| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.06.2013, 12:14
| #1 |
| |  W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Guten Tag. Gestern waren bei mir in Firefox einzelne Wörter doppelt Unterstrichen und Grün markiert, beim Drüberfahren kamen dann irgendwelche Fenster mit Werbung. Avira AntiVirus hat das auch schnell beseitigen können, doch seitdem kommen im Minutentakt Meldungen, das TR/ATRAPS.Gen2 und TR/Sirefef.77312 gefunden werden. Bei der anschließenden raschen Systemüberprüfung komme ich schließlich immer zu W32/Patched.UC. Bei letzterem hab ich da aber schon ein bisschen "Angst", weil der dann doch schon ein bisschen gefährlicher ist als die anderen 2. Ich habe hier gelesen, dass AntiVirus W32/Patched.UC nicht löschen kann. Was kann ich also dagegen tun? Vor September will ich meinen Computer sowieso neu aufsetzen, aber ich will meine Daten "clean" haben - oder besteht da keine Gefahr, dass die irgendwie die Viruse (gibts davon überhaupt einen Plural?) "mitnehmen" könnten. Kann ich also ohne bedenken meine Daten sichern, oder muss ich zuerst diesen Virus eliminieren (nach der Anleitung von den Experten hier)? Wenn ersteres der Fall wäre, würde ich einfach jetzt schon den Computer neu aufsetzen. Ich bedanke mich jetzt schon für die Antworten! Lg. Geändert von Kagran (30.06.2013 um 12:21 Uhr) Grund: Edit |
|
30.06.2013, 12:59
| #2 |
| /// the machine /// TB-Ausbilder    | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
30.06.2013, 14:44
| #3 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Patrick (administrator) on 30-06-2013 15:38:29
Running from C:\Users\Patrick\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\system32\dmwu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Take-Two Interactive Software, Inc.) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A [2158592 2009-05-12] ()
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe" [x]
HKCU\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
HKCU\...\Run: [SearchProtect] C:\Users\Patrick\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-13] (Electronic Arts)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
MountPoints2: {472caee4-c6cc-11e1-a4a1-806e6f6e6963} - E:\autorun.exe
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [x]
HKLM-x32\...\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun [196784 2012-09-10] (OOO Industry)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-06-29] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: c:\progra~4\browse~1\261095~1.52\{c16c1~1\browse~1.dll [97280 2009-07-14] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={317B9779-4C5B-11E2-BC07-958A15D29700}
HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=f45bfddc000000000000062127e9074d
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: No Name - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
BHO-x32: SaveAs - {665AC9DA-6B9A-143E-6239-0B59E35A55E4} - C:\ProgramData\SaveAs\50d75f7471b2d.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: British English Dictionary (Updated) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\en-gb@flyingtophat.co.uk
FF Extension: No Name - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-06-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-06-29] (Avira Operations GmbH & Co. KG)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-24] ()
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [162072 2013-04-04] (TMRG, Inc.)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-31] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-29] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-30 12:05 - 2013-06-30 12:05 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 11:59 - 2013-06-30 15:28 - 00002266 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-28 19:01 - 2013-06-29 16:42 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\B1Toolbar
2013-06-26 14:12 - 2013-06-29 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:22 - 2013-06-27 17:38 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:26 - 2013-06-24 20:27 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:29 - 2013-06-24 14:32 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:16 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000543 ____A C:\Users\Public\Desktop\QSkope.lnk
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:05 - 2013-06-20 18:12 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:39 - 2013-06-17 21:11 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:35 - 2013-06-17 16:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:31 - 2013-06-17 16:33 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 18:37 - 2013-06-18 14:33 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 14:33 - 2013-06-08 15:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:27 - 2013-06-07 20:32 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 17:05 - 2013-06-06 20:06 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-04 17:27 - 2013-06-04 17:28 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
2013-06-02 20:02 - 2013-06-02 20:03 - 61189703 ____A C:\Users\Patrick\Downloads\Sea_Level_Addon_1.0.exe
2013-06-02 19:59 - 2013-06-02 19:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NASA
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\UpdatusUser\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\Patrick\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00000000 ____D C:\Program Files (x86)\NASA
2013-06-02 19:57 - 2013-06-02 19:58 - 16757793 ____A C:\Users\Patrick\Downloads\World_Wind_1.4.0_Full.exe
2013-06-02 13:55 - 2013-06-02 13:55 - 00017779 ____A C:\Users\Patrick\Downloads\mostwasted.zip
2013-05-31 20:49 - 2013-05-31 20:49 - 03819928 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.4_112.exe
==================== One Month Modified Files and Folders =======
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-30 15:31 - 2012-07-05 20:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2013-06-30 15:29 - 2012-10-01 14:41 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Dropbox
2013-06-30 15:28 - 2013-06-30 11:59 - 00002266 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-30 15:28 - 2012-10-01 18:09 - 00000000 ___RD C:\Users\Patrick\Dropbox
2013-06-30 15:27 - 2012-12-24 13:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-30 15:27 - 2012-12-23 21:44 - 00000364 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-06-30 15:27 - 2012-07-18 11:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-30 15:26 - 2012-08-09 13:15 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 15:26 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 15:25 - 2012-07-20 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 15:25 - 2009-07-14 06:51 - 00078824 ____A C:\Windows\setupact.log
2013-06-30 12:45 - 2012-08-09 13:15 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 12:42 - 2012-07-05 21:44 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 12:12 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 12:12 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 12:11 - 2012-07-05 20:52 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2013-06-30 12:05 - 2013-06-30 12:05 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 12:02 - 2012-07-05 20:10 - 01675214 ____A C:\Windows\WindowsUpdate.log
2013-06-30 11:58 - 2012-07-07 12:31 - 00072734 ____A C:\Windows\PFRO.log
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:34 - 2012-08-12 21:58 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 19:29 - 2012-07-06 15:40 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-06-29 18:36 - 2012-05-28 20:32 - 00000000 ___DC C:\tmp
2013-06-29 16:42 - 2013-06-28 19:01 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-06-29 16:08 - 2012-07-18 16:32 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-06-29 15:01 - 2012-07-21 17:58 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 13:05 - 2013-06-26 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-29 11:04 - 2009-07-14 06:45 - 05230272 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-28 19:16 - 2012-07-05 20:47 - 00147064 ____A C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-28 15:38 - 2012-08-22 21:40 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\FileZilla
2013-06-28 09:29 - 2013-01-12 11:27 - 00000000 ____D C:\Users\Patrick\Desktop\OMSI #2
2013-06-27 17:39 - 2012-12-29 20:05 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.minecraft
2013-06-27 17:38 - 2013-06-25 17:22 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-27 17:38 - 2013-04-01 13:19 - 00000000 ____D C:\Users\Patrick\Desktop\Cities in Motion 2
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\B1Toolbar
2013-06-26 14:09 - 2012-07-20 15:22 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-Targa-Format - Voreinstellungen
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ____D C:\ProgramData\Skype
2013-06-25 17:31 - 2012-10-12 17:14 - 02830848 __ASH C:\Users\Patrick\Documents\Thumbs.db
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-25 17:18 - 2012-07-05 20:31 - 00000000 ____D C:\users\Patrick
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:27 - 2013-06-24 20:26 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:35 - 2012-07-05 21:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 14:32 - 2013-06-24 14:29 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-21 18:57 - 2012-07-05 20:31 - 00000000 ____D C:\Users\Patrick\AppData\Local\VirtualStore
2013-06-20 18:12 - 2013-06-18 14:05 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:33 - 2013-06-08 18:37 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:18 - 2013-06-18 14:16 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000543 ____A C:\Users\Public\Desktop\QSkope.lnk
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:14 - 2012-07-06 17:05 - 00000000 ____D C:\Python26
2013-06-17 21:11 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:36 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:33 - 2013-06-17 16:31 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-16 11:17 - 2012-12-24 15:34 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-13 19:21 - 2010-09-14 16:21 - 00545218 ____A C:\Windows\DirectX.log
2013-06-13 19:02 - 2012-12-24 13:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-13 18:36 - 2012-12-24 13:26 - 00000000 ____D C:\Users\Patrick\AppData\Local\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-13 15:33 - 2012-07-21 17:57 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-06-13 14:14 - 2012-10-01 18:09 - 00001033 ____A C:\Users\Patrick\Desktop\Dropbox.lnk
2013-06-12 17:42 - 2012-07-05 21:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:42 - 2012-07-05 21:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 15:33 - 2013-06-08 14:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:32 - 2013-06-07 20:27 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 20:06 - 2013-06-06 17:05 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-06 17:06 - 2012-07-18 16:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Paint.NET
2013-06-04 17:28 - 2013-06-04 17:27 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
2013-06-02 20:03 - 2013-06-02 20:02 - 61189703 ____A C:\Users\Patrick\Downloads\Sea_Level_Addon_1.0.exe
2013-06-02 19:59 - 2013-06-02 19:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NASA
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\UpdatusUser\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\Patrick\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00000000 ____D C:\Program Files (x86)\NASA
2013-06-02 19:58 - 2013-06-02 19:57 - 16757793 ____A C:\Users\Patrick\Downloads\World_Wind_1.4.0_Full.exe
2013-06-02 13:55 - 2013-06-02 13:55 - 00017779 ____A C:\Users\Patrick\Downloads\mostwasted.zip
2013-05-31 20:51 - 2012-12-24 15:35 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-31 20:51 - 2012-12-24 14:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-31 20:50 - 2012-12-24 14:13 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-31 20:49 - 2013-05-31 20:49 - 03819928 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.4_112.exe
2013-05-31 14:17 - 2012-07-24 12:33 - 00000000 ____D C:\Users\Patrick\Desktop\OMSI
ZeroAccess:
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000004.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000008.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\000000cb.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000000.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000032.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
Files to move or delete:
====================
C:\Users\Public\AutoUpdate.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 17:37
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01
Ran by Patrick at 2013-06-30 15:41:46
Running from C:\Users\Patrick\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
[Sound Mod] Reality Sound Mod (RSM) for Cities In Motion 1.0.10 (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Activision(R) (x32 Version: 1.00.0000)
Adobe After Effects CS6 (x32 Version: 11)
Adobe AIR (x32 Version: 3.3.0.3650)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop CS6 (x32 Version: 13.0)
Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7)
aerosoft's - ICE1 (x32 Version: 1.00)
Apple Application Support (x32 Version: 2.1.7)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
Audiggle version 3.0.0.2 (x32 Version: 3.0.0.2)
Avidemux 2.6 (32-bit) (x32 Version: 2.6.3.8518)
Avira Free Antivirus (x32 Version: 13.0.0.3640)
B.U.S Client Software Version 2.1 (x32 Version: 2.1)
BAHN 3.86r3 (x32 Version: 3.86)
Battlefield 1942™ (x32 Version: 1.6.20.0)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.1.7)
Bentschen M1 (x32)
Benutzerhandbuch EPSON SX235 Series (x32)
Blender (remove only) (x32)
Blender (Version: 2.66a)
Blender NIF Scripts (remove only) (x32)
BVE - 81-717AVR vonat (HKCU)
BVE - Ev3AVR vonat (HKCU)
BVE 4 (x32 Version: 2.1.0)
BVE K-Ny-i metróvonal (HKCU)
BVE Millenniumi Földalatti Vasút (HKCU)
Bve trainsim 5 (x32 Version: 1.0.0)
Bve trainsim Keisei Chiba Line (x32 Version: 1.0.0)
BVE Uchibo Line (x32 Version: 2.0.1)
Camtasia Studio 7 (x32 Version: 7.0.1)
Cheat Engine 6.2 (x32)
Cities in Motion (x32)
Cities in Motion 2 (x32)
Crysis®3 (x32 Version: 1.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dropbox (HKCU Version: 2.0.22)
DTL OTMaster Light 2.0.0 (x32 Version: 2.0.0.0)
Ein Quantum Trost(TM) (x32 Version: 1.00.0000)
Endless Space (x32)
ESN Sonar (x32 Version: 0.70.4)
FileZilla Client 3.2.7.1 (x32 Version: 3.2.7.1)
FontForge 2012-07-31 (x32 Version: 2012-07-31)
Fotogalerie (x32 Version: 16.4.3503.0728)
Fraps (remove only) (x32)
Free YouTube to MP3 Converter version 3.11.36.1201 (x32 Version: 3.11.36.1201)
FSX - Airbus A320-200 Austrian Airlines (x32)
FSX - Airbus A320-200 Basepack v2 (x32)
gmax (x32 Version: 4.4.0.125)
Google Earth (x32 Version: 7.0.3.8542)
Google Update Helper (x32 Version: 1.3.21.145)
Grand Theft Auto (x32)
Grand Theft Auto IV (x32 Version: 1.0.0013.131)
Grand Theft Auto IV (x32 Version: 1.00.0000)
Granny Viewer 2.8.44.0 (x32 Version: 2.8.44.0)
GSFileViewer (x32 Version: 1.9.0)
Hex-Editor MX (x32 Version: 6.0)
HP Photo Creations (x32 Version: 1.0.0.3341)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (Version: 28.0.1315.0)
HP Photosmart 5520 series Hilfe (x32 Version: 27.0.0)
HP Update (x32 Version: 5.003.003.001)
IB Updater Service (x32 Version: 3.0.4.6)
Inkscape 0.48.4 (x32 Version: 0.48.4)
Internet Explorer Toolbar 4.6 by SweetPacks (x32 Version: 4.6.0004)
Java Auto Updater (x32 Version: 2.1.6.0)
Java(TM) 7 Update 3 (x32 Version: 7.0.30)
Java(TM) 7 Update 5 (64-bit) (Version: 7.0.50)
Java(TM) 7 Update 5 (x32 Version: 7.0.50)
JavaFX 2.1.1 (x32 Version: 2.1.1)
KC Softwares VideoInspector (x32)
Livestream Procaster (x32 Version: 20.3.0)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Loksim3D (Version: 2.8)
MapCreator 2 (x32 Version: 2.0)
M-Bahn-Triebwagen Hm05 (x32)
MetroSimulator Beta (x32 Version: 0.5.36)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X SDK (x32 Version: 1.00.0000)
