space | 25.90% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 6.87 Gb Free Space | 92.16% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/03/28 08:39:56 | 000,034,528 | ---- | M] (The OpenVPN Project) [On_Demand] -- D:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV:64bit: - [2013/01/27 06:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 06:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/25 11:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) Intel(R)
SRV:64bit: - [2012/06/25 11:06:08 | 000,272,688 | ---- | M] () [On_Demand] -- D:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/06/25 11:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2012/06/25 11:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2012/04/23 12:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2012/03/26 12:28:32 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/15 02:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/11/29 10:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand] -- D:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto] -- D:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/14 14:57:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/09 18:57:24 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 17:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/25 10:00:11 | 004,561,152 | ---- | M] () [Auto] -- D:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/01/09 11:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013/01/09 11:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto] -- D:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013/01/02 12:15:40 | 000,247,328 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2012/12/29 06:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/28 20:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/28 08:14:40 | 000,277,640 | ---- | M] (Intel Corporation) [On_Demand] -- D:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel(R)
SRV - [2012/12/14 05:43:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 05:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/07/26 07:42:44 | 000,295,440 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/07/26 07:42:42 | 000,078,352 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/07/26 07:42:36 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/05/08 08:01:17 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/24 09:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand] -- D:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) Intel(R) Integrated Clock Controller Service - Intel(R)
SRV - [2012/02/01 10:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- D:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/12/09 09:39:52 | 000,135,584 | ---- | M] (Futuremark Corporation) [Disabled] -- D:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2011/10/18 13:50:10 | 001,001,808 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/10/18 13:50:04 | 001,354,064 | ---- | M] (Intel Corporation) [On_Demand] -- D:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/10/18 13:49:52 | 000,936,272 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/23 01:59:00 | 000,086,016 | ---- | M] () [Auto] -- D:\Program Files (x86)\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe -- (mi-raysat_3dsmax2012_32)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand] -- D:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/03/23 07:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 08:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/01 09:59:16 | 000,193,648 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/03 23:14:28 | 000,013,896 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Windows\SysWOW64\nisvcloc.exe -- (niSvcLoc)
SRV - [2009/03/05 10:17:12 | 000,131,704 | ---- | M] (National Instruments Corporation) [Auto] -- D:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
SRV - [2001/11/12 08:31:48 | 000,020,480 | ---- | M] (X10) [Auto] -- D:\Program Files (x86)\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/05/09 03:46:05 | 000,073,216 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- D:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2013/05/09 03:46:05 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand] -- D:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2013/04/03 03:58:18 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2013/04/03 03:58:18 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2013/02/13 06:12:06 | 000,076,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2013/02/12 00:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/08 10:45:38 | 000,036,736 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- D:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/01/20 10:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/01/11 06:52:56 | 000,019,032 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2013/01/11 06:52:56 | 000,012,384 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/12/29 06:34:47 | 000,284,600 | ---- | M] (NVIDIA Corporation) [Kernel | System] -- D:\Windows\System32\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/12/29 06:34:47 | 000,030,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/12/12 11:42:28 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/07/10 03:00:09 | 000,027,384 | ---- | M] (Xilinx, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV:64bit: - [2012/07/03 11:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/24 06:09:43 | 000,142,944 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\vsflt58.sys -- (vidsflt58) Acronis Disk Storage Filter (58)
DRV:64bit: - [2012/06/24 06:09:39 | 000,132,704 | ---- | M] (Acronis) [Kernel | Boot] -- D:\Windows\System32\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2012/06/19 02:40:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2012/06/03 03:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Netwsw00.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2012/04/13 06:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2012/03/15 01:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/15 01:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/02/06 12:35:01 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- D:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012/01/18 02:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2012/01/18 02:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/16 01:57:16 | 000,044,480 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand] -- D:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/12/09 14:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/14 20:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/09/21 05:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto] -- D:\Windows\System32\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/09/02 02:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/29 18:32:18 | 000,053,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/06/10 01:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/03/19 14:16:12 | 000,004,608 | ---- | M] (JJS) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pspdisp_x64.sys -- (pspdisp)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/15 13:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 13:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 10:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\system32\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/29 10:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/08/31 07:23:30 | 000,254,976 | ---- | M] (Jungo) [Kernel | On_Demand] -- D:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2010/08/20 06:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot] -- D:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/19 21:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/08/19 21:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/07/12 22:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand] -- D:\Windows\System32\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/07/12 03:10:32 | 000,060,280 | ---- | M] (Renesas Technology Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\E1usb.sys -- (E1USB)
DRV:64bit: - [2010/07/01 06:09:50 | 000,224,488 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2010/07/01 06:09:50 | 000,039,016 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2010/06/11 12:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/03/23 07:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 11:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/08 03:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010/01/12 14:47:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | Auto] -- D:\Windows\System32\drivers\NiViPxiKl.sys -- (NiViPxiK)
DRV:64bit: - [2010/01/12 14:47:50 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NiViPciKl.sys -- (NiViPciK)
DRV:64bit: - [2010/01/09 22:53:46 | 000,891,992 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\nipalk.sys -- (NIPALK)
DRV:64bit: - [2010/01/09 22:52:58 | 000,012,928 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nipalfwedl.sys -- (nipalfwedl)
DRV:64bit: - [2010/01/09 22:52:36 | 000,012,920 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nipalusbedl.sys -- (nipalusbedl)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 01:46:20 | 000,042,912 | ---- | M] (Realtek) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2009/07/07 11:50:26 | 000,011,872 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nidimkl.sys -- (nidimk)
DRV:64bit: - [2009/07/07 05:23:02 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\nipbcfk.sys -- (nipbcfk)
DRV:64bit: - [2009/06/14 10:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\niorbkl.sys -- (niorbk)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/05 10:16:10 | 000,011,896 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NiViFWKl.sys -- (NiViFWK)
DRV:64bit: - [2008/11/16 13:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/06/04 02:34:04 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV:64bit: - [2008/06/04 02:34:04 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2008/06/04 02:34:04 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2008/06/04 02:34:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008/06/04 02:34:02 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2008/06/04 02:34:00 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/06/04 02:33:58 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV:64bit: - [2006/11/30 10:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV:64bit: - [2006/11/15 10:11:22 | 000,015,768 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV:64bit: - [2006/11/07 06:32:00 | 000,073,600 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HPKBx64.sys -- (HPKBx64)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- D:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/02/05 04:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2012/07/05 06:07:06 | 000,147,704 | ---- | M] (CyberLink Corp.) [2012/09/21 08:58:12] [Kernel | Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2012/06/20 05:35:49 | 000,083,704 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- D:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2007/05/16 07:09:34 | 000,046,976 | ---- | M] (Renesas Technology Corp.) [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\E1usb.sys -- (E1USB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\MLeo_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\MLeo_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=a4a18c8e-9fd7-4aef-877e-d8f11cfd9e71&searchtype=ds&q={searchTerms}&installDate=11/03/2013
IE - HKU\MLeo_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\MLeo_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=a4a18c8e-9fd7-4aef-877e-d8f11cfd9e71&searchtype=ds&q={searchTerms}&installDate=11/03/2013
IE - HKU\MLeo_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=a4a18c8e-9fd7-4aef-877e-d8f11cfd9e71&searchtype=ds&q={searchTerms}&installDate=11/03/2013
IE - HKU\MLeo_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\MLeo_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\test_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\test_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\test_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.http: "178.21.113.43"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@idsoftware.com/QuakeLive: D:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: D:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: D:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\MLeo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\MLeo\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/05/21 12:27:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/04/01 12:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/14 05:43:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 02:08:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/14 05:43:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 02:08:33 | 000,000,000 | ---D | M]
[2012/02/06 11:59:03 | 000,000,000 | ---D | M] (No name found) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Extensions
[2012/09/26 11:09:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\hcq37krk.default\extensions
[2012/09/09 04:49:09 | 000,000,000 | ---D | M] (Flash and Video Download) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\hcq37krk.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/09/26 11:09:40 | 000,000,000 | ---D | M] (No name found) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\hcq37krk.default\extensions\staged
[2013/03/11 10:29:09 | 000,000,000 | ---D | M] (No name found) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\ijroo9qt.Standard-Benutzer\extensions
[2013/02/23 15:11:32 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\ijroo9qt.Standard-Benutzer\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/11/05 04:08:45 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\ijroo9qt.Standard-Benutzer\extensions\ich@maltegoetz.de
[2013/03/11 10:29:09 | 000,000,000 | ---D | M] (No name found) -- D:\Users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\ijroo9qt.Standard-Benutzer\extensions\staged
[2012/12/14 05:42:48 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- D:\USERS\MLEO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCQ37KRK.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- D:\USERS\MLEO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCQ37KRK.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
() (No name found) -- D:\USERS\MLEO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCQ37KRK.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012/12/14 05:43:18 | 000,262,112 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/15 11:16:03 | 000,002,465 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - D:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - D:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\MLeo_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] D:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] D:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [MSC] D:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [POWER PLAN ASSISTANT] File not found
O4:64bit: - HKLM..\Run: [QuickSet] D:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] D:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] D:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [BDRegion] D:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PowerDVD12Agent] D:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\MLeo_ON_D..\Run: [] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\MLeo_ON_D..\Run: [AdobeBridge] File not found
O4 - HKU\MLeo_ON_D..\Run: [Akamai NetSession Interface] D:\Users\MLeo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\MLeo_ON_D..\Run: [KiesAirMessage] D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\MLeo_ON_D..\Run: [KiesPreload] D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\MLeo_ON_D..\Run: [WatchMyCam] D:\Program Files (x86)\WatchMyCam\WatchMyCam.exe (www.WatchMyCam.de)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AHK für kbdneo.lnk ()
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/02/11 08:59:41 | 000,000,000 | -H-D | M]
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ()
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ()
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk ()
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PSPdisp.lnk ()
O4 - Startup: D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe - Verknüpfung.lnk ()
O4 - Startup: D:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Evernote 4.0 - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - D:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - MLeo_ON_D\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - MLeo_ON_D\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - MLeo_ON_D\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - MLeo_ON_D\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP12-14923/event/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.47.5.1 141.47.5.2
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - D:\Windows\System32\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - D:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\MLeo_ON_D Winlogon: Shell - (C:\Users\MLeo\AppData\Roaming\dbu32.ocx) - D:\Users\MLeo\AppData\Roaming\dbu32.ocx (TODO: <Company name>)
O20 - HKU\MLeo_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ae7d1d62-8f91-11e2-b0bb-88532e981d21}\Shell - "" = AutoRun
O33 - MountPoints2\{ae7d1d62-8f91-11e2-b0bb-88532e981d21}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3648981A-8932-84DA-B4D5-4C92DEDE965F} - Themes Setup
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {40255ED7-1F42-71A8-655A-A57423D6E5FF} - Internet Explorer
ActiveX:64bit: {41576418-A280-4363-92EA-BD63B2C4CDAE} - Java (Sun)
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4A9E1744-8915-F3EA-8D88-7E75783147E7} - Internet Explorer
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {ACDBE48E-129E-A347-7517-15A992FCFF99} - Internet Explorer
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3648981A-8932-84DA-B4D5-4C92DEDE965F} - Themes Setup
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {40255ED7-1F42-71A8-655A-A57423D6E5FF} - Internet Explorer
ActiveX: {41576418-A280-4363-92EA-BD63B2C4CDAE} - Java (Sun)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4A9E1744-8915-F3EA-8D88-7E75783147E7} - Internet Explorer
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACDBE48E-129E-A347-7517-15A992FCFF99} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Renesas AutoUpdate.lnk - D:\Program Files (x86)\Renesas\Hew\AutoUpdate\AutoUpdate.exe - (Renesas Technology Corp.
Renesas Solutions Corp.
Renesas Technology Europe Ltd.)