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0)
Microsoft Flight Simulator X Service Pack 2 (x32 Version: 10.0.61472.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft PowerPoint Viewer (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (x32 Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (x32 Version: 10.0.30319)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft-Maus- und Tastatur-Center (Version: 2.0.161.0)
MinecraftAlpha (x32)
Movavi Video Converter 11 (x32 Version: 11.5.2)
Movie Maker (x32 Version: 16.4.3503.0728)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1108.0727)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
NASA World Wind 1.4 (x32)
Netzwerkhandbuch EPSON SX235 Series (x32)
NifSkope (remove only) (x32)
Notepad++ (x32 Version: 6.1.6)
NVIDIA 3D Vision Controller-Treiber 306.97 (Version: 306.97)
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Photoshop Plug-ins 64 bit (x32 Version: 8.50)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Texture Tools 2 - 64 bit (x32 Version: 2.0)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OMSI - Addon Wien (x32 Version: 1.00)
OMSI - Der Omnibussimulator (x32 Version: 1.04)
OMSI - Stadtbus O305 (x32 Version: 1.00)
OpenAL (x32)
openBVE - MFav jármû (HKCU)
openBVE É-D-i metróvonal (HKCU)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
OpenTTD 1.2.3 (x32 Version: 1.2.3)
Origin (x32 Version: 8.5.0.4518)
Paint.NET v3.5.10 (Version: 3.60.0)
PDF Settings CS6 (x32 Version: 11.0)
PdfGrabber 7.0 (32bit) (x32 Version: 7.0)
Phase 5 HTML-Editor (x32 Version: 5.6.2.3)
Photo Gallery (x32 Version: 16.4.3503.0728)
Portal 2 (x32)
Portal 2 Authoring Tools - Beta (x32)
Portal 2 Publishing Tool (x32)
PrivitizeVPN (x32 Version: 1.0.0)
Project64 1.6 (x32 Version: 1.6)
PunkBuster Services (x32 Version: 0.991)
PyFFI 2.1.9 (x32 Version: 2.1.9)
Python 2.6 (x32 Version: 2.6.150)
Python 2.6 PyFFI-2.1.9 (x32)
QuickTime (x32 Version: 7.72.80.56)
Rockstar Games Social Club (x32 Version: 1.00.0000)
Route_Riter v7.5 (HKCU)
RW_Tools V3 (HKCU)
SaveAs (x32 Version: )
Schwebebahn-Simulator 2013 Demo (x32)
Search Protect by conduit (x32 Version: 1.2.10.10)
Sid Meier's Civilization V (x32)
Sid Meier's Civilization V SDK (x32)
Simtrain's - SBB Route 1 (x32 Version: 1.00)
SketchUp 2013 (x32 Version: 13.0.3689)
Skype Click to Call (x32 Version: 6.3.11079)
Skype™ 6.5 (x32 Version: 6.5.158)
Software Version Updater (x32 Version: 1.1.3.6)
Steam (x32 Version: 1.0.0.0)
Studie zur Verbesserung von HP Photosmart 5520 series Produkten (Version: 28.0.1315.0)
SweetIM for Messenger 3.7 (x32 Version: 3.7.0007)
TeamSpeak 3 Client (x32 Version: 3.0.10)
TeamViewer 8 (x32 Version: 8.0.17396)
TGATool2A version 4.00.34 (x32)
Train Simulator 2013 (x32)
Tunatic (x32)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008)
VideoPad Video Editor (x32)
Vtune 7.5 (x32)
WavePad Sound Editor (x32)
Web Assistant 2.0.0.570 (Version: 2.0.0.570)
win2day Poker (x32 Version: )
Windows Live Communications Platform (x32 Version: 16.4.3503.0728)
Windows Live Essentials (x32 Version: 16.4.3503.0728)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3503.0728)
Windows Live Photo Common (x32 Version: 16.4.3503.0728)
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728)
Windows Live SOXE (x32 Version: 16.4.3503.0728)
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728)
Windows Live UX Platform (x32 Version: 16.4.3503.0728)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
World of Subways Vol.2 (x32 Version: 1.00)
WTC mod 0.3 for IV 1.0.7.0 (x32 Version: 000.030.1070)
Yontoo 1.10.03 (Version: 1.10.03)
Zeta Producer 11 11.1.1 (nur entfernen) (HKCU Version: 11.1.1)
==================== Restore Points =========================
13-06-2013 17:19:36 DirectX wurde installiert
24-06-2013 12:35:09 Installiert OMSI - Stadtbus O305
30-06-2013 10:37:35 Removed Internet Explorer Toolbar 4.6 by SweetPacks
30-06-2013 10:39:32 Removed Delta Chrome Toolbar
==================== Scheduled Tasks (whitelisted) =============
Task: {04B6E063-96DC-473C-B7DB-00C807DEE8DF} - System32\Tasks\AdobeAAMUpdater-1.0-Patrick-PC-Patrick => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {09998520-EBF2-41F4-A431-9FD0BEE388F6} - System32\Tasks\AmiUpdXp => C:\Users\Patrick\AppData\Local\SwvUpdater\Updater.exe [2013-04-04] (Amonetize ltd.)
Task: {0AEDF9F4-1522-4670-BC62-B61E2744C000} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-10-12] (Microsoft Corporation)
Task: {1BFF5BE0-A64A-40B1-BB63-21EA8C4DC33C} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe No File
Task: {1F6424F3-FC38-44A9-93B1-9711DB50EFBF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {228DAB9B-5F56-4A1F-93FC-49F64A65187A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09] (Google Inc.)
Task: {5FF3DEF1-F1C9-4D29-ADA8-9EA439946F92} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-10-12] (Microsoft Corporation)
Task: {694EA810-E75C-439C-9C62-444D3D6E9F17} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-10-12] (Microsoft)
Task: {727F7AE5-3A05-4918-9734-2D265DA7A802} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {77F11EF9-7845-4F46-98BB-FEFC52DAB701} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File
Task: {A9FE0D35-5E7B-4351-B60B-DCEAA8B50165} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C24E2D7D-57FC-48C6-94B8-57F3C67B5274} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09] (Google Inc.)
Task: {D93515AC-130E-48ED-9601-3C9B989D6A4A} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E47A5969-F338-4292-B18A-83D711F5FBEF} - System32\Tasks\NCH Software\WavePadDowngrade => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [2012-12-14] (NCH Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Patrick\AppData\Local\SwvUpdater\Updater.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Description: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2013 03:31:27 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x74b2c9f1
ID des fehlerhaften Prozesses: 0xe0c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 03:26:52 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rlservice.exe, Version: 1.1.21.137, Zeitstempel: 0x515deab5
Name des fehlerhaften Moduls: rlservice.exe, Version: 1.1.21.137, Zeitstempel: 0x515deab5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00009f77
ID des fehlerhaften Prozesses: 0x590
Startzeit der fehlerhaften Anwendung: 0xrlservice.exe0
Pfad der fehlerhaften Anwendung: rlservice.exe1
Pfad des fehlerhaften Moduls: rlservice.exe2
Berichtskennung: rlservice.exe3
Error: (06/30/2013 01:25:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:24:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x15b0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:20:32 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x105c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:17:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0xb20
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:16:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x290
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:11:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x172c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:07:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x42c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Error: (06/30/2013 01:03:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x7464c9f1
ID des fehlerhaften Prozesses: 0x56c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
System errors:
=============
Error: (06/30/2013 03:32:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (06/30/2013 03:32:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error: (06/30/2013 03:31:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/30/2013 03:31:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/30/2013 03:31:06 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error: (06/30/2013 03:29:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuche-Ressourcenveröffentlichung" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2147024891
Error: (06/30/2013 03:29:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem Fehler beendet:
%%-2147024891
Error: (06/30/2013 03:29:21 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (06/30/2013 03:28:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "RelevantKnowledge" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/30/2013 03:28:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 8183.05 MB
Available physical RAM: 5001.62 MB
Total Pagefile: 16364.25 MB
Available Pagefile: 12976.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:698.24 GB) (Free:195.64 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:698.63 GB) (Free:692.7 GB) NTFS (Disk=0 Partition=3)
Drive e: (PUSHERITCH!) (CDROM) (Total:0.16 GB) (Free:0 GB) CDFS
Drive j: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.19 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 98AB5CF9)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=698 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
30.06.2013, 16:21
| #4 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.06.2013, 16:28
| #5 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312Code:
ATTFilter 17:24:25.0203 4052 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:24:25.0408 4052 ============================================================
17:24:25.0408 4052 Current date / time: 2013/06/30 17:24:25.0408
17:24:25.0408 4052 SystemInfo:
17:24:25.0408 4052
17:24:25.0408 4052 OS Version: 6.1.7600 ServicePack: 0.0
17:24:25.0408 4052 Product type: Workstation
17:24:25.0408 4052 ComputerName: PATRICK-PC
17:24:25.0408 4052 UserName: Patrick
17:24:25.0408 4052 Windows directory: C:\Windows
17:24:25.0408 4052 System windows directory: C:\Windows
17:24:25.0408 4052 Running under WOW64
17:24:25.0408 4052 Processor architecture: Intel x64
17:24:25.0408 4052 Number of processors: 4
17:24:25.0408 4052 Page size: 0x1000
17:24:25.0408 4052 Boot type: Normal boot
17:24:25.0408 4052 ============================================================
17:24:28.0000 4052 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:24:28.0018 4052 ============================================================
17:24:28.0018 4052 \Device\Harddisk0\DR0:
17:24:28.0018 4052 MBR partitions:
17:24:28.0018 4052 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x5747C000
17:24:28.0018 4052 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57544800, BlocksNum 0x57542800
17:24:28.0018 4052 ============================================================
17:24:28.0130 4052 C: <-> \Device\Harddisk0\DR0\Partition1
17:24:28.0260 4052 D: <-> \Device\Harddisk0\DR0\Partition2
17:24:28.0260 4052 ============================================================
17:24:28.0260 4052 Initialize success
17:24:28.0260 4052 ============================================================
17:25:47.0961 5140 ============================================================
17:25:47.0961 5140 Scan started
17:25:47.0961 5140 Mode: Manual; SigCheck; TDLFS;
17:25:47.0961 5140 ============================================================
17:25:53.0936 5140 ================ Scan system memory ========================
17:25:53.0936 5140 System memory - ok
17:25:53.0936 5140 ================ Scan services =============================
17:25:54.0404 5140 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:25:54.0560 5140 1394ohci - ok
17:25:54.0638 5140 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:25:54.0654 5140 ACPI - ok
17:25:54.0685 5140 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:25:54.0825 5140 AcpiPmi - ok
17:25:55.0278 5140 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:25:55.0293 5140 AdobeARMservice - ok
17:25:55.0543 5140 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:25:55.0590 5140 AdobeFlashPlayerUpdateSvc - ok
17:25:55.0652 5140 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:25:55.0668 5140 adp94xx - ok
17:25:55.0683 5140 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:25:55.0699 5140 adpahci - ok
17:25:55.0699 5140 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:25:55.0714 5140 adpu320 - ok
17:25:55.0792 5140 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:25:55.0964 5140 AeLookupSvc - ok
17:25:56.0073 5140 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
17:25:56.0214 5140 AFD - ok
17:25:56.0307 5140 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:25:56.0323 5140 agp440 - ok
17:25:56.0323 5140 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:25:56.0370 5140 ALG - ok
17:25:56.0432 5140 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:25:56.0448 5140 aliide - ok
17:25:56.0463 5140 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:25:56.0479 5140 amdide - ok
17:25:56.0510 5140 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:25:56.0557 5140 AmdK8 - ok
17:25:56.0572 5140 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:25:56.0650 5140 AmdPPM - ok
17:25:56.0728 5140 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:25:56.0744 5140 amdsata - ok
17:25:56.0775 5140 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:25:56.0791 5140 amdsbs - ok
17:25:56.0838 5140 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:25:56.0853 5140 amdxata - ok
17:25:57.0399 5140 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:25:57.0415 5140 AntiVirSchedulerService - ok
17:25:57.0524 5140 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:25:57.0540 5140 AntiVirService - ok
17:25:57.0618 5140 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:25:57.0696 5140 AppID - ok
17:25:57.0758 5140 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:25:57.0836 5140 AppIDSvc - ok
17:25:57.0852 5140 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:25:57.0898 5140 Appinfo - ok
17:25:57.0914 5140 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:25:57.0914 5140 arc - ok
17:25:57.0930 5140 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:25:57.0930 5140 arcsas - ok
17:25:58.0070 5140 aspnet_state - ok
17:25:58.0117 5140 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:25:58.0210 5140 AsyncMac - ok
17:25:58.0226 5140 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:25:58.0242 5140 atapi - ok
17:25:58.0304 5140 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:25:58.0351 5140 athr - ok
17:25:58.0398 5140 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:25:58.0398 5140 AtiPcie - ok
17:25:58.0429 5140 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:25:58.0460 5140 AudioEndpointBuilder - ok
17:25:58.0460 5140 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:25:58.0491 5140 AudioSrv - ok
17:25:58.0538 5140 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:25:58.0554 5140 avgntflt - ok
17:25:58.0569 5140 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:25:58.0569 5140 avipbb - ok
17:25:58.0585 5140 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:25:58.0600 5140 avkmgr - ok
17:25:58.0694 5140 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:25:58.0788 5140 AxInstSV - ok
17:25:58.0819 5140 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:25:58.0850 5140 b06bdrv - ok
17:25:58.0866 5140 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:25:58.0912 5140 b57nd60a - ok
17:25:59.0006 5140 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:25:59.0022 5140 BDESVC - ok
17:25:59.0053 5140 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:25:59.0131 5140 Beep - ok
17:25:59.0146 5140 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:25:59.0193 5140 blbdrive - ok
17:25:59.0302 5140 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:25:59.0396 5140 bowser - ok
17:25:59.0412 5140 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:25:59.0458 5140 BrFiltLo - ok
17:25:59.0505 5140 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:25:59.0521 5140 BrFiltUp - ok
17:25:59.0583 5140 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
17:25:59.0630 5140 Browser - ok
17:25:59.0630 5140 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:25:59.0661 5140 Brserid - ok
17:25:59.0708 5140 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:25:59.0802 5140 BrSerWdm - ok
17:25:59.0833 5140 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:25:59.0911 5140 BrUsbMdm - ok
17:25:59.0942 5140 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:26:00.0020 5140 BrUsbSer - ok
17:26:00.0036 5140 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:26:00.0114 5140 BTHMODEM - ok
17:26:00.0160 5140 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:26:00.0238 5140 bthserv - ok
17:26:00.0285 5140 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:26:00.0332 5140 cdfs - ok
17:26:00.0348 5140 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:26:00.0363 5140 cdrom - ok
17:26:00.0363 5140 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:26:00.0410 5140 CertPropSvc - ok
17:26:00.0426 5140 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:26:00.0441 5140 circlass - ok
17:26:00.0504 5140 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:26:00.0535 5140 CLFS - ok
17:26:00.0597 5140 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:00.0613 5140 clr_optimization_v2.0.50727_32 - ok
17:26:00.0753 5140 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:00.0769 5140 clr_optimization_v2.0.50727_64 - ok
17:26:00.0956 5140 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:00.0972 5140 clr_optimization_v4.0.30319_32 - ok
17:26:01.0018 5140 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:01.0034 5140 clr_optimization_v4.0.30319_64 - ok
17:26:01.0034 5140 CltMngSvc - ok
17:26:01.0112 5140 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:26:01.0159 5140 CmBatt - ok
17:26:01.0221 5140 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:26:01.0237 5140 cmdide - ok
17:26:01.0330 5140 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
17:26:01.0393 5140 CNG - ok
17:26:01.0408 5140 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:26:01.0424 5140 Compbatt - ok
17:26:01.0440 5140 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:26:01.0486 5140 CompositeBus - ok
17:26:01.0533 5140 COMSysApp - ok
17:26:01.0564 5140 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:26:01.0580 5140 crcdisk - ok
17:26:01.0674 5140 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:26:01.0752 5140 CryptSvc - ok
17:26:02.0001 5140 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:26:02.0032 5140 cvhsvc - ok
17:26:02.0157 5140 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
17:26:02.0173 5140 dc3d - ok
17:26:02.0282 5140 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:26:02.0360 5140 DcomLaunch - ok
17:26:02.0454 5140 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:26:02.0547 5140 defragsvc - ok
17:26:02.0625 5140 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:26:02.0703 5140 DfsC - ok
17:26:02.0766 5140 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:26:02.0844 5140 Dhcp - ok
17:26:02.0844 5140 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:26:02.0968 5140 discache - ok
17:26:03.0000 5140 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:26:03.0015 5140 Disk - ok
17:26:03.0078 5140 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:26:03.0124 5140 Dnscache - ok
17:26:03.0171 5140 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:26:03.0249 5140 dot3svc - ok
17:26:03.0265 5140 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:26:03.0343 5140 DPS - ok
17:26:03.0405 5140 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:26:03.0436 5140 drmkaud - ok
17:26:03.0546 5140 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:26:03.0577 5140 DXGKrnl - ok
17:26:03.0624 5140 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:26:03.0639 5140 E1G60 - ok
17:26:03.0717 5140 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:26:03.0795 5140 EapHost - ok
17:26:03.0889 5140 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:26:03.0998 5140 ebdrv - ok
17:26:04.0029 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
17:26:04.0076 5140 EFS - ok
17:26:04.0232 5140 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:26:04.0263 5140 ehRecvr - ok
17:26:04.0357 5140 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:26:04.0388 5140 ehSched - ok
17:26:04.0450 5140 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:26:04.0482 5140 elxstor - ok
17:26:04.0560 5140 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:26:04.0622 5140 ErrDev - ok
17:26:04.0653 5140 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:26:04.0762 5140 EventSystem - ok
17:26:04.0809 5140 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:26:04.0872 5140 exfat - ok
17:26:04.0918 5140 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:26:04.0996 5140 fastfat - ok
17:26:05.0059 5140 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:26:05.0137 5140 Fax - ok
17:26:05.0168 5140 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:26:05.0184 5140 fdc - ok
17:26:05.0199 5140 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:26:05.0277 5140 fdPHost - ok
17:26:05.0293 5140 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:26:05.0324 5140 FDResPub - ok
17:26:05.0324 5140 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:26:05.0340 5140 FileInfo - ok
17:26:05.0355 5140 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:26:05.0418 5140 Filetrace - ok
17:26:05.0449 5140 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:05.0449 5140 flpydisk - ok
17:26:05.0511 5140 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:26:05.0527 5140 FltMgr - ok
17:26:05.0636 5140 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
17:26:05.0714 5140 FontCache - ok
17:26:05.0839 5140 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:05.0854 5140 FontCache3.0.0.0 - ok
17:26:05.0854 5140 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:26:05.0886 5140 FsDepends - ok
17:26:05.0932 5140 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:26:05.0948 5140 Fs_Rec - ok
17:26:06.0010 5140 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:26:06.0042 5140 fvevol - ok
17:26:06.0088 5140 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:26:06.0104 5140 gagp30kx - ok
17:26:06.0151 5140 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:26:06.0229 5140 gpsvc - ok
17:26:06.0354 5140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:06.0369 5140 gupdate - ok
17:26:06.0385 5140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:06.0400 5140 gupdatem - ok
17:26:06.0416 5140 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
17:26:06.0432 5140 hamachi - ok
17:26:06.0447 5140 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:26:06.0478 5140 hcw85cir - ok
17:26:06.0588 5140 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:26:06.0681 5140 HdAudAddService - ok
17:26:06.0853 5140 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:06.0978 5140 HDAudBus - ok
17:26:07.0134 5140 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:26:07.0149 5140 HidBatt - ok
17:26:07.0180 5140 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:26:07.0243 5140 HidBth - ok
17:26:07.0258 5140 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:26:07.0274 5140 HidIr - ok
17:26:07.0274 5140 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:26:07.0336 5140 hidserv - ok
17:26:07.0368 5140 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:26:07.0399 5140 HidUsb - ok
17:26:07.0430 5140 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:26:07.0492 5140 hkmsvc - ok
17:26:07.0524 5140 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:26:07.0539 5140 HomeGroupListener - ok
17:26:07.0617 5140 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:26:07.0664 5140 HomeGroupProvider - ok
17:26:07.0664 5140 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:26:07.0695 5140 HpSAMD - ok
17:26:07.0742 5140 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:26:07.0804 5140 HTTP - ok
17:26:07.0820 5140 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:26:07.0820 5140 hwpolicy - ok
17:26:07.0851 5140 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:07.0867 5140 i8042prt - ok
17:26:07.0960 5140 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:26:07.0992 5140 iaStorV - ok
17:26:08.0148 5140 [ F85EB9654B4C771470CD13A0A170D3B9 ] IBUpdaterService C:\Windows\system32\dmwu.exe
17:26:08.0179 5140 IBUpdaterService - ok
17:26:08.0304 5140 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:26:08.0413 5140 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:26:08.0413 5140 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:26:08.0522 5140 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:08.0569 5140 idsvc - ok
17:26:08.0584 5140 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:26:08.0616 5140 iirsp - ok
17:26:08.0740 5140 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:26:08.0865 5140 IKEEXT - ok
17:26:08.0881 5140 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:26:08.0896 5140 intelide - ok
17:26:08.0912 5140 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:26:08.0990 5140 intelppm - ok
17:26:09.0021 5140 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:26:09.0084 5140 IPBusEnum - ok
17:26:09.0099 5140 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:09.0115 5140 IpFilterDriver - ok
17:26:09.0162 5140 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:26:09.0193 5140 IPMIDRV - ok
17:26:09.0208 5140 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:26:09.0255 5140 IPNAT - ok
17:26:09.0286 5140 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:26:09.0302 5140 IRENUM - ok
17:26:09.0333 5140 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:26:09.0349 5140 isapnp - ok
17:26:09.0380 5140 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:09.0411 5140 iScsiPrt - ok
17:26:09.0474 5140 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:09.0489 5140 kbdclass - ok
17:26:09.0489 5140 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:09.0552 5140 kbdhid - ok
17:26:09.0567 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
17:26:09.0598 5140 KeyIso - ok
17:26:09.0614 5140 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:26:09.0630 5140 KSecDD - ok
17:26:09.0661 5140 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:26:09.0676 5140 KSecPkg - ok
17:26:09.0676 5140 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:26:09.0708 5140 ksthunk - ok
17:26:09.0770 5140 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:26:09.0817 5140 KtmRm - ok
17:26:09.0895 5140 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:26:10.0020 5140 LanmanServer - ok
17:26:10.0098 5140 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:26:10.0176 5140 LanmanWorkstation - ok
17:26:10.0238 5140 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:26:10.0347 5140 lltdio - ok
17:26:10.0378 5140 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:26:10.0519 5140 lltdsvc - ok
17:26:10.0550 5140 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:26:10.0597 5140 lmhosts - ok
17:26:10.0706 5140 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:26:10.0722 5140 LSI_FC - ok
17:26:10.0737 5140 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:26:10.0737 5140 LSI_SAS - ok
17:26:10.0753 5140 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:26:10.0753 5140 LSI_SAS2 - ok
17:26:10.0753 5140 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:26:10.0768 5140 LSI_SCSI - ok
17:26:10.0815 5140 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:26:10.0893 5140 luafv - ok
17:26:10.0924 5140 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:26:10.0956 5140 Mcx2Svc - ok
17:26:10.0956 5140 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:26:10.0971 5140 megasas - ok
17:26:11.0034 5140 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:26:11.0049 5140 MegaSR - ok
17:26:11.0470 5140 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:26:11.0502 5140 Microsoft Office Groove Audit Service - ok
17:26:11.0517 5140 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:26:11.0564 5140 MMCSS - ok
17:26:11.0564 5140 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:26:11.0595 5140 Modem - ok
17:26:11.0626 5140 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:26:11.0658 5140 monitor - ok
17:26:11.0689 5140 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:26:11.0689 5140 mouclass - ok
17:26:11.0704 5140 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:26:11.0736 5140 mouhid - ok
17:26:11.0736 5140 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:26:11.0751 5140 mountmgr - ok
17:26:11.0767 5140 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:26:11.0782 5140 mpio - ok
17:26:11.0782 5140 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:26:11.0845 5140 mpsdrv - ok
17:26:11.0876 5140 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:26:11.0907 5140 MRxDAV - ok
17:26:11.0938 5140 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:11.0985 5140 mrxsmb - ok
17:26:12.0032 5140 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:12.0048 5140 mrxsmb10 - ok
17:26:12.0110 5140 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:12.0141 5140 mrxsmb20 - ok
17:26:12.0235 5140 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:26:12.0250 5140 msahci - ok
17:26:12.0266 5140 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:26:12.0282 5140 msdsm - ok
17:26:12.0297 5140 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:26:12.0313 5140 MSDTC - ok
17:26:12.0375 5140 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:26:12.0422 5140 Msfs - ok
17:26:12.0453 5140 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:26:12.0500 5140 mshidkmdf - ok
17:26:12.0500 5140 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:26:12.0516 5140 msisadrv - ok
17:26:12.0547 5140 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:26:12.0625 5140 MSiSCSI - ok
17:26:12.0625 5140 msiserver - ok
17:26:12.0672 5140 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:26:12.0734 5140 MSKSSRV - ok
17:26:12.0750 5140 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:12.0796 5140 MSPCLOCK - ok
17:26:12.0812 5140 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:26:12.0859 5140 MSPQM - ok
17:26:12.0890 5140 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:26:12.0906 5140 MsRPC - ok
17:26:12.0937 5140 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:12.0937 5140 mssmbios - ok
17:26:12.0968 5140 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:26:13.0030 5140 MSTEE - ok
17:26:13.0062 5140 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:26:13.0093 5140 MTConfig - ok
17:26:13.0140 5140 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:26:13.0186 5140 MTsensor - ok
17:26:13.0186 5140 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:26:13.0202 5140 Mup - ok
17:26:13.0264 5140 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:26:13.0358 5140 napagent - ok
17:26:13.0420 5140 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:26:13.0483 5140 NativeWifiP - ok
17:26:13.0530 5140 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:26:13.0576 5140 NDIS - ok
17:26:13.0592 5140 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:26:13.0639 5140 NdisCap - ok
17:26:13.0670 5140 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:13.0748 5140 NdisTapi - ok
17:26:13.0764 5140 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:13.0826 5140 Ndisuio - ok
17:26:13.0857 5140 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:13.0888 5140 NdisWan - ok
17:26:13.0888 5140 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:26:13.0920 5140 NDProxy - ok
17:26:13.0935 5140 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:26:13.0966 5140 NetBIOS - ok
17:26:13.0982 5140 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:26:14.0013 5140 NetBT - ok
17:26:14.0029 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
17:26:14.0044 5140 Netlogon - ok
17:26:14.0060 5140 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:26:14.0107 5140 Netman - ok
17:26:14.0154 5140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0154 5140 NetMsmqActivator - ok