MsConfig:64bit - StartUpFolder: C:^Users^MLeo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - D:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - D:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BDRegion - hkey= - key= - D:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - D:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - D:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - D:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: RemoteControl9 - hkey= - key= - D:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig:64bit - State: "services" - 2
MsConfig:64bit - State: "startup" - 2
MsConfig:64bit - State: "bootini" - 2
========== Files/Folders - Created Within 30 Days ==========
[2017/06/01 04:48:11 | 000,024,626 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\scrrnde.dll
[2013/06/11 11:41:21 | 000,000,000 | ---D | C] -- D:\ProgramData\pnqu
[2013/06/07 08:46:24 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/06/07 08:46:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/06/07 08:46:24 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/06/07 08:46:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/06/07 08:46:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/06/07 08:46:22 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/06/07 08:46:22 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/06/07 08:46:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/06/07 08:46:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/06/07 08:46:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/06/07 08:46:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/07 08:46:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/06/07 08:46:19 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/06/07 08:46:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/06/07 08:46:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/06/07 08:46:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/06/07 08:46:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/06/05 21:05:19 | 001,054,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/06/05 21:05:19 | 000,226,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/06/05 21:05:19 | 000,185,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/06/05 21:05:18 | 000,719,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/05 21:05:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/06/05 21:05:18 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/06/05 21:05:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/06/05 21:05:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/06/05 21:05:18 | 000,137,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/06/05 21:05:18 | 000,125,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/06/05 21:05:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/06/05 21:05:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/06/05 21:05:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/06/05 21:05:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/06/05 21:05:18 | 000,057,344 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/06/05 21:05:18 | 000,038,400 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/06/05 21:05:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/06/05 21:05:17 | 001,441,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/06/05 21:05:17 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/06/05 21:05:17 | 000,629,248 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/06/05 21:05:17 | 000,361,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/06/05 21:05:17 | 000,357,888 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/06/05 21:05:17 | 000,232,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/06/05 21:05:17 | 000,226,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/06/05 21:05:17 | 000,216,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/06/05 21:05:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/06/05 21:05:17 | 000,073,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/05 21:05:17 | 000,069,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/06/05 21:05:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/06/05 21:05:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/06/05 21:05:17 | 000,023,040 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/06/05 21:05:16 | 001,509,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/06/05 21:05:16 | 001,400,416 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/06/05 21:05:16 | 000,905,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/06/05 21:05:16 | 000,762,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/06/05 21:05:16 | 000,599,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/06/05 21:05:16 | 000,452,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/06/05 21:05:16 | 000,441,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/06/05 21:05:16 | 000,281,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/06/05 21:05:16 | 000,235,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/06/05 21:05:16 | 000,167,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/06/05 21:05:16 | 000,144,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/06/05 21:05:16 | 000,102,912 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/06/05 21:05:16 | 000,097,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/06/05 21:05:16 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/06/05 21:05:16 | 000,027,648 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/06/05 21:05:15 | 000,173,568 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/06/05 21:05:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/06/05 21:05:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/06/05 21:05:15 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/06/05 21:05:15 | 000,092,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/06/05 21:05:15 | 000,062,976 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/06/05 21:05:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/06/05 21:05:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/06/05 21:05:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/06/05 21:05:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/06/05 21:05:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/06/05 13:40:06 | 000,000,000 | ---D | C] -- D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264vfw64
[2013/06/05 13:40:06 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw64
[2013/06/05 13:40:06 | 000,000,000 | ---D | C] -- D:\Program Files\x264vfw64
[2013/05/30 12:58:59 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
[2013/05/30 12:58:58 | 000,000,000 | ---D | C] -- D:\Program Files\ffdshow
[2013/05/30 05:31:25 | 000,000,000 | ---D | C] -- D:\Users\Public\Documents\CrashDump
[2013/05/30 04:46:20 | 000,203,672 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- D:\Windows\System32\drivers\ssudmdm.sys
[2013/05/30 04:46:20 | 000,103,064 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- D:\Windows\System32\drivers\ssudbus.sys
[2013/05/29 12:54:51 | 000,000,000 | ---D | C] -- D:\Users\MLeo\AppData\Local\{894F6A14-6F76-4621-AC2D-970A92065EB7}
[2013/05/29 12:47:30 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/05/29 12:42:08 | 000,000,000 | ---D | C] -- D:\Users\MLeo\Desktop\virtualDub
[2013/05/29 12:25:17 | 000,000,000 | ---D | C] -- D:\Users\MLeo\AppData\Roaming\NCH Software
[2013/05/29 12:25:17 | 000,000,000 | ---D | C] -- D:\ProgramData\NCH Software
[2013/05/29 12:25:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013/05/29 12:25:07 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/05/29 12:25:06 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\NCH Software
[2013/05/19 13:28:35 | 000,000,000 | ---D | C] -- D:\Program Files\Schulze
[2013/05/19 13:28:28 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schulze Elektronik GmbH
[2013/05/15 15:17:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WatchMyCam
[2013/05/15 15:17:48 | 000,000,000 | ---D | C] -- D:\Users\MLeo\Documents\WatchMyCam
[2013/05/15 15:17:48 | 000,000,000 | ---D | C] -- D:\ProgramData\WatchMyCam
[2013/05/15 15:17:48 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\WatchMyCam
[2013/05/15 01:36:31 | 000,265,064 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 01:36:31 | 000,144,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cdd.dll
[2013/05/15 01:36:07 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/05/15 01:36:06 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\shdocvw.dll
[2013/05/15 01:36:04 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/05/15 01:36:04 | 000,111,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\consent.exe
[2013/05/15 01:35:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wwanprotdim.dll
[2013/05/14 16:14:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dorgem
[2013/05/14 16:14:56 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Dorgem
[2013/05/14 11:25:43 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yawcam
[2013/05/14 11:25:38 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Yawcam
[2012/11/14 16:55:23 | 000,188,928 | ---- | C] (TODO: <Company name>) -- D:\Users\MLeo\AppData\Roaming\dbu32.ocx
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\Users\MLeo\Desktop\*.tmp files -> D:\Users\MLeo\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/06/12 04:33:41 | 000,135,596 | ---- | M] () -- D:\wubildr
[2013/06/11 12:14:57 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/06/11 12:12:05 | 000,001,102 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 12:10:17 | 2064,252,927 | -HS- | M] () -- D:\hiberfil.sys
[2013/06/11 11:57:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/11 11:51:00 | 000,001,106 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 11:32:00 | 000,001,116 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735093373-3388944951-788291397-1001UA.job
[2013/06/11 09:34:29 | 000,001,064 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735093373-3388944951-788291397-1001Core.job
[2013/06/10 07:04:33 | 000,700,418 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/06/10 07:04:33 | 000,655,090 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/06/10 07:04:33 | 000,149,182 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/06/10 07:04:33 | 000,121,962 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/06/08 06:18:21 | 000,001,342 | ---- | M] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013/06/08 06:13:30 | 000,021,296 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 06:13:30 | 000,021,296 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/05 21:05:19 | 001,054,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/06/05 21:05:19 | 000,226,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/06/05 21:05:19 | 000,185,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/06/05 21:05:18 | 000,719,360 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/06/05 21:05:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/06/05 21:05:18 | 000,158,720 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/06/05 21:05:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/06/05 21:05:18 | 000,138,752 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/06/05 21:05:18 | 000,137,216 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/06/05 21:05:18 | 000,125,440 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/06/05 21:05:18 | 000,117,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/06/05 21:05:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/06/05 21:05:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/06/05 21:05:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/06/05 21:05:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/06/05 21:05:18 | 000,038,400 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/06/05 21:05:18 | 000,011,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/06/05 21:05:17 | 001,441,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/06/05 21:05:17 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/06/05 21:05:17 | 000,629,248 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/06/05 21:05:17 | 000,361,984 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/06/05 21:05:17 | 000,357,888 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/06/05 21:05:17 | 000,232,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/06/05 21:05:17 | 000,226,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/06/05 21:05:17 | 000,216,064 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/06/05 21:05:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/06/05 21:05:17 | 000,073,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/06/05 21:05:17 | 000,069,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/06/05 21:05:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/06/05 21:05:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/06/05 21:05:17 | 000,025,185 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/06/05 21:05:17 | 000,023,040 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/06/05 21:05:16 | 001,509,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/06/05 21:05:16 | 001,400,416 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/06/05 21:05:16 | 000,905,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/06/05 21:05:16 | 000,762,368 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/06/05 21:05:16 | 000,599,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/06/05 21:05:16 | 000,452,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/06/05 21:05:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/06/05 21:05:16 | 000,281,600 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/06/05 21:05:16 | 000,235,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/06/05 21:05:16 | 000,167,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/06/05 21:05:16 | 000,144,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/06/05 21:05:16 | 000,102,912 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/06/05 21:05:16 | 000,097,280 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/06/05 21:05:16 | 000,081,408 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/06/05 21:05:16 | 000,027,648 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/06/05 21:05:16 | 000,025,185 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2013/06/05 21:05:15 | 000,173,568 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/06/05 21:05:15 | 000,149,504 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/06/05 21:05:15 | 000,136,192 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/06/05 21:05:15 | 000,135,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/06/05 21:05:15 | 000,092,160 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/06/05 21:05:15 | 000,062,976 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/06/05 21:05:15 | 000,051,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/06/05 21:05:15 | 000,013,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/06/05 21:05:15 | 000,012,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/06/05 21:05:14 | 000,077,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/06/05 21:05:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/06/05 13:40:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\x264vfw64
[2013/06/04 07:37:46 | 000,001,012 | ---- | M] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/06/03 04:37:14 | 000,005,181 | ---- | M] () -- D:\Users\MLeo\Desktop\p11b0-pic04m.jpg
[2013/06/02 14:41:10 | 000,013,106 | ---- | M] () -- D:\Users\MLeo\AppData\Local\recently-used.xbel
[2013/05/30 12:59:00 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
[2013/05/30 04:46:44 | 000,002,004 | ---- | M] () -- D:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/29 12:47:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2013/05/29 12:25:07 | 000,001,148 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2013/05/29 12:25:07 | 000,001,136 | ---- | M] () -- D:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2013/05/29 12:25:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2013/05/29 12:25:07 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/05/29 12:09:06 | 1082,064,896 | ---- | M] () -- D:\Users\MLeo\Desktop\VideoOut.avi
[2013/05/27 09:08:28 | 000,127,488 | ---- | M] () -- D:\Windows\System32\ff_vfw.dll
[2013/05/22 02:08:34 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/05/22 02:08:34 | 000,002,021 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/22 01:57:47 | 005,110,680 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2013/05/21 12:27:26 | 000,002,465 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013/05/21 12:27:26 | 000,002,453 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2013/05/21 12:27:26 | 000,002,028 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/05/21 12:27:26 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2013/05/19 14:55:37 | 000,000,783 | ---- | M] () -- D:\Users\MLeo\AppData\Roaming\DriveCalculator Preferences
[2013/05/19 13:28:36 | 000,002,603 | ---- | M] () -- D:\Users\Public\Desktop\Schulze-Soft Deutsch 64bit.lnk
[2013/05/19 13:28:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schulze Elektronik GmbH
[2013/05/15 15:17:50 | 000,001,163 | ---- | M] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WatchMyCam.lnk
[2013/05/15 15:17:50 | 000,001,139 | ---- | M] () -- D:\Users\Public\Desktop\WatchMyCam.lnk
[2013/05/15 15:17:50 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\WatchMyCam
[2013/05/14 16:14:57 | 000,000,921 | ---- | M] () -- D:\Users\test\Desktop\Dorgem.lnk
[2013/05/14 16:14:57 | 000,000,921 | ---- | M] () -- D:\Users\MLeo\Desktop\Dorgem.lnk
[2013/05/14 16:14:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dorgem
[2013/05/14 14:57:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/14 14:57:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/14 11:25:44 | 000,001,961 | ---- | M] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2013/05/14 11:25:44 | 000,001,865 | ---- | M] () -- D:\Users\MLeo\Desktop\Yawcam.lnk
[2013/05/14 11:25:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yawcam
[2013/05/14 07:04:33 | 000,002,524 | ---- | M] () -- D:\Users\MLeo\Desktop\Gmail.lnk
[2 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
[1 D:\Users\MLeo\Desktop\*.tmp files -> D:\Users\MLeo\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/06/12 04:33:41 | 000,135,596 | ---- | C] () -- D:\wubildr
[2013/06/05 21:05:17 | 000,025,185 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/06/05 21:05:16 | 000,025,185 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2013/06/03 04:42:25 | 000,005,181 | ---- | C] () -- D:\Users\MLeo\Desktop\p11b0-pic04m.jpg
[2013/06/02 14:41:10 | 000,013,106 | ---- | C] () -- D:\Users\MLeo\AppData\Local\recently-used.xbel
[2013/05/30 12:58:59 | 000,127,488 | ---- | C] () -- D:\Windows\System32\ff_vfw.dll
[2013/05/30 04:46:44 | 000,002,004 | ---- | C] () -- D:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/05/29 12:25:07 | 000,001,148 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
[2013/05/29 12:25:07 | 000,001,136 | ---- | C] () -- D:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2013/05/22 02:08:34 | 000,002,021 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader X.lnk
[2013/05/21 12:27:26 | 000,002,028 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/05/19 13:28:36 | 000,002,603 | ---- | C] () -- D:\Users\Public\Desktop\Schulze-Soft Deutsch 64bit.lnk
[2013/05/15 15:17:50 | 000,001,163 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WatchMyCam.lnk
[2013/05/15 15:17:50 | 000,001,139 | ---- | C] () -- D:\Users\Public\Desktop\WatchMyCam.lnk