17:26:14.0169 5140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0185 5140 NetPipeActivator - ok
17:26:14.0185 5140 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:26:14.0216 5140 netprofm - ok
17:26:14.0216 5140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0232 5140 NetTcpActivator - ok
17:26:14.0232 5140 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:26:14.0232 5140 NetTcpPortSharing - ok
17:26:14.0263 5140 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:26:14.0278 5140 nfrd960 - ok
17:26:14.0310 5140 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:26:14.0356 5140 NlaSvc - ok
17:26:14.0388 5140 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:26:14.0434 5140 Npfs - ok
17:26:14.0434 5140 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:26:14.0466 5140 nsi - ok
17:26:14.0466 5140 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:26:14.0497 5140 nsiproxy - ok
17:26:14.0590 5140 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:26:14.0653 5140 Ntfs - ok
17:26:14.0684 5140 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:26:14.0746 5140 Null - ok
17:26:14.0824 5140 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:26:14.0840 5140 NVHDA - ok
17:26:15.0090 5140 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:26:15.0214 5140 nvlddmkm - ok
17:26:15.0339 5140 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:26:15.0355 5140 nvraid - ok
17:26:15.0386 5140 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:26:15.0402 5140 nvstor - ok
17:26:15.0480 5140 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
17:26:15.0526 5140 nvsvc - ok
17:26:15.0620 5140 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:26:15.0667 5140 nvUpdatusService - ok
17:26:15.0698 5140 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:26:15.0714 5140 nv_agp - ok
17:26:15.0807 5140 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:26:15.0823 5140 odserv - ok
17:26:15.0838 5140 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:15.0854 5140 ohci1394 - ok
17:26:15.0901 5140 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:15.0901 5140 ose - ok
17:26:16.0166 5140 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:26:16.0244 5140 osppsvc - ok
17:26:16.0353 5140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:26:16.0416 5140 p2pimsvc - ok
17:26:16.0431 5140 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:26:16.0462 5140 p2psvc - ok
17:26:16.0525 5140 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:26:16.0540 5140 Parport - ok
17:26:16.0618 5140 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:26:16.0650 5140 partmgr - ok
17:26:16.0712 5140 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:26:16.0790 5140 PcaSvc - ok
17:26:16.0837 5140 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:26:16.0837 5140 pci - ok
17:26:16.0852 5140 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:26:16.0852 5140 pciide - ok
17:26:16.0884 5140 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:26:16.0884 5140 pcmcia - ok
17:26:16.0915 5140 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:26:16.0915 5140 pcw - ok
17:26:16.0946 5140 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:26:16.0993 5140 PEAUTH - ok
17:26:17.0133 5140 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:26:17.0164 5140 PerfHost - ok
17:26:17.0211 5140 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:26:17.0305 5140 pla - ok
17:26:17.0461 5140 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:26:17.0523 5140 PlugPlay - ok
17:26:17.0570 5140 PnkBstrA - ok
17:26:17.0586 5140 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:26:17.0632 5140 PNRPAutoReg - ok
17:26:17.0679 5140 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:26:17.0679 5140 PNRPsvc - ok
17:26:17.0773 5140 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
17:26:17.0773 5140 Point64 - ok
17:26:17.0882 5140 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:26:17.0960 5140 PolicyAgent - ok
17:26:18.0022 5140 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:26:18.0100 5140 Power - ok
17:26:18.0163 5140 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:26:18.0225 5140 PptpMiniport - ok
17:26:18.0256 5140 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:26:18.0303 5140 Processor - ok
17:26:18.0350 5140 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
17:26:18.0366 5140 ProfSvc - ok
17:26:18.0381 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:26:18.0397 5140 ProtectedStorage - ok
17:26:18.0428 5140 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:26:18.0490 5140 Psched - ok
17:26:18.0553 5140 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:26:18.0584 5140 ql2300 - ok
17:26:18.0631 5140 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:26:18.0631 5140 ql40xx - ok
17:26:18.0662 5140 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:26:18.0693 5140 QWAVE - ok
17:26:18.0709 5140 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:26:18.0740 5140 QWAVEdrv - ok
17:26:18.0740 5140 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:26:18.0834 5140 RasAcd - ok
17:26:18.0927 5140 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:26:18.0958 5140 RasAgileVpn - ok
17:26:18.0974 5140 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:26:19.0068 5140 RasAuto - ok
17:26:19.0099 5140 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:19.0177 5140 Rasl2tp - ok
17:26:19.0208 5140 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:26:19.0270 5140 RasMan - ok
17:26:19.0270 5140 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:19.0286 5140 RasPppoe - ok
17:26:19.0302 5140 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:26:19.0333 5140 RasSstp - ok
17:26:19.0348 5140 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:26:19.0395 5140 rdbss - ok
17:26:19.0426 5140 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:26:19.0442 5140 rdpbus - ok
17:26:19.0458 5140 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:19.0489 5140 RDPCDD - ok
17:26:19.0551 5140 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:26:19.0598 5140 RDPENCDD - ok
17:26:19.0629 5140 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:26:19.0645 5140 RDPREFMP - ok
17:26:19.0770 5140 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:26:19.0894 5140 RDPWD - ok
17:26:20.0004 5140 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:26:20.0035 5140 rdyboost - ok
17:26:20.0160 5140 RelevantKnowledge - ok
17:26:20.0238 5140 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:26:20.0331 5140 RemoteAccess - ok
17:26:20.0378 5140 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:26:20.0487 5140 RemoteRegistry - ok
17:26:20.0487 5140 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:26:20.0565 5140 RpcEptMapper - ok
17:26:20.0581 5140 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:26:20.0612 5140 RpcLocator - ok
17:26:20.0659 5140 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:26:20.0690 5140 RpcSs - ok
17:26:20.0752 5140 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:26:20.0830 5140 rspndr - ok
17:26:20.0908 5140 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:26:20.0924 5140 RTL8167 - ok
17:26:20.0955 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
17:26:20.0971 5140 SamSs - ok
17:26:21.0002 5140 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:26:21.0018 5140 sbp2port - ok
17:26:21.0064 5140 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:26:21.0096 5140 SCardSvr - ok
17:26:21.0142 5140 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:26:21.0220 5140 scfilter - ok
17:26:21.0314 5140 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
17:26:21.0345 5140 Schedule - ok
17:26:21.0423 5140 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:26:21.0470 5140 SCPolicySvc - ok
17:26:21.0548 5140 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:26:21.0595 5140 SDRSVC - ok
17:26:21.0657 5140 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:26:21.0735 5140 secdrv - ok
17:26:21.0766 5140 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:26:21.0829 5140 seclogon - ok
17:26:21.0844 5140 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:26:21.0907 5140 SENS - ok
17:26:21.0954 5140 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:26:22.0000 5140 SensrSvc - ok
17:26:22.0000 5140 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:26:22.0094 5140 Serenum - ok
17:26:22.0172 5140 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:26:22.0203 5140 Serial - ok
17:26:22.0266 5140 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:26:22.0297 5140 sermouse - ok
17:26:22.0312 5140 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:26:22.0344 5140 SessionEnv - ok
17:26:22.0375 5140 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:26:22.0422 5140 sffdisk - ok
17:26:22.0422 5140 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:26:22.0484 5140 sffp_mmc - ok
17:26:22.0500 5140 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:26:22.0515 5140 sffp_sd - ok
17:26:22.0562 5140 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:26:22.0640 5140 sfloppy - ok
17:26:22.0796 5140 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:26:22.0827 5140 Sftfs - ok
17:26:22.0999 5140 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:26:23.0014 5140 sftlist - ok
17:26:23.0046 5140 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:26:23.0061 5140 Sftplay - ok
17:26:23.0139 5140 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:26:23.0155 5140 Sftredir - ok
17:26:23.0186 5140 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:26:23.0202 5140 Sftvol - ok
17:26:23.0248 5140 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:26:23.0264 5140 sftvsa - ok
17:26:23.0280 5140 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:26:23.0311 5140 ShellHWDetection - ok
17:26:23.0342 5140 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:26:23.0342 5140 SiSRaid2 - ok
17:26:23.0342 5140 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:26:23.0358 5140 SiSRaid4 - ok
17:26:23.0716 5140 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
17:26:23.0763 5140 Skype C2C Service - ok
17:26:23.0950 5140 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:26:23.0966 5140 SkypeUpdate - ok
17:26:23.0997 5140 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:26:24.0106 5140 Smb - ok
17:26:24.0184 5140 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:26:24.0200 5140 SNMPTRAP - ok
17:26:24.0200 5140 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:26:24.0216 5140 spldr - ok
17:26:24.0262 5140 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
17:26:24.0325 5140 Spooler - ok
17:26:24.0465 5140 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:26:24.0528 5140 sppsvc - ok
17:26:24.0574 5140 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:26:24.0668 5140 sppuinotify - ok
17:26:24.0715 5140 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:26:24.0808 5140 srv - ok
17:26:24.0840 5140 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:26:24.0886 5140 srv2 - ok
17:26:24.0918 5140 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:26:24.0964 5140 srvnet - ok
17:26:24.0996 5140 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:26:25.0105 5140 SSDPSRV - ok
17:26:25.0120 5140 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:26:25.0136 5140 SstpSvc - ok
17:26:25.0198 5140 Steam Client Service - ok
17:26:25.0308 5140 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:26:25.0339 5140 Stereo Service - ok
17:26:25.0354 5140 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:26:25.0370 5140 stexstor - ok
17:26:25.0495 5140 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:26:25.0542 5140 stisvc - ok
17:26:25.0557 5140 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:26:25.0557 5140 swenum - ok
17:26:25.0713 5140 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:26:25.0760 5140 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
17:26:25.0760 5140 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
17:26:25.0838 5140 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:26:25.0900 5140 swprv - ok
17:26:25.0932 5140 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:26:25.0994 5140 SysMain - ok
17:26:26.0025 5140 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:26:26.0025 5140 TabletInputService - ok
17:26:26.0041 5140 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:26:26.0088 5140 TapiSrv - ok
17:26:26.0134 5140 TBPanel - ok
17:26:26.0134 5140 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:26:26.0166 5140 TBS - ok
17:26:26.0275 5140 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:26:26.0322 5140 Tcpip - ok
17:26:26.0337 5140 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:26:26.0368 5140 TCPIP6 - ok
17:26:26.0384 5140 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:26:26.0415 5140 tcpipreg - ok
17:26:26.0431 5140 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:26:26.0478 5140 TDPIPE - ok
17:26:26.0587 5140 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:26:26.0634 5140 TDTCP - ok
17:26:26.0680 5140 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:26:26.0712 5140 tdx - ok
17:26:27.0180 5140 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
17:26:27.0226 5140 TeamViewer8 - ok
17:26:27.0258 5140 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:26:27.0273 5140 TermDD - ok
17:26:27.0304 5140 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:26:27.0414 5140 TermService - ok
17:26:27.0429 5140 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:26:27.0476 5140 Themes - ok
17:26:27.0523 5140 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:26:27.0554 5140 THREADORDER - ok
17:26:27.0570 5140 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:26:27.0616 5140 TrkWks - ok
17:26:27.0804 5140 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:26:27.0804 5140 TrustedInstaller - ok
17:26:27.0819 5140 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:26:27.0850 5140 tssecsrv - ok
17:26:27.0897 5140 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:26:27.0944 5140 tunnel - ok
17:26:27.0960 5140 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:26:27.0960 5140 uagp35 - ok
17:26:27.0991 5140 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:26:28.0100 5140 udfs - ok
17:26:28.0131 5140 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:26:28.0178 5140 UI0Detect - ok
17:26:28.0194 5140 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:26:28.0225 5140 uliagpkx - ok
17:26:28.0318 5140 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:26:28.0381 5140 umbus - ok
17:26:28.0412 5140 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:26:28.0428 5140 UmPass - ok
17:26:28.0459 5140 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:26:28.0521 5140 upnphost - ok
17:26:28.0599 5140 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:26:28.0599 5140 usbaudio - ok
17:26:28.0677 5140 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:26:28.0755 5140 usbccgp - ok
17:26:28.0802 5140 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:26:28.0864 5140 usbcir - ok
17:26:28.0880 5140 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:26:28.0896 5140 usbehci - ok
17:26:28.0911 5140 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:26:29.0020 5140 usbhub - ok
17:26:29.0052 5140 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:26:29.0083 5140 usbohci - ok
17:26:29.0145 5140 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:26:29.0161 5140 usbprint - ok
17:26:29.0254 5140 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:26:29.0270 5140 usbscan - ok
17:26:29.0332 5140 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:26:29.0348 5140 USBSTOR - ok
17:26:29.0379 5140 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:26:29.0410 5140 usbuhci - ok
17:26:29.0473 5140 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:26:29.0504 5140 UxSms - ok
17:26:29.0520 5140 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
17:26:29.0535 5140 VaultSvc - ok
17:26:29.0660 5140 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
17:26:29.0738 5140 VClone - ok
17:26:29.0785 5140 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:26:29.0800 5140 vdrvroot - ok
17:26:29.0878 5140 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:26:29.0956 5140 vds - ok
17:26:30.0019 5140 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:26:30.0050 5140 vga - ok
17:26:30.0050 5140 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:26:30.0128 5140 VgaSave - ok
17:26:30.0159 5140 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:26:30.0175 5140 vhdmp - ok
17:26:30.0175 5140 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:26:30.0190 5140 viaide - ok
17:26:30.0237 5140 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:26:30.0253 5140 volmgr - ok
17:26:30.0284 5140 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:26:30.0300 5140 volmgrx - ok
17:26:30.0378 5140 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:26:30.0393 5140 volsnap - ok
17:26:30.0502 5140 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:26:30.0518 5140 vsmraid - ok
17:26:30.0580 5140 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:26:30.0643 5140 VSS - ok
17:26:30.0674 5140 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:26:30.0721 5140 vwifibus - ok
17:26:30.0736 5140 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:26:30.0768 5140 vwififlt - ok
17:26:30.0783 5140 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:26:30.0783 5140 vwifimp - ok
17:26:30.0799 5140 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:26:30.0830 5140 W32Time - ok
17:26:30.0846 5140 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:26:30.0892 5140 WacomPen - ok
17:26:30.0908 5140 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:26:30.0955 5140 WANARP - ok
17:26:30.0955 5140 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:26:30.0986 5140 Wanarpv6 - ok
17:26:31.0095 5140 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:26:31.0142 5140 WatAdminSvc - ok
17:26:31.0204 5140 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:26:31.0267 5140 wbengine - ok
17:26:31.0282 5140 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:26:31.0314 5140 WbioSrvc - ok
17:26:31.0423 5140 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:26:31.0438 5140 wcncsvc - ok
17:26:31.0454 5140 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:26:31.0454 5140 WcsPlugInService - ok
17:26:31.0470 5140 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:26:31.0485 5140 Wd - ok
17:26:31.0516 5140 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:26:31.0548 5140 Wdf01000 - ok
17:26:31.0563 5140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:26:31.0641 5140 WdiServiceHost - ok
17:26:31.0672 5140 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:26:31.0672 5140 WdiSystemHost - ok
17:26:32.0047 5140 [ 9AE1DCBA82607B9722A1223129E9E066 ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
17:26:32.0062 5140 Web Assistant - ok
17:26:32.0140 5140 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
17:26:32.0203 5140 WebClient - ok
17:26:32.0250 5140 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:26:32.0328 5140 Wecsvc - ok
17:26:32.0359 5140 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:26:32.0390 5140 wercplsupport - ok
17:26:32.0452 5140 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:26:32.0499 5140 WerSvc - ok
17:26:32.0593 5140 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:26:32.0624 5140 WfpLwf - ok
17:26:32.0718 5140 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:26:32.0718 5140 WIMMount - ok
17:26:32.0827 5140 WinHttpAutoProxySvc - ok
17:26:32.0920 5140 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:26:32.0936 5140 Winmgmt - ok
17:26:33.0030 5140 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:26:33.0139 5140 WinRM - ok
17:26:33.0186 5140 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:26:33.0217 5140 WinUsb - ok
17:26:33.0232 5140 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:26:33.0279 5140 Wlansvc - ok
17:26:33.0950 5140 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:26:34.0200 5140 wlidsvc - ok
17:26:34.0262 5140 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
17:26:34.0278 5140 WmBEnum - ok
17:26:34.0340 5140 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
17:26:34.0356 5140 WmFilter - ok
17:26:34.0496 5140 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
17:26:34.0496 5140 WmHidLo - ok
17:26:34.0512 5140 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:26:34.0574 5140 WmiAcpi - ok
17:26:34.0590 5140 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:26:34.0636 5140 wmiApSrv - ok
17:26:34.0699 5140 WMPNetworkSvc - ok
17:26:34.0699 5140 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
17:26:34.0714 5140 WmVirHid - ok
17:26:34.0730 5140 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
17:26:34.0746 5140 WmXlCore - ok
17:26:34.0761 5140 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:26:34.0777 5140 WPCSvc - ok
17:26:34.0792 5140 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:26:34.0808 5140 WPDBusEnum - ok
17:26:34.0855 5140 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:26:34.0917 5140 ws2ifsl - ok
17:26:34.0917 5140 WSearch - ok
17:26:35.0026 5140 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:26:35.0042 5140 WudfPf - ok
17:26:35.0120 5140 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:26:35.0136 5140 WUDFRd - ok
17:26:35.0182 5140 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:26:35.0260 5140 wudfsvc - ok
17:26:35.0292 5140 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:26:35.0323 5140 WwanSvc - ok
17:26:35.0557 5140 X6va008 - ok
17:26:35.0572 5140 ================ Scan global ===============================
17:26:35.0650 5140 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:26:35.0728 5140 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
17:26:35.0744 5140 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
17:26:35.0806 5140 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:26:35.0853 5140 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
17:26:35.0853 5140 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
17:26:35.0853 5140 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
17:26:35.0853 5140 ================ Scan MBR ==================================
17:26:35.0884 5140 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:26:36.0196 5140 \Device\Harddisk0\DR0 - ok
17:26:36.0196 5140 ================ Scan VBR ==================================
17:26:36.0243 5140 [ 10606B300EF62A6B3BF768CB2918BFB4 ] \Device\Harddisk0\DR0\Partition1
17:26:36.0243 5140 \Device\Harddisk0\DR0\Partition1 - ok
17:26:36.0259 5140 [ 28C8F297807ECEEC4B5614AD17D23406 ] \Device\Harddisk0\DR0\Partition2
17:26:36.0259 5140 \Device\Harddisk0\DR0\Partition2 - ok
17:26:36.0259 5140 ============================================================
17:26:36.0259 5140 Scan finished
17:26:36.0259 5140 ============================================================
17:26:36.0274 5544 Detected object count: 3
17:26:36.0274 5544 Actual detected object count: 3
17:27:28.0926 5544 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:28.0926 5544 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:28.0926 5544 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:28.0926 5544 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:28.0926 5544 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
17:27:28.0926 5544 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
|
|
30.06.2013, 19:44
| #6 | |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Nochmal TDSSKiller, bei diesen Einträgen Zitat:
Cure wählen. Logfile posten, frischen Scan mit TDSSKiller und frischen Scan mit FRST machen.
__________________ --> W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 |
|
30.06.2013, 21:11
| #7 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Welche? Ich poste einfach beide. (Vor "Cure") Code:
ATTFilter 21:55:59.0186 4020 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:55:59.0406 4020 ============================================================
21:55:59.0406 4020 Current date / time: 2013/06/30 21:55:59.0406
21:55:59.0406 4020 SystemInfo:
21:55:59.0406 4020
21:55:59.0406 4020 OS Version: 6.1.7600 ServicePack: 0.0
21:55:59.0406 4020 Product type: Workstation
21:55:59.0406 4020 ComputerName: PATRICK-PC
21:55:59.0406 4020 UserName: Patrick
21:55:59.0406 4020 Windows directory: C:\Windows
21:55:59.0406 4020 System windows directory: C:\Windows
21:55:59.0406 4020 Running under WOW64
21:55:59.0406 4020 Processor architecture: Intel x64
21:55:59.0406 4020 Number of processors: 4
21:55:59.0406 4020 Page size: 0x1000
21:55:59.0406 4020 Boot type: Normal boot
21:55:59.0406 4020 ============================================================
21:56:00.0846 4020 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:56:00.0856 4020 ============================================================
21:56:00.0856 4020 \Device\Harddisk0\DR0:
21:56:00.0856 4020 MBR partitions:
21:56:00.0856 4020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x5747C000
21:56:00.0856 4020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57544800, BlocksNum 0x57542800
21:56:00.0856 4020 ============================================================
21:56:00.0966 4020 C: <-> \Device\Harddisk0\DR0\Partition1
21:56:01.0066 4020 D: <-> \Device\Harddisk0\DR0\Partition2
21:56:01.0066 4020 ============================================================
21:56:01.0066 4020 Initialize success
21:56:01.0066 4020 ============================================================
21:56:06.0636 5296 ============================================================
21:56:06.0636 5296 Scan started
21:56:06.0636 5296 Mode: Manual; SigCheck; TDLFS;
21:56:06.0636 5296 ============================================================
21:56:15.0366 5296 ================ Scan system memory ========================
21:56:15.0366 5296 System memory - ok
21:56:15.0366 5296 ================ Scan services =============================
21:56:15.0626 5296 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:56:15.0666 5296 1394ohci - ok
21:56:15.0726 5296 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:56:15.0736 5296 ACPI - ok
21:56:15.0746 5296 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:56:15.0766 5296 AcpiPmi - ok
21:56:16.0026 5296 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:56:16.0036 5296 AdobeARMservice - ok
21:56:16.0166 5296 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:56:16.0176 5296 AdobeFlashPlayerUpdateSvc - ok
21:56:16.0206 5296 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:56:16.0226 5296 adp94xx - ok
21:56:16.0226 5296 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:56:16.0246 5296 adpahci - ok
21:56:16.0246 5296 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:56:16.0256 5296 adpu320 - ok
21:56:16.0316 5296 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:56:16.0346 5296 AeLookupSvc - ok
21:56:16.0436 5296 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
21:56:16.0446 5296 AFD - ok
21:56:16.0476 5296 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:56:16.0486 5296 agp440 - ok
21:56:16.0486 5296 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:56:16.0496 5296 ALG - ok
21:56:16.0506 5296 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:56:16.0516 5296 aliide - ok
21:56:16.0536 5296 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:56:16.0546 5296 amdide - ok
21:56:16.0566 5296 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:56:16.0576 5296 AmdK8 - ok
21:56:16.0596 5296 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:56:16.0606 5296 AmdPPM - ok
21:56:16.0636 5296 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:56:16.0646 5296 amdsata - ok
21:56:16.0666 5296 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:56:16.0676 5296 amdsbs - ok
21:56:16.0706 5296 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:56:16.0716 5296 amdxata - ok
21:56:16.0956 5296 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:56:16.0966 5296 AntiVirSchedulerService - ok
21:56:17.0086 5296 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:56:17.0096 5296 AntiVirService - ok
21:56:17.0106 5296 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:56:17.0126 5296 AppID - ok
21:56:17.0136 5296 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:56:17.0166 5296 AppIDSvc - ok
21:56:17.0166 5296 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:56:17.0186 5296 Appinfo - ok
21:56:17.0186 5296 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:56:17.0196 5296 arc - ok
21:56:17.0196 5296 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:56:17.0206 5296 arcsas - ok
21:56:17.0316 5296 aspnet_state - ok
21:56:17.0336 5296 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:56:17.0376 5296 AsyncMac - ok
21:56:17.0406 5296 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:56:17.0416 5296 atapi - ok
21:56:17.0496 5296 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:56:17.0516 5296 athr - ok
21:56:17.0546 5296 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
21:56:17.0556 5296 AtiPcie - ok
21:56:17.0576 5296 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:56:17.0606 5296 AudioEndpointBuilder - ok
21:56:17.0616 5296 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:56:17.0656 5296 AudioSrv - ok
21:56:17.0686 5296 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:56:17.0696 5296 avgntflt - ok
21:56:17.0736 5296 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:56:17.0746 5296 avipbb - ok
21:56:17.0776 5296 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:56:17.0776 5296 avkmgr - ok
21:56:17.0816 5296 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:56:17.0836 5296 AxInstSV - ok
21:56:17.0866 5296 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:56:17.0896 5296 b06bdrv - ok
21:56:17.0946 5296 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:56:17.0956 5296 b57nd60a - ok
21:56:17.0976 5296 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:56:18.0006 5296 BDESVC - ok
21:56:18.0026 5296 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:56:18.0056 5296 Beep - ok
21:56:18.0066 5296 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:56:18.0076 5296 blbdrive - ok
21:56:18.0146 5296 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:56:18.0226 5296 bowser - ok
21:56:18.0246 5296 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:56:18.0266 5296 BrFiltLo - ok
21:56:18.0276 5296 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:56:18.0296 5296 BrFiltUp - ok
21:56:18.0346 5296 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
21:56:18.0386 5296 Browser - ok
21:56:18.0396 5296 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:56:18.0406 5296 Brserid - ok
21:56:18.0416 5296 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:56:18.0436 5296 BrSerWdm - ok
21:56:18.0446 5296 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:56:18.0456 5296 BrUsbMdm - ok
21:56:18.0486 5296 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:56:18.0496 5296 BrUsbSer - ok
21:56:18.0516 5296 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:56:18.0526 5296 BTHMODEM - ok
21:56:18.0546 5296 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:56:18.0576 5296 bthserv - ok
21:56:18.0576 5296 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:56:18.0606 5296 cdfs - ok
21:56:18.0636 5296 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:56:18.0646 5296 cdrom - ok
21:56:18.0666 5296 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:56:18.0696 5296 CertPropSvc - ok
21:56:18.0716 5296 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:56:18.0736 5296 circlass - ok
21:56:18.0766 5296 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:56:18.0786 5296 CLFS - ok
21:56:18.0856 5296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:56:18.0866 5296 clr_optimization_v2.0.50727_32 - ok