[2013/05/14 16:14:57 | 000,000,921 | ---- | C] () -- D:\Users\test\Desktop\Dorgem.lnk
[2013/05/14 16:14:57 | 000,000,921 | ---- | C] () -- D:\Users\MLeo\Desktop\Dorgem.lnk
[2013/05/14 11:25:44 | 000,001,961 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yawcam.lnk
[2013/05/14 11:25:44 | 000,001,865 | ---- | C] () -- D:\Users\MLeo\Desktop\Yawcam.lnk
[2013/05/14 07:04:33 | 000,002,629 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail.lnk
[2013/05/14 07:04:33 | 000,002,524 | ---- | C] () -- D:\Users\MLeo\Desktop\Gmail.lnk
[2013/05/12 05:19:53 | 000,000,783 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\DriveCalculator Preferences
[2013/04/01 09:18:31 | 000,000,515 | ---- | C] () -- D:\ProgramData\qcadrc
[2013/03/06 09:41:18 | 000,110,592 | ---- | C] () -- D:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/06 09:41:18 | 000,037,344 | ---- | C] () -- D:\Windows\SysWow64\FsUsbExDisk.Sys
[2013/01/13 04:31:33 | 000,000,055 | ---- | C] () -- D:\Windows\wininit.ini
[2012/12/12 11:41:24 | 000,064,512 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2012/10/31 10:02:47 | 000,000,600 | ---- | C] () -- D:\Users\MLeo\AppData\Local\PUTTY.RND
[2012/10/22 12:40:28 | 000,272,928 | ---- | C] () -- D:\Windows\SysWow64\igvpkrng600.bin
[2012/10/22 12:40:00 | 000,963,452 | ---- | C] () -- D:\Windows\SysWow64\igcodeckrng600.bin
[2012/10/12 10:28:51 | 000,000,530 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012/09/26 15:57:16 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2012/09/26 15:57:14 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2012/09/26 15:57:14 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/09/26 15:57:14 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/09/26 15:57:14 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/09/16 11:02:28 | 000,000,040 | -HS- | C] () -- D:\ProgramData\.zreglib
[2012/07/25 04:40:13 | 004,503,728 | ---- | C] () -- D:\ProgramData\z7_0ytr.pad
[2012/07/12 03:03:01 | 004,503,728 | ---- | C] () -- D:\ProgramData\go_0molg.pad
[2012/04/25 09:58:55 | 001,064,960 | ---- | C] () -- D:\Windows\SysWow64\h5krnl32.dll
[2012/04/25 09:58:55 | 000,188,928 | ---- | C] () -- D:\Windows\SysWow64\h5icon32.dll
[2012/04/25 09:58:55 | 000,175,616 | ---- | C] () -- D:\Windows\SysWow64\h5menu32.dll
[2012/04/25 09:58:55 | 000,095,744 | ---- | C] () -- D:\Windows\SysWow64\h5rtf32.dll
[2012/04/25 09:58:55 | 000,051,200 | ---- | C] () -- D:\Windows\SysWow64\h5tool32.dll
[2012/04/01 10:09:03 | 000,000,412 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\All CPU Meter_Settings.ini
[2012/03/27 17:10:40 | 000,000,132 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/05 08:51:20 | 000,000,261 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Battery Meter_Settings.ini
[2012/03/01 04:43:56 | 000,000,306 | RHS- | C] () -- D:\ProgramData\ntuser.pol
[2012/02/17 04:27:56 | 000,963,912 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2012/02/17 04:27:56 | 000,261,208 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2012/02/11 14:43:30 | 000,127,184 | ---- | C] () -- D:\Windows\Unwise.exe
[2012/02/11 05:43:27 | 000,032,256 | ---- | C] () -- D:\Windows\SysWow64\AVSredirect.dll
[2012/02/11 05:37:37 | 000,107,520 | RHS- | C] () -- D:\Windows\SysWow64\TAKDSDecoder.dll
[2012/02/08 07:34:04 | 000,007,628 | ---- | C] () -- D:\Users\MLeo\AppData\Local\Resmon.ResmonCfg
[2012/02/08 07:29:06 | 000,000,352 | ---- | C] () -- D:\Users\MLeo\AppData\Roaming\Network Meter_Settings.ini
[2012/02/06 12:30:43 | 000,001,698 | ---- | C] () -- D:\Windows\Hew2Inst.ini
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_89001461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_49001461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_33011461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2B071461_ca.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2B071461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2B071461_8a.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2A0F1461_ca.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2A071461_ca.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2A071461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_2A071461_8a.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_14001461_61.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_13011461_aa.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_110F1461_ca.bin
[2012/02/03 06:41:43 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_110F1461_8a.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_A3031461_ca.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_A3031461_aa.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_A3031461_8a.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_83231461_ca.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_83231461_aa.bin
[2012/02/03 06:41:43 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_83231461_8a.bin
[2012/02/03 06:41:43 | 000,000,434 | ---- | C] () -- D:\Windows\11317231_890F1461_ca.bin
[2012/02/03 06:41:43 | 000,000,434 | ---- | C] () -- D:\Windows\11317231_2B0f1461_ca.bin
[2012/02/03 06:41:43 | 000,000,434 | ---- | C] () -- D:\Windows\11317231_29001461_ca.bin
[2012/02/03 06:41:43 | 000,000,412 | ---- | C] () -- D:\Windows\11317231_180F1461_ca.bin
[2012/02/03 06:41:43 | 000,000,412 | ---- | C] () -- D:\Windows\11317231_18071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_11071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_11071461_8a.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0B071461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0B071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0B071461_8a.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A0F1461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A071461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A071461_8a.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A031461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A031461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A011461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_0A011461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_09001461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_08071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_060F1461_ca.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_06071461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_06071461_8a.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_03011461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_03011461_8a.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_02011461_aa.bin
[2012/02/03 06:41:42 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_02011461_8a.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_07031461_aa.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_03231461_ca.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_03231461_aa.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_03231461_8a.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_03131461_8a.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_03031461_aa.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_02031461_ca.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_02031461_aa.bin
[2012/02/03 06:41:42 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_02031461_8a.bin
[2012/02/03 06:41:42 | 000,000,434 | ---- | C] () -- D:\Windows\11317231_0B0f1461_ca.bin
[2012/02/03 06:41:42 | 000,000,434 | ---- | C] () -- D:\Windows\11317231_090F1461_ca.bin
[2012/02/03 06:41:42 | 000,000,376 | ---- | C] () -- D:\Windows\11317231_03131461_aa.bin
[2012/02/03 06:41:41 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_010F1461_ca.bin
[2012/02/03 06:41:41 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_010F1461_8a.bin
[2012/02/03 06:41:41 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_01071461_aa.bin
[2012/02/03 06:41:41 | 000,000,502 | ---- | C] () -- D:\Windows\11317231_01071461_8a.bin
[2012/02/03 06:41:41 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_00000000_aa.bin
[2012/02/03 06:41:41 | 000,000,461 | ---- | C] () -- D:\Windows\11317231_00000000_8a.bin
[2012/02/03 06:38:50 | 000,066,856 | ---- | C] () -- D:\Windows\SysWow64\SynTPEnhPS.dll
[2012/02/03 06:37:52 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 02:44:00 | 010,920,984 | ---- | C] () -- D:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 02:44:00 | 000,336,408 | ---- | C] () -- D:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 02:44:00 | 000,104,472 | ---- | C] () -- D:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/11 06:22:50 | 001,599,202 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2009/10/06 03:16:02 | 000,819,200 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2009/07/25 09:20:38 | 000,200,780 | ---- | C] () -- D:\Windows\SysWow64\ParaConv_DS1000DE.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 09:15:52 | 000,000,244 | ---- | C] () -- D:\Windows\SysWow64\nirpc.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2006/10/10 13:17:20 | 000,225,327 | ---- | C] () -- D:\Windows\SysWow64\DataZoom.dll
[2006/09/28 05:20:34 | 000,131,128 | ---- | C] () -- D:\Windows\SysWow64\AlgWave.dll
[2006/09/22 08:31:00 | 000,335,974 | ---- | C] () -- D:\Windows\SysWow64\Gzip.dll
[2006/05/09 12:02:14 | 000,098,388 | ---- | C] () -- D:\Windows\SysWow64\DS1000_TransColor.dll
========== LOP Check ==========
[2012/10/18 11:37:25 | 000,000,000 | ---D | M] -- D:\ProgramData\.cse
[2012/11/29 05:05:15 | 000,000,000 | ---D | M] -- D:\ProgramData\Acronis
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/05/08 08:01:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk
[2012/02/11 05:36:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2012/05/08 08:10:51 | 000,000,000 | ---D | M] -- D:\ProgramData\boost_interprocess
[2012/03/04 12:38:29 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2012/02/24 04:21:06 | 000,000,000 | ---D | M] -- D:\ProgramData\Codemasters
[2013/03/24 13:11:45 | 000,000,000 | ---D | M] -- D:\ProgramData\com.aspexsoftware.Silhouette_Studio.8
[2013/03/24 13:11:34 | 000,000,000 | ---D | M] -- D:\ProgramData\com.aspexsoftware.Silhouette_Studio.license
[2017/06/01 04:48:12 | 000,000,000 | ---D | M] -- D:\ProgramData\CutWizard-Hobbyplotter
[2012/02/06 18:13:22 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/02/10 17:27:21 | 000,000,000 | ---D | M] -- D:\ProgramData\Futuremark
[2012/11/16 13:12:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Gibraltar
[2012/04/19 04:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\HeidiSQL
[2012/11/19 10:50:01 | 000,000,000 | ---D | M] -- D:\ProgramData\id Software
[2012/09/21 02:49:21 | 000,000,000 | ---D | M] -- D:\ProgramData\install_clap
[2013/02/10 09:59:11 | 000,000,000 | ---D | M] -- D:\ProgramData\IVI Foundation
[2013/02/10 09:59:52 | 000,000,000 | ---D | M] -- D:\ProgramData\National Instruments
[2012/02/06 16:02:13 | 000,000,000 | ---D | M] -- D:\ProgramData\PCDr
[2012/09/21 03:03:36 | 000,000,000 | ---D | M] -- D:\ProgramData\PDVD
[2012/02/03 06:19:21 | 000,000,000 | ---D | M] -- D:\ProgramData\PhotoShow Shared Assets
[2013/06/11 11:41:21 | 000,000,000 | ---D | M] -- D:\ProgramData\pnqu
[2012/02/23 08:47:42 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2012/02/06 12:31:42 | 000,000,000 | ---D | M] -- D:\ProgramData\Renesas
[2012/02/03 05:49:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Roaming
[2013/04/27 17:37:05 | 000,000,000 | ---D | M] -- D:\ProgramData\Rockstar Games
[2012/02/06 12:33:28 | 000,000,000 | ---D | M] -- D:\ProgramData\SafeNet Sentinel
[2012/12/03 07:41:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2012/09/16 11:00:23 | 000,000,000 | ---D | M] -- D:\ProgramData\SlySoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/11/15 12:11:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Swiss Academic Software
[2012/11/18 19:23:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/02/03 06:20:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Uninstall
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/11/11 06:25:15 | 000,000,000 | ---D | M] -- D:\ProgramData\VS
[2013/05/15 15:17:52 | 000,000,000 | ---D | M] -- D:\ProgramData\WatchMyCam
[2012/09/20 09:53:06 | 000,000,000 | ---D | M] -- D:\ProgramData\WebEx
[2012/02/11 14:44:36 | 000,000,000 | ---D | M] -- D:\ProgramData\X10 Settings
[2012/08/12 07:49:12 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012/11/11 06:08:49 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin
[2012/10/18 12:33:46 | 000,000,000 | ---D | M] -- D:\.Xilinx
[2012/11/02 06:07:13 | 000,000,000 | ---D | M] -- D:\altera
[2013/05/22 02:08:48 | 000,000,000 | -HSD | M] -- D:\Config.Msi
[2012/02/11 14:05:12 | 000,000,000 | ---D | M] -- D:\DELL
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\Documents and Settings
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen
[2013/03/30 15:09:21 | 000,000,000 | ---D | M] -- D:\dosgames
[2012/02/03 06:41:41 | 000,000,000 | ---D | M] -- D:\Drivers
[2012/06/29 04:03:17 | 000,000,000 | ---D | M] -- D:\eclipse
[2013/03/30 04:41:59 | 000,000,000 | -HSD | M] -- D:\found.000
[2012/04/25 04:51:09 | 000,000,000 | ---D | M] -- D:\Fraps
[2012/07/23 08:55:42 | 000,000,000 | ---D | M] -- D:\glassfish3
[2013/01/06 12:43:18 | 000,000,000 | ---D | M] -- D:\Intel
[2012/02/06 11:49:58 | 000,000,000 | RH-D | M] -- D:\MSOCache
[2013/02/10 09:50:47 | 000,000,000 | ---D | M] -- D:\National Instruments Downloads
[2012/03/31 12:17:25 | 000,000,000 | ---D | M] -- D:\NVIDIA
[2012/05/03 03:47:25 | 000,000,000 | ---D | M] -- D:\PerfLogs
[2012/08/02 12:13:47 | 000,000,000 | ---D | M] -- D:\Pinguino
[2012/08/02 12:14:04 | 000,000,000 | ---D | M] -- D:\PinguinoX.2
[2012/08/02 12:21:31 | 000,000,000 | ---D | M] -- D:\PinguinoX.3
[2013/06/05 13:40:06 | 000,000,000 | ---D | M] -- D:\Program Files
[2017/06/01 04:48:07 | 000,000,000 | R--D | M] -- D:\Program Files (x86)
[2013/06/11 11:41:21 | 000,000,000 | -H-D | M] -- D:\ProgramData
[2012/02/06 11:18:09 | 000,000,000 | -HSD | M] -- D:\Programme
[2012/03/01 04:44:54 | 000,000,000 | ---D | M] -- D:\Python26
[2012/02/20 07:31:08 | 000,000,000 | ---D | M] -- D:\Python27
[2013/03/01 06:38:48 | 000,000,000 | ---D | M] -- D:\Ross-Tech
[2012/10/02 03:18:42 | 000,000,000 | ---D | M] -- D:\sdr
[2012/11/12 11:42:17 | 000,000,000 | ---D | M] -- D:\secure_download_manager
[2013/06/10 15:57:37 | 000,000,000 | -HSD | M] -- D:\System Volume Information
[2013/05/14 16:14:39 | 000,000,000 | ---D | M] -- D:\Temp
[2013/02/08 03:40:13 | 000,000,000 | ---D | M] -- D:\ti
[2012/03/01 02:59:19 | 000,000,000 | ---D | M] -- D:\ubuntu
[2013/02/01 13:31:49 | 000,000,000 | ---D | M] -- D:\UltraLibrarian
[2013/02/14 06:19:45 | 000,000,000 | ---D | M] -- D:\usb_driver
[2013/05/02 07:06:30 | 000,000,000 | R--D | M] -- D:\Users
[2013/06/05 21:01:15 | 000,000,000 | ---D | M] -- D:\Windows
[2013/02/05 14:22:09 | 000,000,000 | ---D | M] -- D:\workspace_v5_1
[2012/04/19 04:25:46 | 000,000,000 | ---D | M] -- D:\xampp
[2012/10/18 12:33:00 | 000,000,000 | ---D | M] -- D:\Xilinx
[2013/04/07 04:35:32 | 000,000,000 | ---D | M] -- D:\µCIM
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\$WIN_NT$.~LS\I386\sp2.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\$WIN_NT$.~LS\I386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\I386\sp3.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\WIN_NT.LS\I386\sp2.cab:AGP440.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\WIN_NT.LS\I386\sp3.cab:AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- D:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\$WIN_NT$.~LS\I386\sp2.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\$WIN_NT$.~LS\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\I386\sp3.cab:atapi.sys
[2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\WIN_NT.LS\I386\sp2.cab:atapi.sys
[2008/04/14 02:03:54 | 020,108,202 | ---- | M] () .cab file -- D:\Users\MLeo\Documents\daten vom stick\WIN_NT.LS\I386\sp3.cab:atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- D:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\System32\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- D:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2012/02/03 07:04:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/03 07:04:33 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\explorer.exe
[2012/02/03 07:04:33 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/03 07:04:33 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/03 07:04:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\SysWOW64\explorer.exe
[2012/02/03 07:04:33 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- D:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
< MD5 for: IASTOR.SYS >
[2012/02/01 10:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- D:\Windows\System32\drivers\iaStor.sys
[2012/02/01 10:16:40 | 000,568,600 | ---- | M] (Intel Corporation) MD5=D1753C06EE17E29352B065EACF3F10D0 -- D:\Windows\System32\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4b6764daf5ce9174\iaStor.sys
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- D:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- D:\Windows\System32\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012/02/03 07:04:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012/02/03 07:04:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\drivers\iaStorV.sys
[2012/02/03 07:04:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012/02/03 07:04:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- D:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\System32\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- D:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\SysWOW64\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2012/02/03 07:04:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012/02/03 07:04:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\drivers\nvstor.sys
[2012/02/03 07:04:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012/02/03 07:04:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- D:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\SysWOW64\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\System32\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- D:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\SysWOW64\user32.dll
[2010/11/20 23:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- D:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\System32\user32.dll
[2010/11/20 23:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- D:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\System32\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- D:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\System32\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- D:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 20:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- D:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
|
|
12.06.2013, 14:54
| #8 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys ist das n firmen pc? wenn ja habt ihr ne it abteilung dann müsste die da rann.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 14:57
| #9 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Äh nein, das ist mein privat PC |
|
12.06.2013, 15:02
| #10 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\MLeo_ON_D Winlogon: Shell - ( ) - D:\Users\MLeo\AppData\Roaming\dbu32.ocx (TODO: <Company name>)
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 15:31
| #11 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Hier die Log: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\MLeo_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell deleted successfully.