21:56:18.0936 5296 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:56:18.0946 5296 clr_optimization_v2.0.50727_64 - ok
21:56:19.0066 5296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:56:19.0076 5296 clr_optimization_v4.0.30319_32 - ok
21:56:19.0116 5296 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:56:19.0126 5296 clr_optimization_v4.0.30319_64 - ok
21:56:19.0126 5296 CltMngSvc - ok
21:56:19.0146 5296 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:56:19.0156 5296 CmBatt - ok
21:56:19.0186 5296 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:56:19.0186 5296 cmdide - ok
21:56:19.0236 5296 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
21:56:19.0256 5296 CNG - ok
21:56:19.0286 5296 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:56:19.0296 5296 Compbatt - ok
21:56:19.0296 5296 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:56:19.0316 5296 CompositeBus - ok
21:56:19.0316 5296 COMSysApp - ok
21:56:19.0336 5296 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:56:19.0346 5296 crcdisk - ok
21:56:19.0386 5296 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:56:19.0426 5296 CryptSvc - ok
21:56:19.0636 5296 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:56:19.0656 5296 cvhsvc - ok
21:56:19.0726 5296 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:56:19.0736 5296 dc3d - ok
21:56:19.0806 5296 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:56:19.0846 5296 DcomLaunch - ok
21:56:19.0886 5296 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:56:19.0916 5296 defragsvc - ok
21:56:19.0966 5296 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:56:19.0986 5296 DfsC - ok
21:56:20.0016 5296 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:56:20.0026 5296 Dhcp - ok
21:56:20.0036 5296 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:56:20.0066 5296 discache - ok
21:56:20.0076 5296 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:56:20.0086 5296 Disk - ok
21:56:20.0116 5296 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:56:20.0146 5296 Dnscache - ok
21:56:20.0166 5296 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:56:20.0196 5296 dot3svc - ok
21:56:20.0196 5296 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:56:20.0226 5296 DPS - ok
21:56:20.0256 5296 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:56:20.0266 5296 drmkaud - ok
21:56:20.0356 5296 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:56:20.0416 5296 DXGKrnl - ok
21:56:20.0446 5296 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:56:20.0456 5296 E1G60 - ok
21:56:20.0516 5296 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:56:20.0546 5296 EapHost - ok
21:56:20.0666 5296 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:56:20.0716 5296 ebdrv - ok
21:56:20.0746 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
21:56:20.0826 5296 EFS - ok
21:56:20.0946 5296 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:56:20.0976 5296 ehRecvr - ok
21:56:21.0046 5296 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:56:21.0056 5296 ehSched - ok
21:56:21.0116 5296 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:56:21.0126 5296 elxstor - ok
21:56:21.0156 5296 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:56:21.0166 5296 ErrDev - ok
21:56:21.0206 5296 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:56:21.0246 5296 EventSystem - ok
21:56:21.0286 5296 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:56:21.0316 5296 exfat - ok
21:56:21.0356 5296 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:56:21.0396 5296 fastfat - ok
21:56:21.0466 5296 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:56:21.0496 5296 Fax - ok
21:56:21.0506 5296 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:56:21.0526 5296 fdc - ok
21:56:21.0546 5296 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:56:21.0576 5296 fdPHost - ok
21:56:21.0596 5296 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:56:21.0626 5296 FDResPub - ok
21:56:21.0646 5296 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:56:21.0656 5296 FileInfo - ok
21:56:21.0676 5296 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:56:21.0706 5296 Filetrace - ok
21:56:21.0726 5296 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:56:21.0736 5296 flpydisk - ok
21:56:21.0796 5296 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:56:21.0816 5296 FltMgr - ok
21:56:21.0896 5296 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
21:56:21.0926 5296 FontCache - ok
21:56:21.0986 5296 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:56:21.0996 5296 FontCache3.0.0.0 - ok
21:56:22.0006 5296 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:56:22.0016 5296 FsDepends - ok
21:56:22.0046 5296 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:56:22.0056 5296 Fs_Rec - ok
21:56:22.0086 5296 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:56:22.0106 5296 fvevol - ok
21:56:22.0136 5296 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:56:22.0146 5296 gagp30kx - ok
21:56:22.0176 5296 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:56:22.0196 5296 gpsvc - ok
21:56:22.0336 5296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:56:22.0336 5296 gupdate - ok
21:56:22.0346 5296 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:56:22.0346 5296 gupdatem - ok
21:56:22.0396 5296 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
21:56:22.0406 5296 hamachi - ok
21:56:22.0436 5296 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:56:22.0446 5296 hcw85cir - ok
21:56:22.0536 5296 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:56:22.0556 5296 HdAudAddService - ok
21:56:22.0586 5296 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:56:22.0596 5296 HDAudBus - ok
21:56:22.0606 5296 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:56:22.0616 5296 HidBatt - ok
21:56:22.0636 5296 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:56:22.0656 5296 HidBth - ok
21:56:22.0676 5296 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:56:22.0686 5296 HidIr - ok
21:56:22.0686 5296 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:56:22.0716 5296 hidserv - ok
21:56:22.0736 5296 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:56:22.0746 5296 HidUsb - ok
21:56:22.0776 5296 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:56:22.0806 5296 hkmsvc - ok
21:56:22.0826 5296 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:56:22.0846 5296 HomeGroupListener - ok
21:56:22.0896 5296 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:56:22.0906 5296 HomeGroupProvider - ok
21:56:22.0916 5296 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:56:22.0926 5296 HpSAMD - ok
21:56:22.0966 5296 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:56:23.0006 5296 HTTP - ok
21:56:23.0026 5296 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:56:23.0036 5296 hwpolicy - ok
21:56:23.0046 5296 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:56:23.0056 5296 i8042prt - ok
21:56:23.0106 5296 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:56:23.0126 5296 iaStorV - ok
21:56:23.0256 5296 [ F85EB9654B4C771470CD13A0A170D3B9 ] IBUpdaterService C:\Windows\system32\dmwu.exe
21:56:23.0286 5296 IBUpdaterService - ok
21:56:23.0376 5296 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:56:23.0376 5296 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:56:23.0376 5296 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:56:23.0496 5296 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:56:23.0526 5296 idsvc - ok
21:56:23.0526 5296 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:56:23.0536 5296 iirsp - ok
21:56:23.0616 5296 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:56:23.0656 5296 IKEEXT - ok
21:56:23.0676 5296 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:56:23.0686 5296 intelide - ok
21:56:23.0706 5296 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:56:23.0716 5296 intelppm - ok
21:56:23.0746 5296 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:56:23.0776 5296 IPBusEnum - ok
21:56:23.0776 5296 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:56:23.0806 5296 IpFilterDriver - ok
21:56:23.0826 5296 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:56:23.0836 5296 IPMIDRV - ok
21:56:23.0846 5296 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:56:23.0876 5296 IPNAT - ok
21:56:23.0896 5296 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:56:23.0916 5296 IRENUM - ok
21:56:23.0936 5296 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:56:23.0946 5296 isapnp - ok
21:56:23.0966 5296 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:56:23.0976 5296 iScsiPrt - ok
21:56:23.0986 5296 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:56:23.0996 5296 kbdclass - ok
21:56:24.0026 5296 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:56:24.0036 5296 kbdhid - ok
21:56:24.0046 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
21:56:24.0056 5296 KeyIso - ok
21:56:24.0076 5296 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:56:24.0086 5296 KSecDD - ok
21:56:24.0106 5296 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:56:24.0116 5296 KSecPkg - ok
21:56:24.0116 5296 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:56:24.0156 5296 ksthunk - ok
21:56:24.0166 5296 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:56:24.0206 5296 KtmRm - ok
21:56:24.0276 5296 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:56:24.0316 5296 LanmanServer - ok
21:56:24.0356 5296 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:56:24.0386 5296 LanmanWorkstation - ok
21:56:24.0406 5296 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:56:24.0436 5296 lltdio - ok
21:56:24.0456 5296 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:56:24.0486 5296 lltdsvc - ok
21:56:24.0496 5296 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:56:24.0526 5296 lmhosts - ok
21:56:24.0566 5296 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:56:24.0576 5296 LSI_FC - ok
21:56:24.0576 5296 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:56:24.0586 5296 LSI_SAS - ok
21:56:24.0596 5296 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:56:24.0606 5296 LSI_SAS2 - ok
21:56:24.0606 5296 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:56:24.0616 5296 LSI_SCSI - ok
21:56:24.0636 5296 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:56:24.0666 5296 luafv - ok
21:56:24.0696 5296 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:56:24.0716 5296 Mcx2Svc - ok
21:56:24.0726 5296 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:56:24.0736 5296 megasas - ok
21:56:24.0746 5296 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:56:24.0766 5296 MegaSR - ok
21:56:25.0016 5296 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:56:25.0026 5296 Microsoft Office Groove Audit Service - ok
21:56:25.0046 5296 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:56:25.0076 5296 MMCSS - ok
21:56:25.0076 5296 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:56:25.0116 5296 Modem - ok
21:56:25.0136 5296 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:56:25.0146 5296 monitor - ok
21:56:25.0166 5296 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:56:25.0176 5296 mouclass - ok
21:56:25.0196 5296 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:56:25.0206 5296 mouhid - ok
21:56:25.0216 5296 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:56:25.0226 5296 mountmgr - ok
21:56:25.0236 5296 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:56:25.0246 5296 mpio - ok
21:56:25.0256 5296 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:56:25.0286 5296 mpsdrv - ok
21:56:25.0306 5296 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:56:25.0316 5296 MRxDAV - ok
21:56:25.0356 5296 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:56:25.0386 5296 mrxsmb - ok
21:56:25.0426 5296 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:56:25.0436 5296 mrxsmb10 - ok
21:56:25.0446 5296 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:56:25.0456 5296 mrxsmb20 - ok
21:56:25.0476 5296 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:56:25.0486 5296 msahci - ok
21:56:25.0496 5296 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:56:25.0516 5296 msdsm - ok
21:56:25.0526 5296 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:56:25.0536 5296 MSDTC - ok
21:56:25.0576 5296 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:56:25.0606 5296 Msfs - ok
21:56:25.0626 5296 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:56:25.0656 5296 mshidkmdf - ok
21:56:25.0656 5296 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:56:25.0666 5296 msisadrv - ok
21:56:25.0726 5296 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:56:25.0756 5296 MSiSCSI - ok
21:56:25.0756 5296 msiserver - ok
21:56:25.0786 5296 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:56:25.0816 5296 MSKSSRV - ok
21:56:25.0906 5296 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:56:25.0936 5296 MSPCLOCK - ok
21:56:25.0946 5296 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:56:25.0976 5296 MSPQM - ok
21:56:25.0996 5296 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:56:26.0016 5296 MsRPC - ok
21:56:26.0016 5296 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:56:26.0026 5296 mssmbios - ok
21:56:26.0046 5296 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:56:26.0076 5296 MSTEE - ok
21:56:26.0086 5296 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:56:26.0096 5296 MTConfig - ok
21:56:26.0136 5296 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
21:56:26.0156 5296 MTsensor - ok
21:56:26.0176 5296 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:56:26.0186 5296 Mup - ok
21:56:26.0236 5296 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:56:26.0316 5296 napagent - ok
21:56:26.0356 5296 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:56:26.0376 5296 NativeWifiP - ok
21:56:26.0406 5296 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:56:26.0436 5296 NDIS - ok
21:56:26.0456 5296 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:56:26.0486 5296 NdisCap - ok
21:56:26.0496 5296 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:56:26.0526 5296 NdisTapi - ok
21:56:26.0536 5296 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:56:26.0576 5296 Ndisuio - ok
21:56:26.0576 5296 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:56:26.0616 5296 NdisWan - ok
21:56:26.0616 5296 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:56:26.0646 5296 NDProxy - ok
21:56:26.0656 5296 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:56:26.0686 5296 NetBIOS - ok
21:56:26.0706 5296 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:56:26.0786 5296 NetBT - ok
21:56:26.0796 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
21:56:26.0806 5296 Netlogon - ok
21:56:26.0826 5296 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:56:26.0866 5296 Netman - ok
21:56:26.0906 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:56:26.0916 5296 NetMsmqActivator - ok
21:56:26.0926 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:56:26.0936 5296 NetPipeActivator - ok
21:56:26.0946 5296 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:56:26.0976 5296 netprofm - ok
21:56:26.0986 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:56:26.0996 5296 NetTcpActivator - ok
21:56:26.0996 5296 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:56:27.0006 5296 NetTcpPortSharing - ok
21:56:27.0006 5296 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:56:27.0016 5296 nfrd960 - ok
21:56:27.0036 5296 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:56:27.0066 5296 NlaSvc - ok
21:56:27.0076 5296 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:56:27.0106 5296 Npfs - ok
21:56:27.0106 5296 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:56:27.0146 5296 nsi - ok
21:56:27.0146 5296 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:56:27.0176 5296 nsiproxy - ok
21:56:27.0296 5296 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:56:27.0326 5296 Ntfs - ok
21:56:27.0356 5296 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:56:27.0386 5296 Null - ok
21:56:27.0466 5296 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:56:27.0476 5296 NVHDA - ok
21:56:27.0706 5296 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:56:27.0936 5296 nvlddmkm - ok
21:56:27.0966 5296 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:56:27.0976 5296 nvraid - ok
21:56:27.0996 5296 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:56:28.0016 5296 nvstor - ok
21:56:28.0116 5296 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
21:56:28.0136 5296 nvsvc - ok
21:56:28.0476 5296 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:56:28.0496 5296 nvUpdatusService - ok
21:56:28.0536 5296 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:56:28.0546 5296 nv_agp - ok
21:56:28.0686 5296 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:56:28.0706 5296 odserv - ok
21:56:28.0706 5296 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:56:28.0716 5296 ohci1394 - ok
21:56:28.0756 5296 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:56:28.0766 5296 ose - ok
21:56:28.0946 5296 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:56:29.0046 5296 osppsvc - ok
21:56:29.0076 5296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:56:29.0106 5296 p2pimsvc - ok
21:56:29.0116 5296 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:56:29.0126 5296 p2psvc - ok
21:56:29.0166 5296 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:56:29.0176 5296 Parport - ok
21:56:29.0226 5296 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:56:29.0236 5296 partmgr - ok
21:56:29.0286 5296 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:56:29.0306 5296 PcaSvc - ok
21:56:29.0326 5296 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:56:29.0346 5296 pci - ok
21:56:29.0386 5296 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:56:29.0396 5296 pciide - ok
21:56:29.0426 5296 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:56:29.0436 5296 pcmcia - ok
21:56:29.0446 5296 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:56:29.0456 5296 pcw - ok
21:56:29.0476 5296 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:56:29.0516 5296 PEAUTH - ok
21:56:29.0636 5296 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:56:29.0646 5296 PerfHost - ok
21:56:29.0706 5296 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:56:29.0756 5296 pla - ok
21:56:29.0936 5296 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:56:29.0956 5296 PlugPlay - ok
21:56:29.0986 5296 PnkBstrA - ok
21:56:30.0006 5296 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:56:30.0016 5296 PNRPAutoReg - ok
21:56:30.0026 5296 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:56:30.0036 5296 PNRPsvc - ok
21:56:30.0146 5296 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:56:30.0156 5296 Point64 - ok
21:56:30.0236 5296 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:56:30.0266 5296 PolicyAgent - ok
21:56:30.0316 5296 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:56:30.0346 5296 Power - ok
21:56:30.0366 5296 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:56:30.0396 5296 PptpMiniport - ok
21:56:30.0426 5296 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:56:30.0436 5296 Processor - ok
21:56:30.0496 5296 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
21:56:30.0526 5296 ProfSvc - ok
21:56:30.0546 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:56:30.0556 5296 ProtectedStorage - ok
21:56:30.0596 5296 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:56:30.0626 5296 Psched - ok
21:56:30.0696 5296 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:56:30.0736 5296 ql2300 - ok
21:56:30.0776 5296 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:56:30.0786 5296 ql40xx - ok
21:56:30.0836 5296 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:56:30.0856 5296 QWAVE - ok
21:56:30.0856 5296 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:56:30.0876 5296 QWAVEdrv - ok
21:56:30.0936 5296 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:56:30.0966 5296 RasAcd - ok
21:56:31.0006 5296 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:56:31.0036 5296 RasAgileVpn - ok
21:56:31.0036 5296 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:56:31.0066 5296 RasAuto - ok
21:56:31.0086 5296 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:56:31.0116 5296 Rasl2tp - ok
21:56:31.0136 5296 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:56:31.0176 5296 RasMan - ok
21:56:31.0176 5296 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:56:31.0216 5296 RasPppoe - ok
21:56:31.0226 5296 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:56:31.0256 5296 RasSstp - ok
21:56:31.0286 5296 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:56:31.0326 5296 rdbss - ok
21:56:31.0336 5296 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:56:31.0356 5296 rdpbus - ok
21:56:31.0396 5296 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:56:31.0436 5296 RDPCDD - ok
21:56:31.0446 5296 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:56:31.0476 5296 RDPENCDD - ok
21:56:31.0486 5296 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:56:31.0516 5296 RDPREFMP - ok
21:56:31.0566 5296 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:56:31.0606 5296 RDPWD - ok
21:56:31.0616 5296 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:56:31.0636 5296 rdyboost - ok
21:56:31.0736 5296 RelevantKnowledge - ok
21:56:31.0776 5296 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:56:31.0806 5296 RemoteAccess - ok
21:56:31.0866 5296 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:56:31.0896 5296 RemoteRegistry - ok
21:56:31.0906 5296 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:56:31.0936 5296 RpcEptMapper - ok
21:56:31.0956 5296 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:56:31.0966 5296 RpcLocator - ok
21:56:31.0976 5296 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:56:32.0016 5296 RpcSs - ok
21:56:32.0016 5296 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:56:32.0046 5296 rspndr - ok
21:56:32.0106 5296 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:56:32.0116 5296 RTL8167 - ok
21:56:32.0136 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
21:56:32.0146 5296 SamSs - ok
21:56:32.0176 5296 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:56:32.0186 5296 sbp2port - ok
21:56:32.0216 5296 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:56:32.0246 5296 SCardSvr - ok
21:56:32.0256 5296 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:56:32.0286 5296 scfilter - ok
21:56:32.0356 5296 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
21:56:32.0396 5296 Schedule - ok
21:56:32.0436 5296 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:56:32.0466 5296 SCPolicySvc - ok
21:56:32.0486 5296 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:56:32.0546 5296 SDRSVC - ok
21:56:32.0586 5296 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:56:32.0616 5296 secdrv - ok
21:56:32.0626 5296 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:56:32.0656 5296 seclogon - ok
21:56:32.0666 5296 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:56:32.0706 5296 SENS - ok
21:56:32.0706 5296 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:56:32.0736 5296 SensrSvc - ok
21:56:32.0786 5296 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:56:32.0796 5296 Serenum - ok
21:56:32.0806 5296 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:56:32.0816 5296 Serial - ok
21:56:32.0816 5296 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:56:32.0836 5296 sermouse - ok
21:56:32.0836 5296 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:56:32.0876 5296 SessionEnv - ok
21:56:32.0886 5296 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:56:32.0896 5296 sffdisk - ok
21:56:32.0906 5296 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:56:32.0926 5296 sffp_mmc - ok
21:56:32.0926 5296 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:56:32.0946 5296 sffp_sd - ok
21:56:32.0946 5296 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:56:32.0956 5296 sfloppy - ok
21:56:33.0066 5296 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:56:33.0096 5296 Sftfs - ok
21:56:33.0166 5296 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:56:33.0186 5296 sftlist - ok
21:56:33.0206 5296 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:56:33.0216 5296 Sftplay - ok
21:56:33.0216 5296 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:56:33.0226 5296 Sftredir - ok
21:56:33.0246 5296 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:56:33.0246 5296 Sftvol - ok
21:56:33.0256 5296 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:56:33.0266 5296 sftvsa - ok
21:56:33.0296 5296 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:56:33.0316 5296 ShellHWDetection - ok
21:56:33.0326 5296 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:56:33.0336 5296 SiSRaid2 - ok
21:56:33.0336 5296 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:56:33.0346 5296 SiSRaid4 - ok
21:56:33.0626 5296 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:56:33.0686 5296 Skype C2C Service - ok
21:56:33.0936 5296 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:56:33.0946 5296 SkypeUpdate - ok
21:56:33.0946 5296 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:56:33.0976 5296 Smb - ok
21:56:34.0036 5296 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:56:34.0046 5296 SNMPTRAP - ok
21:56:34.0056 5296 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:56:34.0066 5296 spldr - ok
21:56:34.0126 5296 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
21:56:34.0166 5296 Spooler - ok
21:56:34.0306 5296 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:56:34.0366 5296 sppsvc - ok
21:56:34.0376 5296 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:56:34.0406 5296 sppuinotify - ok
21:56:34.0476 5296 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:56:34.0516 5296 srv - ok
21:56:34.0536 5296 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:56:34.0556 5296 srv2 - ok
21:56:34.0576 5296 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:56:34.0586 5296 srvnet - ok
21:56:34.0626 5296 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:56:34.0656 5296 SSDPSRV - ok
21:56:34.0656 5296 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:56:34.0696 5296 SstpSvc - ok
21:56:34.0716 5296 Steam Client Service - ok
21:56:34.0796 5296 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:56:34.0816 5296 Stereo Service - ok
21:56:34.0866 5296 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:56:34.0876 5296 stexstor - ok
21:56:34.0986 5296 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:56:35.0016 5296 stisvc - ok
21:56:35.0026 5296 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:56:35.0036 5296 swenum - ok
21:56:35.0196 5296 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:56:35.0216 5296 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:56:35.0216 5296 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:56:35.0246 5296 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:56:35.0286 5296 swprv - ok
21:56:35.0316 5296 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:56:35.0346 5296 SysMain - ok
21:56:35.0366 5296 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:56:35.0386 5296 TabletInputService - ok
21:56:35.0386 5296 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:56:35.0426 5296 TapiSrv - ok
21:56:35.0436 5296 TBPanel - ok
21:56:35.0446 5296 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:56:35.0476 5296 TBS - ok
21:56:35.0566 5296 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:56:35.0606 5296 Tcpip - ok
21:56:35.0656 5296 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:56:35.0696 5296 TCPIP6 - ok
21:56:35.0706 5296 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:56:35.0736 5296 tcpipreg - ok
21:56:35.0786 5296 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:56:35.0806 5296 TDPIPE - ok
21:56:35.0866 5296 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:56:35.0896 5296 TDTCP - ok
21:56:35.0916 5296 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:56:35.0946 5296 tdx - ok
21:56:36.0326 5296 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
21:56:36.0396 5296 TeamViewer8 - ok
21:56:36.0436 5296 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:56:36.0446 5296 TermDD - ok
21:56:36.0476 5296 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:56:36.0516 5296 TermService - ok
21:56:36.0516 5296 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:56:36.0536 5296 Themes - ok
21:56:36.0566 5296 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:56:36.0596 5296 THREADORDER - ok
21:56:36.0616 5296 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:56:36.0646 5296 TrkWks - ok
21:56:36.0806 5296 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:56:36.0816 5296 TrustedInstaller - ok
21:56:36.0826 5296 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:56:36.0856 5296 tssecsrv - ok
21:56:36.0906 5296 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:56:36.0946 5296 tunnel - ok
21:56:36.0966 5296 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:56:36.0976 5296 uagp35 - ok
21:56:36.0996 5296 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:56:37.0036 5296 udfs - ok
21:56:37.0066 5296 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:56:37.0076 5296 UI0Detect - ok
21:56:37.0096 5296 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:56:37.0106 5296 uliagpkx - ok
21:56:37.0116 5296 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:56:37.0126 5296 umbus - ok
21:56:37.0156 5296 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:56:37.0166 5296 UmPass - ok
21:56:37.0186 5296 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:56:37.0216 5296 upnphost - ok
21:56:37.0286 5296 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:56:37.0296 5296 usbaudio - ok
21:56:37.0346 5296 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:56:37.0386 5296 usbccgp - ok
21:56:37.0416 5296 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:56:37.0426 5296 usbcir - ok
21:56:37.0446 5296 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:56:37.0466 5296 usbehci - ok
21:56:37.0486 5296 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:56:37.0496 5296 usbhub - ok
21:56:37.0506 5296 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:56:37.0516 5296 usbohci - ok
21:56:37.0546 5296 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:56:37.0566 5296 usbprint - ok
21:56:37.0626 5296 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:56:37.0636 5296 usbscan - ok
21:56:37.0666 5296 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:56:37.0736 5296 USBSTOR - ok
21:56:37.0746 5296 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:56:37.0756 5296 usbuhci - ok
21:56:37.0776 5296 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:56:37.0806 5296 UxSms - ok
21:56:37.0826 5296 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
21:56:37.0836 5296 VaultSvc - ok
21:56:37.0856 5296 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
21:56:37.0886 5296 VClone - ok
21:56:37.0916 5296 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:56:37.0926 5296 vdrvroot - ok
21:56:37.0956 5296 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:56:37.0976 5296 vds - ok
21:56:37.0996 5296 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:56:38.0006 5296 vga - ok
21:56:38.0006 5296 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:56:38.0036 5296 VgaSave - ok
21:56:38.0066 5296 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:56:38.0076 5296 vhdmp - ok
21:56:38.0086 5296 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:56:38.0096 5296 viaide - ok
21:56:38.0126 5296 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:56:38.0136 5296 volmgr - ok
21:56:38.0156 5296 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:56:38.0166 5296 volmgrx - ok
21:56:38.0256 5296 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:56:38.0276 5296 volsnap - ok