D:\Users\MLeo\AppData\Roaming\dbu32.ocx moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: MLeo
User: Public
User: test
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
User: Default User
User: MLeo
User: Public
User: test
User: UpdatusUser
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 947805322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68781 bytes
Total Files Cleaned = 906.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 06122013_171752
Mein Notebook fährt hoch als wäre nie etwas gewesen. Vielen Dank Wenn ich das richtig interpretiere war das wohl ein ActiveX Steuerelement? Wie kann ich verhindern dass sowas wieder passiert? Und wie kann das sein dass sowas passiert wenn ich doch nichtmal an meinem PC sitze? Es war nämlich tatsächlich so, dass ich vom Abendessen zurück kam und der Bildschirm grau war. Gruß Leo |
|
12.06.2013, 17:01
| #12 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys hi das is ne exe, man hat da die endung einfach umbenannt. wir gucken mal weiter. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 17:14
| #13 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys Hier die Log: (Achja, die Uhrzeit von dem Notebook hat sich geändert - hat das etwas zu bedeuten?) Code:
ATTFilter 19:10:03.0236 7272 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:10:03.0704 7272 ============================================================
19:10:03.0704 7272 Current date / time: 2013/06/12 19:10:03.0704
19:10:03.0704 7272 SystemInfo:
19:10:03.0704 7272
19:10:03.0704 7272 OS Version: 6.1.7601 ServicePack: 1.0
19:10:03.0704 7272 Product type: Workstation
19:10:03.0704 7272 ComputerName: MLEO-NOTEBOOK
19:10:03.0704 7272 UserName: MLeo
19:10:03.0704 7272 Windows directory: C:\Windows
19:10:03.0704 7272 System windows directory: C:\Windows
19:10:03.0704 7272 Running under WOW64
19:10:03.0704 7272 Processor architecture: Intel x64
19:10:03.0704 7272 Number of processors: 8
19:10:03.0704 7272 Page size: 0x1000
19:10:03.0704 7272 Boot type: Normal boot
19:10:03.0704 7272 ============================================================
19:10:04.0812 7272 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:10:04.0858 7272 Drive \Device\Harddisk1\DR2 - Size: 0x1DE000000 (7.47 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:10:04.0874 7272 ============================================================
19:10:04.0874 7272 \Device\Harddisk0\DR0:
19:10:04.0874 7272 MBR partitions:
19:10:04.0874 7272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
19:10:04.0874 7272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
19:10:04.0874 7272 \Device\Harddisk1\DR2:
19:10:04.0874 7272 MBR partitions:
19:10:04.0874 7272 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x50, BlocksNum 0xEEFFB0
19:10:04.0874 7272 ============================================================
19:10:04.0921 7272 C: <-> \Device\Harddisk0\DR0\Partition2
19:10:04.0921 7272 ============================================================
19:10:04.0921 7272 Initialize success
19:10:04.0921 7272 ============================================================
19:10:23.0079 7416 ============================================================
19:10:23.0079 7416 Scan started
19:10:23.0079 7416 Mode: Manual; SigCheck; TDLFS;
19:10:23.0079 7416 ============================================================
19:10:23.0376 7416 ================ Scan system memory ========================
19:10:23.0376 7416 System memory - ok
19:10:23.0376 7416 ================ Scan services =============================
19:10:23.0500 7416 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:10:23.0641 7416 1394ohci - ok
19:10:23.0672 7416 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
19:10:23.0750 7416 Acceler - ok
19:10:23.0766 7416 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:10:23.0797 7416 ACPI - ok
19:10:23.0844 7416 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:10:23.0906 7416 AcpiPmi - ok
19:10:24.0031 7416 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:10:24.0046 7416 AdobeARMservice - ok
19:10:24.0218 7416 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:10:24.0249 7416 AdobeFlashPlayerUpdateSvc - ok
19:10:24.0280 7416 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:10:24.0296 7416 adp94xx - ok
19:10:24.0327 7416 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:10:24.0343 7416 adpahci - ok
19:10:24.0358 7416 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:10:24.0374 7416 adpu320 - ok
19:10:24.0390 7416 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:10:24.0514 7416 AeLookupSvc - ok
19:10:24.0608 7416 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
19:10:24.0639 7416 AERTFilters - ok
19:10:24.0670 7416 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:10:24.0748 7416 AFD - ok
19:10:24.0764 7416 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:10:24.0795 7416 agp440 - ok
19:10:24.0967 7416 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
19:10:24.0967 7416 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
19:10:24.0967 7416 Akamai ( HiddenFile.Multi.Generic ) - warning
19:10:24.0967 7416 Akamai - detected HiddenFile.Multi.Generic (1)
19:10:24.0998 7416 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:10:25.0029 7416 ALG - ok
19:10:25.0045 7416 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:10:25.0076 7416 aliide - ok
19:10:25.0326 7416 ALSysIO - ok
19:10:25.0419 7416 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:10:25.0450 7416 amdide - ok
19:10:25.0466 7416 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:10:25.0497 7416 AmdK8 - ok
19:10:25.0513 7416 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:10:25.0544 7416 AmdPPM - ok
19:10:25.0575 7416 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:10:25.0622 7416 amdsata - ok
19:10:25.0638 7416 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:10:25.0653 7416 amdsbs - ok
19:10:25.0653 7416 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:10:25.0669 7416 amdxata - ok
19:10:25.0716 7416 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
19:10:25.0762 7416 AMPPAL - ok
19:10:25.0778 7416 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
19:10:25.0778 7416 AMPPALP - ok
19:10:25.0950 7416 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:10:27.0042 7416 AMPPALR3 - ok
19:10:27.0073 7416 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:10:27.0213 7416 AppID - ok
19:10:27.0229 7416 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:10:27.0260 7416 AppIDSvc - ok
19:10:27.0307 7416 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:10:27.0354 7416 Appinfo - ok
19:10:27.0385 7416 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:10:27.0416 7416 arc - ok
19:10:27.0432 7416 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:10:27.0432 7416 arcsas - ok
19:10:27.0510 7416 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:10:27.0588 7416 aspnet_state - ok
19:10:27.0634 7416 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:10:27.0697 7416 AsyncMac - ok
19:10:27.0728 7416 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:10:27.0744 7416 atapi - ok
19:10:27.0775 7416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:10:27.0822 7416 AudioEndpointBuilder - ok
19:10:27.0837 7416 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:10:27.0868 7416 AudioSrv - ok
19:10:27.0931 7416 [ FD6D09D43563322543134D2C0136B41B ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys
19:10:28.0009 7416 AVer7231_x64 - ok
19:10:28.0056 7416 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:10:28.0149 7416 AxInstSV - ok
19:10:28.0165 7416 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:10:28.0212 7416 b06bdrv - ok
19:10:28.0243 7416 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:10:28.0258 7416 b57nd60a - ok
19:10:28.0290 7416 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:10:28.0321 7416 BDESVC - ok
19:10:28.0321 7416 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:10:28.0352 7416 Beep - ok
19:10:28.0383 7416 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:10:28.0446 7416 BFE - ok
19:10:28.0492 7416 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:10:28.0524 7416 BITS - ok
19:10:28.0539 7416 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:10:28.0539 7416 blbdrive - ok
19:10:28.0680 7416 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:10:28.0742 7416 Bluetooth Device Monitor - ok
19:10:28.0789 7416 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:10:28.0836 7416 Bluetooth Media Service - ok
19:10:28.0898 7416 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:10:28.0945 7416 Bluetooth OBEX Service - ok
19:10:28.0976 7416 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:10:29.0038 7416 bowser - ok
19:10:29.0054 7416 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:10:29.0085 7416 BrFiltLo - ok
19:10:29.0101 7416 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:10:29.0116 7416 BrFiltUp - ok
19:10:29.0179 7416 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:10:29.0272 7416 Browser - ok
19:10:29.0288 7416 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:10:29.0382 7416 Brserid - ok
19:10:29.0397 7416 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:10:29.0413 7416 BrSerWdm - ok
19:10:29.0413 7416 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:10:29.0428 7416 BrUsbMdm - ok
19:10:29.0444 7416 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:10:29.0460 7416 BrUsbSer - ok
19:10:29.0522 7416 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:10:29.0631 7416 BthEnum - ok
19:10:29.0647 7416 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:10:29.0678 7416 BTHMODEM - ok
19:10:29.0694 7416 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:10:29.0709 7416 BthPan - ok
19:10:29.0756 7416 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:10:29.0787 7416 BTHPORT - ok
19:10:29.0818 7416 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:10:29.0865 7416 bthserv - ok
19:10:29.0928 7416 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:10:29.0974 7416 BTHSSecurityMgr - ok
19:10:29.0990 7416 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:10:30.0006 7416 BTHUSB - ok
19:10:30.0037 7416 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\Windows\system32\drivers\btmaud.sys
19:10:30.0084 7416 btmaudio - ok
19:10:30.0115 7416 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
19:10:30.0146 7416 btmaux - ok
19:10:30.0193 7416 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
19:10:30.0240 7416 btmhsf - ok
19:10:30.0271 7416 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:10:30.0333 7416 cdfs - ok
19:10:30.0396 7416 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:10:30.0442 7416 cdrom - ok
19:10:30.0458 7416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:10:30.0489 7416 CertPropSvc - ok
19:10:30.0505 7416 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:10:30.0520 7416 circlass - ok
19:10:30.0536 7416 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:10:30.0552 7416 CLFS - ok
19:10:30.0770 7416 [ EC6B664082E04D9007513C7090110B0E ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
19:10:30.0801 7416 CLHNServiceForPowerDVD12 - ok
19:10:30.0926 7416 [ 8F2FB981CB24D02816983B5A0B44F3A8 ] CLKMSVC10_9EC60124 c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
19:10:30.0957 7416 CLKMSVC10_9EC60124 - ok
19:10:31.0004 7416 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:10:31.0035 7416 clr_optimization_v2.0.50727_32 - ok
19:10:31.0066 7416 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:10:31.0082 7416 clr_optimization_v2.0.50727_64 - ok
19:10:31.0129 7416 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:10:31.0222 7416 clr_optimization_v4.0.30319_32 - ok
19:10:31.0238 7416 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:10:31.0285 7416 clr_optimization_v4.0.30319_64 - ok
19:10:31.0300 7416 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:10:31.0316 7416 CmBatt - ok
19:10:31.0332 7416 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:10:31.0363 7416 cmdide - ok
19:10:31.0425 7416 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:10:31.0488 7416 CNG - ok
19:10:31.0503 7416 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:10:31.0534 7416 Compbatt - ok
19:10:31.0550 7416 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:10:31.0566 7416 CompositeBus - ok
19:10:31.0566 7416 COMSysApp - ok
19:10:31.0753 7416 [ 6958D40091456397FE26FBB453E5AB5E ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
19:10:31.0784 7416 cphs - ok
19:10:31.0846 7416 [ C08063F052308B6F5882482615387F30 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
19:10:31.0878 7416 cpuz135 - ok
19:10:31.0893 7416 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:10:31.0924 7416 crcdisk - ok
19:10:31.0971 7416 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:10:32.0018 7416 CryptSvc - ok
19:10:32.0065 7416 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
19:10:32.0112 7416 CtClsFlt - ok
19:10:32.0127 7416 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
19:10:32.0158 7416 CVirtA - ok
19:10:32.0252 7416 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
19:10:32.0486 7416 CVPND - ok
19:10:32.0533 7416 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
19:10:32.0595 7416 CVPNDRVA - ok
19:10:32.0720 7416 [ 9519CB1BEF593A29EB8C8BE0E7E9D7CF ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
19:10:32.0751 7416 CyberLink PowerDVD 12 Media Server Monitor Service - ok
19:10:32.0767 7416 [ 8570A9460AAD8C1A0E53CC6D71BF51D0 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
19:10:32.0782 7416 CyberLink PowerDVD 12 Media Server Service - ok
19:10:32.0814 7416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:10:32.0876 7416 DcomLaunch - ok
19:10:32.0923 7416 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:10:32.0985 7416 defragsvc - ok
19:10:33.0001 7416 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:10:33.0032 7416 DfsC - ok
19:10:33.0079 7416 [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:10:33.0110 7416 dg_ssudbus - ok
19:10:33.0157 7416 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:10:33.0250 7416 Dhcp - ok
19:10:33.0266 7416 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:10:33.0297 7416 discache - ok
19:10:33.0375 7416 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:10:33.0391 7416 Disk - ok
19:10:33.0438 7416 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
19:10:33.0469 7416 DNE - ok
19:10:33.0484 7416 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:10:33.0547 7416 Dnscache - ok
19:10:33.0578 7416 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:10:33.0625 7416 dot3svc - ok
19:10:33.0656 7416 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:10:33.0718 7416 DPS - ok
19:10:33.0765 7416 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:10:33.0796 7416 drmkaud - ok
19:10:33.0859 7416 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:10:33.0906 7416 DXGKrnl - ok
19:10:33.0968 7416 [ BEE289225C98F6730D25C60DFBE3158D ] E1USB C:\Windows\system32\DRIVERS\E1usb.sys
19:10:34.0030 7416 E1USB - ok
19:10:34.0077 7416 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:10:34.0140 7416 EapHost - ok
19:10:34.0264 7416 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:10:34.0405 7416 ebdrv - ok
19:10:34.0452 7416 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:10:34.0530 7416 EFS - ok
19:10:34.0592 7416 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:10:34.0639 7416 ehRecvr - ok
19:10:34.0654 7416 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:10:34.0670 7416 ehSched - ok
19:10:34.0701 7416 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:10:34.0732 7416 elxstor - ok
19:10:34.0748 7416 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:10:34.0764 7416 ErrDev - ok
19:10:34.0795 7416 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:10:34.0842 7416 EventSystem - ok
19:10:34.0998 7416 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:10:35.0060 7416 EvtEng - ok
19:10:35.0091 7416 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:10:35.0169 7416 exfat - ok
19:10:35.0200 7416 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:10:35.0263 7416 fastfat - ok
19:10:35.0294 7416 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:10:35.0388 7416 Fax - ok
19:10:35.0419 7416 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:10:35.0434 7416 fdc - ok
19:10:35.0450 7416 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:10:35.0481 7416 fdPHost - ok
19:10:35.0497 7416 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:10:35.0512 7416 FDResPub - ok
19:10:35.0544 7416 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:10:35.0575 7416 FileInfo - ok
19:10:35.0590 7416 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:10:35.0622 7416 Filetrace - ok
19:10:35.0715 7416 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:10:35.0871 7416 FLEXnet Licensing Service - ok
19:10:36.0012 7416 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:10:36.0183 7416 FLEXnet Licensing Service 64 - ok
19:10:36.0199 7416 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:10:36.0199 7416 flpydisk - ok
19:10:36.0246 7416 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:10:36.0277 7416 FltMgr - ok
19:10:36.0324 7416 [ B8AFE7A30D34C0E9FDBA81632294547C ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
19:10:36.0355 7416 fltsrv - ok
19:10:36.0433 7416 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:10:36.0511 7416 FontCache - ok
19:10:36.0558 7416 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:10:36.0573 7416 FontCache3.0.0.0 - ok
19:10:36.0589 7416 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:10:36.0604 7416 FsDepends - ok
19:10:36.0667 7416 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
19:10:36.0682 7416 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:10:36.0682 7416 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:10:36.0714 7416 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:10:36.0745 7416 Fs_Rec - ok
19:10:36.0792 7416 [ F16370F37CCA72ED2C21C230333C2C11 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
19:10:36.0807 7416 FTDIBUS - ok
19:10:36.0838 7416 [ 196C9BDDBEF9B6D0973F398BEF5B2EEE ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
19:10:36.0854 7416 FTSER2K - ok
19:10:36.0901 7416 [ 0D015D3584704EC814A58276232F143B ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
19:10:36.0948 7416 Futuremark SystemInfo Service - ok
19:10:37.0010 7416 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:10:37.0026 7416 fvevol - ok
19:10:37.0057 7416 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:10:37.0072 7416 gagp30kx - ok
19:10:37.0104 7416 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:10:37.0166 7416 gpsvc - ok
19:10:37.0244 7416 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:10:37.0260 7416 gupdate - ok
19:10:37.0275 7416 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:10:37.0291 7416 gupdatem - ok
19:10:37.0291 7416 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:10:37.0353 7416 hcw85cir - ok
19:10:37.0400 7416 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:10:37.0447 7416 HdAudAddService - ok
19:10:37.0462 7416 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:10:37.0509 7416 HDAudBus - ok
19:10:37.0525 7416 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:10:37.0525 7416 HidBatt - ok
19:10:37.0540 7416 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:10:37.0572 7416 HidBth - ok
19:10:37.0587 7416 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:10:37.0603 7416 HidIr - ok
19:10:37.0618 7416 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:10:37.0665 7416 hidserv - ok
19:10:37.0696 7416 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:10:37.0712 7416 HidUsb - ok
19:10:37.0728 7416 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:10:37.0774 7416 hkmsvc - ok
19:10:37.0868 7416 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:10:37.0915 7416 HomeGroupListener - ok
19:10:37.0946 7416 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:10:37.0962 7416 HomeGroupProvider - ok
19:10:38.0008 7416 [ 64BF8D37948A9D94FD85E668EEC85F00 ] HPKBx64 C:\Windows\system32\DRIVERS\HPKBx64.sys
19:10:38.0040 7416 HPKBx64 - ok
19:10:38.0071 7416 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:10:38.0086 7416 HpSAMD - ok
19:10:38.0118 7416 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:10:38.0149 7416 HTTP - ok
19:10:38.0164 7416 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:10:38.0180 7416 hwpolicy - ok
19:10:38.0196 7416 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:10:38.0242 7416 i8042prt - ok
19:10:38.0305 7416 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:10:38.0320 7416 iaStor - ok
19:10:38.0414 7416 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:10:38.0445 7416 IAStorDataMgrSvc - ok
19:10:38.0476 7416 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:10:38.0523 7416 iaStorV - ok
19:10:38.0554 7416 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:10:38.0570 7416 iBtFltCoex - ok
19:10:38.0648 7416 [ 83FF82FE209E7997067B375DAD6CF23D ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:10:38.0679 7416 ICCS - ok
19:10:38.0757 7416 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:10:38.0835 7416 idsvc - ok
19:10:38.0976 7416 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:10:39.0178 7416 igfx - ok
19:10:39.0210 7416 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:10:39.0241 7416 iirsp - ok
19:10:39.0272 7416 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:10:39.0350 7416 IKEEXT - ok
19:10:39.0381 7416 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
19:10:39.0412 7416 Impcd - ok
19:10:39.0568 7416 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:10:39.0646 7416 IntcAzAudAddService - ok
19:10:39.0693 7416 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:10:39.0740 7416 IntcDAud - ok
19:10:39.0771 7416 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:10:39.0802 7416 intelide - ok
19:10:39.0834 7416 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:10:39.0865 7416 intelppm - ok
19:10:39.0896 7416 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:10:39.0943 7416 IPBusEnum - ok
19:10:39.0943 7416 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:10:39.0974 7416 IpFilterDriver - ok
19:10:40.0036 7416 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:10:40.0130 7416 iphlpsvc - ok
19:10:40.0146 7416 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:10:40.0161 7416 IPMIDRV - ok
19:10:40.0177 7416 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:10:40.0192 7416 IPNAT - ok
19:10:40.0224 7416 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:10:40.0224 7416 IRENUM - ok
19:10:40.0239 7416 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:10:40.0255 7416 isapnp - ok
19:10:40.0270 7416 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:10:40.0270 7416 iScsiPrt - ok
19:10:40.0333 7416 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:10:40.0333 7416 JMCR - ok
19:10:40.0364 7416 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:10:40.0395 7416 kbdclass - ok
19:10:40.0411 7416 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:10:40.0442 7416 kbdhid - ok
19:10:40.0458 7416 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:10:40.0489 7416 KeyIso - ok
19:10:40.0520 7416 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:10:40.0520 7416 KSecDD - ok
19:10:40.0536 7416 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:10:40.0551 7416 KSecPkg - ok
19:10:40.0551 7416 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:10:40.0598 7416 ksthunk - ok
19:10:40.0676 7416 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:10:40.0754 7416 KtmRm - ok
19:10:40.0785 7416 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:10:40.0832 7416 LanmanServer - ok
19:10:40.0863 7416 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:10:40.0894 7416 LanmanWorkstation - ok
19:10:41.0019 7416 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:10:41.0050 7416 LBTServ - ok
19:10:41.0066 7416 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:10:41.0082 7416 LHidFilt - ok
19:10:41.0128 7416 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
19:10:41.0160 7416 libusb0 - ok
19:10:41.0206 7416 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:10:41.0253 7416 lltdio - ok
19:10:41.0269 7416 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:10:41.0331 7416 lltdsvc - ok
19:10:41.0362 7416 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:10:41.0378 7416 lmhosts - ok
19:10:41.0394 7416 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:10:41.0409 7416 LMouFilt - ok
19:10:41.0440 7416 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:10:41.0487 7416 LMS - ok
19:10:41.0503 7416 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:10:41.0534 7416 LSI_FC - ok
19:10:41.0565 7416 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:10:41.0581 7416 LSI_SAS - ok
19:10:41.0581 7416 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:10:41.0596 7416 LSI_SAS2 - ok
19:10:41.0612 7416 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:10:41.0612 7416 LSI_SCSI - ok
19:10:41.0628 7416 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:10:41.0659 7416 luafv - ok
19:10:41.0706 7416 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
19:10:41.0737 7416 LUsbFilt - ok
19:10:41.0799 7416 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
19:10:41.0830 7416 LVRS64 - ok
19:10:41.0971 7416 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
19:10:42.0096 7416 LVUVC64 - ok
19:10:42.0127 7416 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:10:42.0127 7416 Mcx2Svc - ok
19:10:42.0142 7416 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:10:42.0158 7416 megasas - ok
19:10:42.0189 7416 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:10:42.0220 7416 MegaSR - ok
19:10:42.0252 7416 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:10:42.0252 7416 MEIx64 - ok
19:10:42.0501 7416 [ 0AF89452A8CE3928168F4E5B2208C68B ] mi-raysat_3dsmax2012_32 C:\Program Files (x86)\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe
19:10:42.0564 7416 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - warning
19:10:42.0564 7416 mi-raysat_3dsmax2012_32 - detected UnsignedFile.Multi.Generic (1)
19:10:42.0579 7416 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:10:42.0610 7416 MMCSS - ok
19:10:42.0626 7416 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:10:42.0642 7416 Modem - ok
19:10:42.0673 7416 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:10:42.0673 7416 monitor - ok
19:10:42.0688 7416 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:10:42.0688 7416 mouclass - ok
19:10:42.0720 7416 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:10:42.0751 7416 mouhid - ok
19:10:42.0798 7416 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:10:42.0829 7416 mountmgr - ok
19:10:42.0891 7416 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:10:42.0922 7416 MozillaMaintenance - ok
19:10:43.0016 7416 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:10:43.0047 7416 MpFilter - ok
19:10:43.0078 7416 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:10:43.0110 7416 mpio - ok
19:10:43.0125 7416 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:10:43.0156 7416 mpsdrv - ok
19:10:43.0172 7416 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:10:43.0219 7416 MpsSvc - ok
19:10:43.0219 7416 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:10:43.0234 7416 MRxDAV - ok
19:10:43.0266 7416 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:10:43.0281 7416 mrxsmb - ok
19:10:43.0297 7416 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:10:43.0312 7416 mrxsmb10 - ok
19:10:43.0312 7416 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:10:43.0328 7416 mrxsmb20 - ok
19:10:43.0344 7416 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:10:43.0359 7416 msahci - ok
19:10:43.0359 7416 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:10:43.0375 7416 msdsm - ok
19:10:43.0390 7416 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:10:43.0406 7416 MSDTC - ok
19:10:43.0422 7416 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:10:43.0453 7416 Msfs - ok
19:10:43.0468 7416 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:10:43.0484 7416 mshidkmdf - ok
19:10:43.0500 7416 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:10:43.0515 7416 msisadrv - ok
19:10:43.0531 7416 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:10:43.0593 7416 MSiSCSI - ok
19:10:43.0609 7416 msiserver - ok
19:10:43.0624 7416 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:10:43.0656 7416 MSKSSRV - ok
19:10:43.0734 7416 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:10:43.0749 7416 MsMpSvc - ok
19:10:43.0765 7416 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:10:43.0812 7416 MSPCLOCK - ok
19:10:43.0827 7416 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:10:43.0843 7416 MSPQM - ok
19:10:43.0858 7416 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:10:43.0874 7416 MsRPC - ok
19:10:43.0890 7416 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:10:43.0905 7416 mssmbios - ok
19:10:43.0905 7416 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:10:43.0952 7416 MSTEE - ok
19:10:43.0968 7416 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:10:43.0999 7416 MTConfig - ok
19:10:44.0030 7416 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:10:44.0046 7416 Mup - ok
19:10:44.0186 7416 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:10:44.0389 7416 MyWiFiDHCPDNS - ok
19:10:44.0467 7416 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:10:44.0514 7416 napagent - ok
19:10:44.0560 7416 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:10:44.0576 7416 NativeWifiP - ok
19:10:44.0654 7416 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:10:44.0716 7416 NDIS - ok
19:10:44.0779 7416 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:10:44.0794 7416 NdisCap - ok
19:10:44.0826 7416 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:10:44.0857 7416 NdisTapi - ok
19:10:44.0872 7416 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:10:44.0904 7416 Ndisuio - ok
19:10:44.0935 7416 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:10:44.0950 7416 NdisWan - ok
19:10:44.0966 7416 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:10:44.0997 7416 NDProxy - ok
19:10:45.0013 7416 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:10:45.0028 7416 NetBIOS - ok
19:10:45.0044 7416 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:10:45.0075 7416 NetBT - ok
19:10:45.0075 7416 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:10:45.0091 7416 Netlogon - ok
19:10:45.0122 7416 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:10:45.0169 7416 Netman - ok
19:10:45.0216 7416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:10:45.0247 7416 NetMsmqActivator - ok
19:10:45.0247 7416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:10:45.0278 7416 NetPipeActivator - ok
19:10:45.0278 7416 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:10:45.0309 7416 netprofm - ok
19:10:45.0309 7416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:10:45.0325 7416 NetTcpActivator - ok
19:10:45.0325 7416 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:10:45.0325 7416 NetTcpPortSharing - ok
19:10:45.0559 7416 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
19:10:45.0824 7416 NETwNs64 - ok
19:10:45.0855 7416 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:10:45.0855 7416 nfrd960 - ok
19:10:45.0918 7416 [ 7CA60459A9576ED86C5181F138C9B383 ] nidimk C:\Windows\system32\drivers\nidimkl.sys
19:10:45.0933 7416 nidimk - ok
19:10:46.0027 7416 [ 7F54EC83B7C3C47AD7A04887749414A1 ] niLXIDiscovery C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
19:10:46.0058 7416 niLXIDiscovery - ok
19:10:46.0136 7416 [ 11E7FF3D071099A44FFE8CC5777331D4 ] nimDNSResponder C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
19:10:46.0183 7416 nimDNSResponder - ok
19:10:46.0198 7416 [ CA6882D4A8FBD313D2B4694154F1182B ] niorbk C:\Windows\system32\drivers\niorbkl.sys
19:10:46.0230 7416 niorbk - ok
19:10:46.0261 7416 [ 014FFDAAC0B9102E5CCDAFB0031D4DBE ] nipalfwedl C:\Windows\system32\drivers\nipalfwedl.sys
19:10:46.0292 7416 nipalfwedl - ok
19:10:46.0339 7416 [ 80BAF14346CE77968938D736371A5E58 ] NIPALK C:\Windows\system32\drivers\nipalk.sys
19:10:46.0386 7416 NIPALK - ok
19:10:46.0448 7416 [ 5E624C0A8445FFA6E34862C7B82830C1 ] nipalusbedl C:\Windows\system32\drivers\nipalusbedl.sys
19:10:46.0464 7416 nipalusbedl - ok
19:10:46.0495 7416 [ 0AEF3D16A49AB7DBA0C2D96588980F69 ] nipbcfk C:\Windows\system32\drivers\nipbcfk.sys
19:10:46.0495 7416 nipbcfk - ok
19:10:46.0573 7416 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:10:46.0604 7416 NisDrv - ok
19:10:46.0651 7416 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:10:46.0682 7416 NisSrv - ok
19:10:46.0760 7416 niSvcLoc - ok
19:10:46.0791 7416 [ 3F53966676F2B542286D0A1803D6215A ] NiViFWK C:\Windows\system32\drivers\NiViFWKl.sys
19:10:46.0807 7416 NiViFWK - ok
19:10:46.0854 7416 [ A3576E22642DDC8ADF26AE4E66A52D57 ] NiViPciK C:\Windows\system32\drivers\NiViPciKl.sys
19:10:46.0869 7416 NiViPciK - ok
19:10:46.0885 7416 [ 7D7750FDEF630644091E2A5DD86D3070 ] NiViPxiK C:\Windows\system32\drivers\NiViPxiKl.sys
19:10:46.0916 7416 NiViPxiK - ok
19:10:46.0994 7416 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:10:47.0041 7416 NlaSvc - ok
19:10:47.0072 7416 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:10:47.0134 7416 Npfs - ok
19:10:47.0181 7416 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:10:47.0244 7416 nsi - ok
19:10:47.0259 7416 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:10:47.0290 7416 nsiproxy - ok
19:10:47.0368 7416 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:10:47.0431 7416 Ntfs - ok
19:10:47.0618 7416 [ A773AA47341A1FD16C6A9BA3C11D7DAA ] ntk_PowerDVD12 C:\Program Files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
19:10:47.0634 7416 ntk_PowerDVD12 - ok
19:10:47.0696 7416 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:10:47.0758 7416 Null - ok
19:10:47.0790 7416 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:10:47.0805 7416 nusb3hub - ok
19:10:47.0836 7416 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:10:47.0868 7416 nusb3xhc - ok
19:10:47.0930 7416 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:10:47.0961 7416 NVHDA - ok
19:10:48.0039 7416 [ 5AA24BDF21D995D8E48747074C7C7018 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
19:10:48.0070 7416 nvkflt - ok
19:10:48.0258 7416 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:10:48.0538 7416 nvlddmkm - ok
19:10:48.0554 7416 [ 6D785C898F9D70905A90655F4D0D0AFB ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:10:48.0585 7416 nvpciflt - ok
19:10:48.0616 7416 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:10:48.0648 7416 nvraid - ok
19:10:48.0663 7416 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:10:48.0679 7416 nvstor - ok
19:10:48.0694 7416 [ 9E01B716C8085F7ADB1CDC10103CEEF8 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
19:10:48.0726 7416 NvStUSB - ok
19:10:48.0819 7416 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:10:48.0866 7416 nvsvc - ok
19:10:48.0913 7416 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:10:48.0960 7416 nvUpdatusService - ok
19:10:49.0022 7416 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:10:49.0053 7416 nv_agp - ok
19:10:49.0053 7416 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:10:49.0069 7416 ohci1394 - ok
19:10:49.0147 7416 [ 5A7BCFB4A13615F23E7D9D06D10AEDA8 ] OpenVPNService C:\Program Files\OpenVPN\bin\openvpnserv.exe
19:10:49.0318 7416 OpenVPNService - ok
19:10:49.0381 7416 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:10:49.0412 7416 ose - ok
19:10:49.0568 7416 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:10:49.0693 7416 osppsvc - ok
19:10:49.0724 7416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:10:49.0802 7416 p2pimsvc - ok
19:10:49.0864 7416 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:10:49.0911 7416 p2psvc - ok
19:10:49.0942 7416 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:10:49.0942 7416 Parport - ok
19:10:49.0974 7416 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:10:49.0989 7416 partmgr - ok
19:10:50.0005 7416 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:10:50.0020 7416 PcaSvc - ok
19:10:50.0036 7416 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:10:50.0052 7416 pci - ok
19:10:50.0067 7416 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:10:50.0083 7416 pciide - ok
19:10:50.0098 7416 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:10:50.0098 7416 pcmcia - ok
19:10:50.0114 7416 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:10:50.0130 7416 pcw - ok
19:10:50.0239 7416 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
19:10:50.0535 7416 PDF Architect Helper Service - ok
19:10:50.0566 7416 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
19:10:50.0754 7416 PDF Architect Service - ok
19:10:50.0847 7416 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:10:50.0894 7416 PEAUTH - ok
19:10:50.0941 7416 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:10:50.0972 7416 PerfHost - ok
19:10:51.0034 7416 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:10:51.0112 7416 pla - ok
19:10:51.0144 7416 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:10:51.0206 7416 PlugPlay - ok
19:10:51.0253 7416 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:10:51.0284 7416 PNRPAutoReg - ok
19:10:51.0300 7416 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:10:51.0315 7416 PNRPsvc - ok
19:10:51.0346 7416 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:10:51.0378 7416 PolicyAgent - ok
19:10:51.0393 7416 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
19:10:51.0440 7416 Power - ok
19:10:51.0471 7416 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:10:51.0518 7416 PptpMiniport - ok
19:10:51.0534 7416 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:10:51.0549 7416 Processor - ok
19:10:51.0596 7416 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:10:51.0643 7416 ProfSvc - ok
19:10:51.0690 7416 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:10:51.0721 7416 ProtectedStorage - ok
19:10:51.0721 7416 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:10:51.0752 7416 Psched - ok
19:10:51.0814 7416 [ F3A3C10E20AB29925000EDFF0CC23022 ] pspdisp C:\Windows\system32\DRIVERS\pspdisp_x64.sys
19:10:51.0846 7416 pspdisp ( UnsignedFile.Multi.Generic ) - warning
19:10:51.0846 7416 pspdisp - detected UnsignedFile.Multi.Generic (1)
19:10:51.0892 7416 [ 3DF18A193C758BE8E610B01331C237FB ] pwdrvio C:\Windows\system32\pwdrvio.sys
19:10:51.0970 7416 pwdrvio - ok
19:10:52.0002 7416 [ 1EBD98FB3B567C552C9C85AB73729AEC ] pwdspio C:\Windows\system32\pwdspio.sys
19:10:52.0048 7416 pwdspio - ok
19:10:52.0095 7416 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
19:10:52.0126 7416 PxHlpa64 - ok
19:10:52.0158 7416 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
19:10:52.0173 7416 qicflt - ok
19:10:52.0236 7416 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:10:52.0329 7416 ql2300 - ok
19:10:52.0392 7416 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:10:52.0423 7416 ql40xx - ok
19:10:52.0516 7416 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:10:52.0563 7416 QWAVE - ok
19:10:52.0563 7416 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:10:52.0579 7416 QWAVEdrv - ok
19:10:52.0594 7416 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:10:52.0610 7416 RasAcd - ok
19:10:52.0657 7416 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:10:52.0704 7416 RasAgileVpn - ok
19:10:52.0719 7416 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:10:52.0750 7416 RasAuto - ok
19:10:52.0766 7416 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:10:52.0782 7416 Rasl2tp - ok
19:10:52.0813 7416 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:10:52.0891 7416 RasMan - ok
19:10:52.0906 7416 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:10:52.0938 7416 RasPppoe - ok
19:10:52.0938 7416 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:10:52.0969 7416 RasSstp - ok
19:10:52.0984 7416 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:10:53.0016 7416 rdbss - ok
19:10:53.0031 7416 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:10:53.0031 7416 rdpbus - ok
19:10:53.0047 7416 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:10:53.0078 7416 RDPCDD - ok
19:10:53.0094 7416 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:10:53.0109 7416 RDPENCDD - ok
19:10:53.0125 7416 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:10:53.0156 7416 RDPREFMP - ok
19:10:53.0203 7416 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:10:53.0296 7416 RDPWD - ok
19:10:53.0312 7416 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:10:53.0343 7416 rdyboost - ok
19:10:53.0406 7416 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:10:53.0437 7416 RegSrvc - ok
19:10:53.0452 7416 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:10:53.0484 7416 RemoteAccess - ok
19:10:53.0499 7416 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:10:53.0530 7416 RemoteRegistry - ok
19:10:53.0577 7416 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:10:53.0608 7416 RFCOMM - ok
19:10:53.0749 7416 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
19:10:53.0780 7416 RoxMediaDB12OEM - ok
19:10:53.0796 7416 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
19:10:53.0796 7416 RoxWatch12 - ok
19:10:53.0827 7416 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:10:53.0858 7416 RpcEptMapper - ok
19:10:53.0874 7416 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:10:53.0889 7416 RpcLocator - ok
19:10:53.0889 7416 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:10:53.0920 7416 RpcSs - ok
19:10:53.0952 7416 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:10:54.0014 7416 rspndr - ok
19:10:54.0061 7416 [ B88880586ACD3EDEFCD0F9C2A6C1EE27 ] RTL2832UBDA C:\Windows\system32\drivers\RTL2832UBDA.sys
19:10:54.0092 7416 RTL2832UBDA - ok
19:10:54.0123 7416 [ 4C04300EE6A5E780FD4E2F0806AECA0E ] RTL2832UUSB C:\Windows\system32\Drivers\RTL2832UUSB.sys
19:10:54.0154 7416 RTL2832UUSB - ok
19:10:54.0201 7416 [ C24DF587D59345FCA718FE550EB036D7 ] RTL2832U_IRHID C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys
19:10:54.0217 7416 RTL2832U_IRHID - ok
19:10:54.0264 7416 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:10:54.0310 7416 RTL8167 - ok
19:10:54.0373 7416 [ 4C7208C4B79FFB6DFC21544C7AFEA2FF ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
19:10:54.0404 7416 s1018bus - ok
19:10:54.0435 7416 [ FA46A4E56DA243557C40864290344F3A ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:10:54.0435 7416 s1018mdfl - ok
19:10:54.0451 7416 [ A86CD4DB33B995594371C8027107C93A ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
19:10:54.0482 7416 s1018mdm - ok
19:10:54.0498 7416 [ F381FF7A4AE2D5263D62A45C90CD4B4E ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:10:54.0513 7416 s1018mgmt - ok
19:10:54.0529 7416 [ 75F6D0A296643613C3BC901785A0734B ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
19:10:54.0560 7416 s1018nd5 - ok
19:10:54.0576 7416 [ DE82EF18122C0C1D00350314465A7433 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
19:10:54.0576 7416 s1018obex - ok
19:10:54.0591 7416 [ 965989F9EF90CA5094B9EBC738377E32 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
19:10:54.0591 7416 s1018unic - ok
19:10:54.0622 7416 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:10:54.0638 7416 SamSs - ok
19:10:54.0654 7416 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:10:54.0669 7416 sbp2port - ok
19:10:54.0685 7416 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:10:54.0716 7416 SCardSvr - ok
19:10:54.0732 7416 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:10:54.0747 7416 scfilter - ok
19:10:54.0778 7416 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:10:54.0825 7416 Schedule - ok
19:10:54.0856 7416 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:10:54.0888 7416 SCPolicySvc - ok
19:10:54.0950 7416 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:10:54.0997 7416 sdbus - ok
19:10:55.0028 7416 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:10:55.0090 7416 SDRSVC - ok
19:10:55.0122 7416 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:10:55.0168 7416 secdrv - ok
19:10:55.0200 7416 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:10:55.0215 7416 seclogon - ok
19:10:55.0246 7416 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:10:55.0262 7416 SENS - ok
19:10:55.0278 7416 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:10:55.0293 7416 SensrSvc - ok
19:10:55.0324 7416 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:10:55.0356 7416 Serenum - ok
19:10:55.0356 7416 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:10:55.0371 7416 Serial - ok
19:10:55.0387 7416 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:10:55.0402 7416 sermouse - ok
19:10:55.0418 7416 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:10:55.0449 7416 SessionEnv - ok
19:10:55.0465 7416 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:10:55.0480 7416 sffdisk - ok
19:10:55.0480 7416 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:10:55.0527 7416 sffp_mmc - ok
19:10:55.0527 7416 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:10:55.0543 7416 sffp_sd - ok
19:10:55.0558 7416 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:10:55.0574 7416 sfloppy - ok
19:10:55.0590 7416 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:10:55.0652 7416 SharedAccess - ok
19:10:55.0683 7416 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:10:55.0746 7416 ShellHWDetection - ok
19:10:55.0808 7416 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
19:10:55.0886 7416 silabenm - ok
19:10:55.0933 7416 [ 447209C314E6E0D26E01962075802B18 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
19:10:55.0980 7416 silabser - ok
19:10:56.0026 7416 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:10:56.0042 7416 SiSRaid2 - ok
19:10:56.0073 7416 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:10:56.0089 7416 SiSRaid4 - ok
19:10:56.0120 7416 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:10:56.0167 7416 Smb - ok
19:10:56.0260 7416 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:10:56.0292 7416 SNMPTRAP - ok
19:10:56.0338 7416 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
19:10:56.0370 7416 speedfan - ok
19:10:56.0385 7416 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:10:56.0385 7416 spldr - ok
19:10:56.0448 7416 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:10:56.0557 7416 Spooler - ok
19:10:56.0666 7416 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:10:56.0791 7416 sppsvc - ok
19:10:56.0806 7416 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:10:56.0838 7416 sppuinotify - ok
19:10:56.0869 7416 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:10:56.0900 7416 srv - ok
19:10:56.0931 7416 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:10:56.0978 7416 srv2 - ok
19:10:57.0009 7416 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:10:57.0040 7416 srvnet - ok
19:10:57.0072 7416 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:10:57.0118 7416 SSDPSRV - ok
19:10:57.0150 7416 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:10:57.0181 7416 SstpSvc - ok
19:10:57.0228 7416 [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:10:57.0228 7416 ssudmdm - ok
19:10:57.0259 7416 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
19:10:57.0290 7416 stdcfltn - ok
19:10:57.0337 7416 Steam Client Service - ok
19:10:57.0384 7416 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:10:57.0430 7416 Stereo Service - ok
19:10:57.0446 7416 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:10:57.0477 7416 stexstor - ok
19:10:57.0586 7416 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:10:57.0633 7416 stisvc - ok
19:10:57.0649 7416 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:10:57.0680 7416 swenum - ok
19:10:57.0836 7416 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
19:10:57.0852 7416 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
19:10:57.0852 7416 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
19:10:57.0883 7416 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:10:57.0945 7416 swprv - ok
19:10:58.0008 7416 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:10:58.0054 7416 SynTP - ok
19:10:58.0086 7416 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:10:58.0164 7416 SysMain - ok
19:10:58.0164 7416 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:10:58.0179 7416 TabletInputService - ok
19:10:58.0242 7416 [ D0B07EED9DDEC5C69521C689B7BF455F ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
19:10:58.0288 7416 tap0901 - ok
19:10:58.0320 7416 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:10:58.0366 7416 TapiSrv - ok
19:10:58.0444 7416 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:10:58.0491 7416 TBS - ok
19:10:58.0569 7416 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:10:58.0632 7416 Tcpip - ok
19:10:58.0694 7416 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:10:58.0725 7416 TCPIP6 - ok
19:10:58.0772 7416 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:10:58.0803 7416 tcpipreg - ok
19:10:58.0834 7416 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:10:58.0866 7416 TDPIPE - ok
19:10:58.0897 7416 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:10:58.0912 7416 TDTCP - ok
19:10:58.0928 7416 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:10:58.0944 7416 tdx - ok
19:10:59.0162 7416 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
19:10:59.0271 7416 TeamViewer8 - ok
19:10:59.0287 7416 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:10:59.0302 7416 TermDD - ok
19:10:59.0365 7416 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:10:59.0443 7416 TermService - ok
19:10:59.0458 7416 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:10:59.0458 7416 Themes - ok
19:10:59.0490 7416 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:10:59.0521 7416 THREADORDER - ok
19:10:59.0521 7416 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:10:59.0552 7416 TrkWks - ok
19:10:59.0599 7416 [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
19:10:59.0599 7416 truecrypt - ok
19:10:59.0724 7416 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:10:59.0770 7416 TrustedInstaller - ok
19:10:59.0786 7416 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:10:59.0817 7416 tssecsrv - ok
19:10:59.0848 7416 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:10:59.0864 7416 TsUsbFlt - ok
19:10:59.0880 7416 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:10:59.0911 7416 TsUsbGD - ok
19:10:59.0926 7416 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:10:59.0958 7416 tunnel - ok
19:11:00.0004 7416 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:11:00.0051 7416 TurboB - ok
19:11:00.0082 7416 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:11:00.0114 7416 TurboBoost - ok
19:11:00.0129 7416 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:11:00.0129 7416 uagp35 - ok
19:11:00.0145 7416 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:11:00.0176 7416 udfs - ok
19:11:00.0207 7416 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:11:00.0238 7416 UI0Detect - ok
19:11:00.0254 7416 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:11:00.0285 7416 uliagpkx - ok
19:11:00.0316 7416 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:11:00.0348 7416 umbus - ok
19:11:00.0363 7416 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:11:00.0379 7416 UmPass - ok
19:11:00.0488 7416 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:11:00.0566 7416 UMVPFSrv - ok
19:11:00.0738 7416 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:11:00.0847 7416 UNS - ok
19:11:00.0894 7416 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:11:00.0956 7416 upnphost - ok
19:11:01.0018 7416 [ 9494736E4865F9B3A0A525EE9AB0D991 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA64.sys
19:11:01.0065 7416 USB28xxBGA - ok
19:11:01.0112 7416 [ 612FC1CB117CCF62D3C55488C8AEBD82 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM64.sys
19:11:01.0174 7416 USB28xxOEM - ok
19:11:01.0206 7416 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:11:01.0237 7416 usbaudio - ok
19:11:01.0268 7416 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:11:01.0299 7416 usbccgp - ok
19:11:01.0330 7416 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:11:01.0377 7416 usbcir - ok
19:11:01.0393 7416 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:11:01.0408 7416 usbehci - ok
19:11:01.0455 7416 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:11:01.0486 7416 usbhub - ok
19:11:01.0564 7416 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:11:01.0596 7416 usbohci - ok
19:11:01.0627 7416 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:11:01.0658 7416 usbprint - ok
19:11:01.0705 7416 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:11:01.0736 7416 usbscan - ok
19:11:01.0783 7416 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys
19:11:01.0814 7416 usbser - ok
19:11:01.0830 7416 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:11:01.0892 7416 USBSTOR - ok
19:11:01.0908 7416 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:11:01.0923 7416 usbuhci - ok
19:11:01.0954 7416 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:11:01.0986 7416 usbvideo - ok
19:11:02.0048 7416 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
19:11:02.0110 7416 usb_rndisx - ok
19:11:02.0126 7416 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:11:02.0188 7416 UxSms - ok
19:11:02.0204 7416 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:11:02.0204 7416 VaultSvc - ok
19:11:02.0298 7416 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:11:02.0313 7416 vdrvroot - ok
19:11:02.0344 7416 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:11:02.0376 7416 vds - ok
19:11:02.0391 7416 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:11:02.0407 7416 vga - ok
19:11:02.0407 7416 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:11:02.0438 7416 VgaSave - ok
19:11:02.0454 7416 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:11:02.0469 7416 vhdmp - ok
19:11:02.0485 7416 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:11:02.0485 7416 viaide - ok
19:11:02.0547 7416 [ 6DC5D9A5BBA6A858D06B7ABEFBA1A1E6 ] vidsflt58 C:\Windows\system32\DRIVERS\vsflt58.sys
19:11:02.0563 7416 vidsflt58 - ok
19:11:02.0578 7416 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:11:02.0594 7416 volmgr - ok
19:11:02.0610 7416 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:11:02.0625 7416 volmgrx - ok
19:11:02.0641 7416 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:11:02.0656 7416 volsnap - ok
19:11:02.0672 7416 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:11:02.0688 7416 vsmraid - ok
19:11:02.0750 7416 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:11:02.0812 7416 VSS - ok
19:11:02.0828 7416 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:11:02.0844 7416 vwifibus - ok
19:11:02.0859 7416 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:11:02.0875 7416 vwififlt - ok
19:11:02.0906 7416 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:11:02.0937 7416 vwifimp - ok
19:11:02.0953 7416 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:11:03.0000 7416 W32Time - ok
19:11:03.0015 7416 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:11:03.0015 7416 WacomPen - ok
19:11:03.0046 7416 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:11:03.0093 7416 WANARP - ok
19:11:03.0109 7416 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:11:03.0140 7416 Wanarpv6 - ok
19:11:03.0218 7416 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:11:03.0280 7416 WatAdminSvc - ok
19:11:03.0343 7416 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:11:03.0468 7416 wbengine - ok
19:11:03.0483 7416 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:11:03.0514 7416 WbioSrvc - ok
19:11:03.0530 7416 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:11:03.0546 7416 wcncsvc - ok
19:11:03.0561 7416 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:11:03.0592 7416 WcsPlugInService - ok
19:11:03.0608 7416 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:11:03.0639 7416 Wd - ok
19:11:03.0702 7416 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:11:03.0748 7416 Wdf01000 - ok
19:11:03.0764 7416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:11:03.0842 7416 WdiServiceHost - ok
19:11:03.0842 7416 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:11:03.0858 7416 WdiSystemHost - ok
19:11:03.0889 7416 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:11:03.0936 7416 WebClient - ok
19:11:03.0936 7416 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:11:03.0967 7416 Wecsvc - ok
19:11:03.0982 7416 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:11:04.0014 7416 wercplsupport - ok
19:11:04.0029 7416 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:11:04.0060 7416 WerSvc - ok
19:11:04.0092 7416 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:11:04.0123 7416 WfpLwf - ok
19:11:04.0138 7416 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:11:04.0154 7416 WimFltr - ok
19:11:04.0170 7416 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:11:04.0185 7416 WIMMount - ok
19:11:04.0185 7416 WinDefend - ok
19:11:04.0232 7416 [ 7922583C802203A54CDD47D9ECF028F2 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
19:11:04.0279 7416 WinDriver6 - ok
19:11:04.0279 7416 WinHttpAutoProxySvc - ok
19:11:04.0326 7416 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:11:04.0372 7416 Winmgmt - ok
19:11:04.0482 7416 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:11:04.0575 7416 WinRM - ok
19:11:04.0653 7416 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
19:11:04.0684 7416 WinUSB - ok
19:11:04.0747 7416 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:11:04.0809 7416 Wlansvc - ok
19:11:04.0840 7416 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:11:04.0856 7416 wlcrasvc - ok
19:11:05.0012 7416 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:11:05.0090 7416 wlidsvc - ok
19:11:05.0121 7416 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:11:05.0121 7416 WmiAcpi - ok
19:11:05.0152 7416 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:11:05.0184 7416 wmiApSrv - ok
19:11:05.0215 7416 WMPNetworkSvc - ok
19:11:05.0230 7416 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:11:05.0293 7416 WPCSvc - ok
19:11:05.0308 7416 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:11:05.0355 7416 WPDBusEnum - ok
19:11:05.0386 7416 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:11:05.0402 7416 ws2ifsl - ok
19:11:05.0418 7416 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:11:05.0433 7416 wscsvc - ok
19:11:05.0480 7416 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:11:05.0511 7416 WSDPrintDevice - ok
19:11:05.0558 7416 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:11:05.0589 7416 WSDScan - ok
19:11:05.0589 7416 WSearch - ok
19:11:05.0667 7416 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:11:05.0761 7416 wuauserv - ok
19:11:05.0792 7416 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:11:05.0870 7416 WudfPf - ok
19:11:05.0886 7416 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:11:05.0901 7416 WUDFRd - ok
19:11:05.0932 7416 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:11:05.0979 7416 wudfsvc - ok
19:11:06.0010 7416 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:11:06.0042 7416 WwanSvc - ok
19:11:06.0104 7416 [ EC760BEE30B167A04A246C29F1A8E120 ] X10Hid C:\Windows\system32\Drivers\x10hid.sys
19:11:06.0135 7416 X10Hid - ok
19:11:06.0213 7416 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
19:11:06.0213 7416 x10nets ( UnsignedFile.Multi.Generic ) - warning
19:11:06.0213 7416 x10nets - detected UnsignedFile.Multi.Generic (1)
19:11:06.0276 7416 [ 0D7D5DEF542CF01AD9665F398A0D0C78 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
19:11:06.0338 7416 XilinxPC4Driver - ok
19:11:06.0369 7416 [ 6533F30045B0A234783BD8B4069F0433 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
19:11:06.0400 7416 XUIF - ok
19:11:06.0525 7416 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
19:11:06.0744 7416 ZeroConfigService - ok
19:11:06.0931 7416 [ 6F610F00DC6B4489811EDCBC76D3EBA6 ] {73526619-C24F-470B-9BED-53D455FBB5C6} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
19:11:06.0962 7416 {73526619-C24F-470B-9BED-53D455FBB5C6} - ok
19:11:07.0009 7416 ================ Scan global ===============================
19:11:07.0024 7416 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:11:07.0071 7416 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:11:07.0087 7416 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:11:07.0134 7416 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:11:07.0165 7416 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:11:07.0180 7416 [Global] - ok
19:11:07.0180 7416 ================ Scan MBR ==================================
19:11:07.0196 7416 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:11:07.0680 7416 \Device\Harddisk0\DR0 - ok
19:11:07.0680 7416 [ 23B571400A29918F5392F6E85EEB756E ] \Device\Harddisk1\DR2
19:11:07.0867 7416 \Device\Harddisk1\DR2 - ok
19:11:07.0867 7416 ================ Scan VBR ==================================
19:11:07.0882 7416 [ 8A9760753562607CDB332F0AB8719765 ] \Device\Harddisk0\DR0\Partition1
19:11:07.0882 7416 \Device\Harddisk0\DR0\Partition1 - ok
19:11:07.0929 7416 [ 7CE580896869058FD5E9E9465BA2BABA ] \Device\Harddisk0\DR0\Partition2
19:11:07.0929 7416 \Device\Harddisk0\DR0\Partition2 - ok
19:11:07.0945 7416 [ 7A3C30F9473AD9D417D7E1C38462990D ] \Device\Harddisk1\DR2\Partition1
19:11:07.0945 7416 \Device\Harddisk1\DR2\Partition1 - ok
19:11:07.0945 7416 ============================================================
19:11:07.0945 7416 Scan finished
19:11:07.0945 7416 ============================================================
19:11:07.0960 7408 Detected object count: 6
19:11:07.0960 7408 Actual detected object count: 6
19:11:36.0181 7408 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:11:36.0181 7408 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:36.0181 7408 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 mi-raysat_3dsmax2012_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:36.0181 7408 pspdisp ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 pspdisp ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:36.0181 7408 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:11:36.0181 7408 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
19:11:36.0181 7408 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2013, 17:16
| #14 |
| /// Malware-holic | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys hmm stell sie mal wieder richtig ein. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 21:58
| #15 |
| | Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sysCode:
ATTFilter ComboFix 13-06-08.02 - MLeo 12.06.2013 23:34:49.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8086.4941 [GMT 2:00]
ausgeführt von:: c:\users\MLeo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\go_0molg.pad
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\Roaming
c:\programdata\z7_0ytr.pad
c:\users\MLeo\AppData\Local\assembly\tmp
c:\users\MLeo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Battery_Meter_V1.0.gadget
c:\users\MLeo\AppData\Roaming\Love
c:\users\MLeo\AppData\Roaming\Love\mari0\options.txt
c:\windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-12 21:49 . 2013-06-12 21:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-12 21:49 . 2013-06-12 21:49 -------- d-----w- c:\users\test\AppData\Local\temp
2013-06-12 21:49 . 2013-06-12 21:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 15:37 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEF4379E-5D60-41B6-A27A-83708C9E0CE8}\mpengine.dll
2013-06-11 15:41 . 2013-06-11 15:41 -------- d-----w- c:\programdata\pnqu
2013-06-10 19:58 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-06 01:05 . 2013-06-06 01:05 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 17:40 . 2013-06-05 17:40 -------- d-----w- c:\program files\x264vfw64
2013-05-30 17:00 . 2013-05-30 17:00 -------- d-----w- c:\users\MLeo\AppData\Local\Deshaker
2013-05-30 16:58 . 2013-05-27 13:08 127488 ----a-w- c:\windows\system32\ff_vfw.dll
2013-05-30 16:58 . 2013-05-30 16:58 -------- d-----w- c:\program files\ffdshow
2013-05-30 08:46 . 2013-04-03 07:58 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-05-30 08:46 . 2013-04-03 07:58 103064 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-05-29 16:25 . 2013-05-29 16:25 -------- d-----w- c:\users\MLeo\AppData\Roaming\NCH Software
2013-05-29 16:25 . 2013-05-29 16:25 -------- d-----w- c:\programdata\NCH Software
2013-05-29 16:25 . 2013-05-29 16:25 -------- d-----w- c:\program files (x86)\NCH Software
2013-05-21 15:46 . 2013-05-21 15:46 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4C0677F-50BC-40C5-BA93-A83DB80199AE}\gapaengine.dll
2013-05-19 17:28 . 2013-05-19 17:28 -------- d-----w- c:\program files\Schulze
2013-05-15 19:17 . 2013-05-15 19:17 -------- d-----w- c:\programdata\WatchMyCam
2013-05-15 19:17 . 2013-05-15 19:17 -------- d-----w- c:\program files (x86)\WatchMyCam
2013-05-15 05:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 05:36 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 05:36 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 05:36 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 05:36 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 05:36 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 05:36 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 05:36 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 05:36 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 05:35 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 05:35 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 05:35 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-14 20:14 . 2013-05-14 20:14 -------- d-----w- c:\program files (x86)\Dorgem
2013-05-14 15:25 . 2013-05-14 15:30 -------- d-----w- c:\users\MLeo\.yawcam
2013-05-14 15:25 . 2013-05-14 15:25 -------- d-----w- c:\program files (x86)\Yawcam
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 16:57 . 2012-03-31 17:13 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 16:57 . 2012-02-03 09:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 09:03 . 2012-02-06 16:11 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 08:36 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 07:57 . 2013-05-10 07:57 27208 ----a-w- c:\windows\system32\AdobePDFUI.dll
2013-05-10 07:57 . 2013-05-10 07:57 55872 ----a-w- c:\windows\system32\AdobePDF.dll
2013-05-09 07:46 . 2013-03-06 14:13 73216 ----a-w- c:\windows\system32\drivers\silabser.sys
2013-05-09 07:46 . 2013-03-06 14:13 27336 ----a-w- c:\windows\system32\drivers\silabenm.sys
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 12:17 . 2012-02-07 09:55 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-04-25 07:57 . 2012-06-24 09:57 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-15 14:15 . 2012-02-06 20:02 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-04-15 14:15 . 2012-02-06 18:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-15 14:14 . 2012-02-11 14:15 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-04-13 05:49 . 2013-05-15 05:36 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 05:36 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 05:36 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 05:36 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 05:36 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 05:36 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 05:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-24 16:10 . 2012-02-06 18:33 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-24 16:09 . 2012-02-06 20:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-03-24 16:09 . 2012-02-06 18:32 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-23 03:10 . 2013-03-23 03:10 1533512 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2013-03-23 03:10 . 2013-03-23 03:10 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-03-19 06:04 . 2013-04-10 11:07 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:07 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:07 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:07 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:07 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:07 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-15 05:53 . 2013-04-06 16:19 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-15 05:53 . 2013-04-06 16:19 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-01-31 17146504]
"Akamai NetSession Interface"="c:\users\MLeo\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"WatchMyCam"="c:\program files (x86)\WatchMyCam\WatchMyCam.exe" [2013-01-24 8245760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-07-26 505872]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-07-26 374560]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2013-01-02 181360]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
.
c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AHK für kbdneo.lnk - c:\program files (x86)\Neo2\kbdneo_ahk.exe [2011-5-18 786458]
Dropbox.lnk - c:\users\MLeo\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-25 27776968]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-10-26 1017184]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
PSPdisp.lnk - c:\program files (x86)\PSPdisp\bin\app\PSPdisp.exe [2011-3-19 635392]
taskmgr.exe - Verknüpfung.lnk - c:\windows\System32\taskmgr.exe [2010-11-21 257024]
.
c:\users\MLeo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/03/01 13:35;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 mi-raysat_3dsmax2012_32;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 32-bit - English 32-bit;c:\program files (x86)\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe;c:\program files (x86)\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 ALSysIO;ALSysIO;c:\users\MLeo\AppData\Local\Temp\ALSysIO64.sys;c:\users\MLeo\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 E1USB;Renesas E-Series USB Driver;c:\windows\system32\DRIVERS\E1usb.sys;c:\windows\SYSNATIVE\DRIVERS\E1usb.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HPKBx64;HP Keyboard Smart Card Driver;c:\windows\system32\DRIVERS\HPKBx64.sys;c:\windows\SYSNATIVE\DRIVERS\HPKBx64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys;c:\windows\SYSNATIVE\drivers\nidimkl.sys [x]
R3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys;c:\windows\SYSNATIVE\drivers\nipalfwedl.sys [x]
R3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys;c:\windows\SYSNATIVE\drivers\nipalusbedl.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys;c:\windows\SYSNATIVE\drivers\NiViFWKl.sys [x]
R3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys;c:\windows\SYSNATIVE\drivers\NiViPciKl.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 pspdisp;pspdisp;c:\windows\system32\DRIVERS\pspdisp_x64.sys;c:\windows\SYSNATIVE\DRIVERS\pspdisp_x64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\System32\drivers\nipbcfk.sys;c:\windows\SYSNATIVE\drivers\nipbcfk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S0 vidsflt58;Acronis Disk Storage Filter (58);c:\windows\system32\DRIVERS\vsflt58.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt58.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/09/21 08:58];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 niLXIDiscovery;National Instruments LXI Discovery Service;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe;c:\program files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [x]
S2 nimDNSResponder;National Instruments mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys;c:\windows\SYSNATIVE\drivers\NiViPxiKl.sys [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\Cyberlink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\DRIVERS\AVer7231_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVer7231_x64.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys;c:\windows\SYSNATIVE\Drivers\x10hid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 43472606
*Deregistered* - 43472606
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:57]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:14]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 17:14]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735093373-3388944951-788291397-1001Core.job
- c:\users\MLeo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 19:41]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735093373-3388944951-788291397-1001UA.job
- c:\users\MLeo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 19:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\MLeo\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-28 172168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-28 400008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-28 441992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=a4a18c8e-9fd7-4aef-877e-d8f11cfd9e71&searchtype=ds&q={searchTerms}&installDate=11/03/2013
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\MLeo\AppData\Roaming\Mozilla\Firefox\Profiles\3suvc7ik.leer\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-POWER PLAN ASSISTANT - c:\program files\PowerPlanAssistant\PowerPlanAssistantLauncher.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 23:52:04
ComboFix-quarantined-files.txt 2013-06-12 21:52
.
Vor Suchlauf: 43 Verzeichnis(se), 204.663.484.416 Bytes frei
Nach Suchlauf: 48 Verzeichnis(se), 219.123.933.184 Bytes frei
.
- - End Of File - - B60FD79F7155747242E022CDC44B9750
D41D8CD98F00B204E9800998ECF8427E
|
|
| Themen zu Bildschirm komplett grau, Mauszeiger noch sichtbar, abgesicherter Modus -> BSOD cng.sys |
| abgesicherten, alten, bildschirm, deinstallation, einfangen, grau, guten, hilfreich, installiert, kis, komplett, maus, mauszeiger, modus, nichts, platte, rechner, regeln, sichtbar, strg, system, taskmanager, trojaner, ubuntu, woche, wochen |
WARNUNG an die MITLESER: 
Linear-Darstellung