21:56:38.0326 5296 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:56:38.0346 5296 vsmraid - ok
21:56:38.0416 5296 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:56:38.0446 5296 VSS - ok
21:56:38.0506 5296 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:56:38.0516 5296 vwifibus - ok
21:56:38.0546 5296 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:56:38.0556 5296 vwififlt - ok
21:56:38.0566 5296 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:56:38.0576 5296 vwifimp - ok
21:56:38.0596 5296 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:56:38.0626 5296 W32Time - ok
21:56:38.0656 5296 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:56:38.0666 5296 WacomPen - ok
21:56:38.0686 5296 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:56:38.0716 5296 WANARP - ok
21:56:38.0726 5296 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:56:38.0756 5296 Wanarpv6 - ok
21:56:38.0816 5296 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:56:38.0856 5296 WatAdminSvc - ok
21:56:38.0886 5296 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:56:38.0986 5296 wbengine - ok
21:56:38.0986 5296 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:56:39.0006 5296 WbioSrvc - ok
21:56:39.0066 5296 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:56:39.0136 5296 wcncsvc - ok
21:56:39.0136 5296 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:56:39.0156 5296 WcsPlugInService - ok
21:56:39.0166 5296 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:56:39.0176 5296 Wd - ok
21:56:39.0226 5296 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:56:39.0246 5296 Wdf01000 - ok
21:56:39.0276 5296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:56:39.0296 5296 WdiServiceHost - ok
21:56:39.0296 5296 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:56:39.0316 5296 WdiSystemHost - ok
21:56:39.0476 5296 [ 9AE1DCBA82607B9722A1223129E9E066 ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
21:56:39.0486 5296 Web Assistant - ok
21:56:39.0526 5296 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
21:56:39.0556 5296 WebClient - ok
21:56:39.0586 5296 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:56:39.0626 5296 Wecsvc - ok
21:56:39.0636 5296 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:56:39.0666 5296 wercplsupport - ok
21:56:39.0676 5296 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:56:39.0706 5296 WerSvc - ok
21:56:39.0716 5296 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:56:39.0746 5296 WfpLwf - ok
21:56:39.0766 5296 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:56:39.0776 5296 WIMMount - ok
21:56:39.0786 5296 WinHttpAutoProxySvc - ok
21:56:39.0876 5296 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:56:39.0906 5296 Winmgmt - ok
21:56:39.0996 5296 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:56:40.0056 5296 WinRM - ok
21:56:40.0106 5296 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:56:40.0116 5296 WinUsb - ok
21:56:40.0166 5296 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:56:40.0186 5296 Wlansvc - ok
21:56:40.0396 5296 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:56:40.0446 5296 wlidsvc - ok
21:56:40.0496 5296 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
21:56:40.0506 5296 WmBEnum - ok
21:56:40.0596 5296 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
21:56:40.0596 5296 WmFilter - ok
21:56:40.0696 5296 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
21:56:40.0706 5296 WmHidLo - ok
21:56:40.0706 5296 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:56:40.0716 5296 WmiAcpi - ok
21:56:40.0756 5296 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:56:40.0766 5296 wmiApSrv - ok
21:56:40.0796 5296 WMPNetworkSvc - ok
21:56:40.0816 5296 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
21:56:40.0816 5296 WmVirHid - ok
21:56:40.0866 5296 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
21:56:40.0876 5296 WmXlCore - ok
21:56:40.0926 5296 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:56:40.0986 5296 WPCSvc - ok
21:56:41.0056 5296 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:56:41.0076 5296 WPDBusEnum - ok
21:56:41.0136 5296 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:56:41.0166 5296 ws2ifsl - ok
21:56:41.0166 5296 WSearch - ok
21:56:41.0216 5296 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:56:41.0246 5296 WudfPf - ok
21:56:41.0336 5296 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:56:41.0346 5296 WUDFRd - ok
21:56:41.0446 5296 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:56:41.0466 5296 wudfsvc - ok
21:56:41.0536 5296 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:56:41.0556 5296 WwanSvc - ok
21:56:41.0706 5296 X6va008 - ok
21:56:41.0786 5296 ================ Scan global ===============================
21:56:41.0866 5296 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:56:41.0926 5296 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
21:56:41.0936 5296 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
21:56:42.0016 5296 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:56:42.0066 5296 [ 50BEA589F7D7958BDD2528A8F69D05CC ] C:\Windows\system32\services.exe
21:56:42.0066 5296 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
21:56:42.0066 5296 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
21:56:42.0066 5296 ================ Scan MBR ==================================
21:56:42.0086 5296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:56:42.0296 5296 \Device\Harddisk0\DR0 - ok
21:56:42.0296 5296 ================ Scan VBR ==================================
21:56:42.0326 5296 [ 10606B300EF62A6B3BF768CB2918BFB4 ] \Device\Harddisk0\DR0\Partition1
21:56:42.0326 5296 \Device\Harddisk0\DR0\Partition1 - ok
21:56:42.0356 5296 [ 28C8F297807ECEEC4B5614AD17D23406 ] \Device\Harddisk0\DR0\Partition2
21:56:42.0356 5296 \Device\Harddisk0\DR0\Partition2 - ok
21:56:42.0356 5296 ============================================================
21:56:42.0356 5296 Scan finished
21:56:42.0356 5296 ============================================================
21:56:42.0366 0384 Detected object count: 3
21:56:42.0366 0384 Actual detected object count: 3
21:56:46.0596 0384 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:46.0596 0384 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:46.0596 0384 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:56:46.0596 0384 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:56:46.0706 0384 C:\Windows\system32\services.exe - copied to quarantine
21:56:49.0106 0384 C:\Windows\assembly\GAC_32\desktop.ini - copied to quarantine
21:56:49.0136 0384 C:\Windows\assembly\GAC_64\desktop.ini - copied to quarantine
21:56:49.0166 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\@ - copied to quarantine
21:56:49.0196 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@ - copied to quarantine
21:56:49.0236 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@ - copied to quarantine
21:56:49.0236 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde - copied to quarantine
21:56:49.0236 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287 - copied to quarantine
21:56:49.0246 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3 - copied to quarantine
21:56:49.0246 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000004.@ - copied to quarantine
21:56:49.0246 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000008.@ - copied to quarantine
21:56:49.0246 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\000000cb.@ - copied to quarantine
21:56:49.0246 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000000.@ - copied to quarantine
21:56:49.0256 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000032.@ - copied to quarantine
21:56:49.0256 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000064.@ - copied to quarantine
21:57:50.0347 0384 Backup copy not found, trying to cure infected file..
21:57:50.0347 0384 Cure success, using it..
21:57:50.0377 0384 C:\Windows\assembly\GAC_32\desktop.ini - will be deleted on reboot
21:57:50.0377 0384 C:\Windows\assembly\GAC_64\desktop.ini - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000004.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\00000008.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\000000cb.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000000.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000032.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\installer\{be18010e-094e-4b86-5849-11063d54af05}\U\80000064.@ - will be deleted on reboot
21:57:50.0407 0384 C:\Windows\system32\services.exe - will be cured on reboot
21:57:50.0407 0384 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Cure
21:59:38.0069 4620 Deinitialize success
Code:
ATTFilter 2:03:20.0889 3904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:03:21.0170 3904 ============================================================
22:03:21.0170 3904 Current date / time: 2013/06/30 22:03:21.0170
22:03:21.0170 3904 SystemInfo:
22:03:21.0170 3904
22:03:21.0170 3904 OS Version: 6.1.7600 ServicePack: 0.0
22:03:21.0170 3904 Product type: Workstation
22:03:21.0170 3904 ComputerName: PATRICK-PC
22:03:21.0170 3904 UserName: Patrick
22:03:21.0170 3904 Windows directory: C:\Windows
22:03:21.0170 3904 System windows directory: C:\Windows
22:03:21.0170 3904 Running under WOW64
22:03:21.0170 3904 Processor architecture: Intel x64
22:03:21.0170 3904 Number of processors: 4
22:03:21.0170 3904 Page size: 0x1000
22:03:21.0170 3904 Boot type: Normal boot
22:03:21.0170 3904 ============================================================
22:03:28.0923 3904 BG loaded
22:03:31.0295 3904 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:31.0341 3904 ============================================================
22:03:31.0341 3904 \Device\Harddisk0\DR0:
22:03:31.0373 3904 MBR partitions:
22:03:31.0373 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x5747C000
22:03:31.0373 3904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57544800, BlocksNum 0x57542800
22:03:31.0373 3904 ============================================================
22:03:32.0589 3904 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:34.0368 3904 D: <-> \Device\Harddisk0\DR0\Partition2
22:03:34.0368 3904 ============================================================
22:03:34.0368 3904 Initialize success
22:03:34.0368 3904 ============================================================
Geändert von Kagran (30.06.2013 um 21:19 Uhr) |
|
30.06.2013, 21:19
| #8 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 War zwar nicht gefragt, aber hier die Logfiles vom neuen Scan. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Patrick (administrator) on 30-06-2013 22:13:00
Running from C:\Users\Patrick\Desktop
Windows 7 Home Premium (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\system32\dmwu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Kaspersky Lab ZAO) C:\Users\Patrick\AppData\Local\Temp\73BCE242-0C93-4980-BE37-F2976E141541.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Take-Two Interactive Software, Inc.) C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_1_3_0\RGSC.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)
HKCU\...\Run: [AdobeBridge] [x]
HKCU\...\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A [2158592 2009-05-12] ()
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe" [x]
HKCU\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
HKCU\...\Run: [SearchProtect] C:\Users\Patrick\AppData\Roaming\SearchProtect\bin\cltmng.exe [x]
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-13] (Electronic Arts)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
MountPoints2: {472caee4-c6cc-11e1-a4a1-806e6f6e6963} - E:\autorun.exe
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [x]
HKLM-x32\...\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun [196784 2012-09-10] (OOO Industry)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-06-29] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: c:\progra~4\browse~1\261095~1.52\{c16c1~1\browse~1.dll [97280 2009-07-14] ()
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={317B9779-4C5B-11E2-BC07-958A15D29700}
HKLM-x32 SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
HKCU SearchScopes: DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=f45bfddc000000000000062127e9074d
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: No Name - {40c3cc16-7269-4b32-9531-17f2950fb06f} - No File
BHO-x32: SaveAs - {665AC9DA-6B9A-143E-6239-0B59E35A55E4} - C:\ProgramData\SaveAs\50d75f7471b2d.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default
FF user.js: detected! => C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: British English Dictionary (Updated) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\en-gb@flyingtophat.co.uk
FF Extension: No Name - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] C:\Program Files (x86)\RelevantKnowledge\firefox
FF Extension: RelevantKnowledge - C:\Program Files (x86)\RelevantKnowledge\firefox
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-06-29] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-06-29] (Avira Operations GmbH & Co. KG)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1455408 2013-04-07] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-24] ()
S2 RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe [162072 2013-04-04] (TMRG, Inc.)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-31] ()
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-29] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-30 21:56 - 2013-06-30 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-30 20:26 - 2013-06-30 21:54 - 00000000 ____D C:\Users\Patrick\Documents\SimCity 4
2013-06-30 20:14 - 2013-06-30 20:14 - 00000221 ____A C:\Users\Patrick\Desktop\SimCity 4 Deluxe.url
2013-06-30 19:23 - 2013-06-30 19:23 - 20258968 ____A (Acresso Software Inc. ) C:\Users\Patrick\Downloads\AS_OMSI_UPD_V104(1).exe
2013-06-30 17:23 - 2013-06-30 17:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Patrick\Desktop\tdsskiller.exe
2013-06-30 15:41 - 2013-06-30 15:42 - 00025483 ____A C:\Users\Patrick\Desktop\Addition.txt
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-30 12:05 - 2013-06-30 12:05 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 11:59 - 2013-06-30 22:01 - 00000424 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-28 19:01 - 2013-06-29 16:42 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\B1Toolbar
2013-06-26 14:12 - 2013-06-29 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:22 - 2013-06-27 17:38 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:26 - 2013-06-24 20:27 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:29 - 2013-06-24 14:32 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:16 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000543 ____A C:\Users\Public\Desktop\QSkope.lnk
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:05 - 2013-06-20 18:12 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:39 - 2013-06-17 21:11 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:35 - 2013-06-17 16:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:31 - 2013-06-17 16:33 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 18:37 - 2013-06-18 14:33 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 14:33 - 2013-06-08 15:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:27 - 2013-06-07 20:32 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 17:05 - 2013-06-06 20:06 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-04 17:27 - 2013-06-04 17:28 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
2013-06-02 20:02 - 2013-06-02 20:03 - 61189703 ____A C:\Users\Patrick\Downloads\Sea_Level_Addon_1.0.exe
2013-06-02 19:59 - 2013-06-02 19:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NASA
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\UpdatusUser\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\Patrick\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00000000 ____D C:\Program Files (x86)\NASA
2013-06-02 19:57 - 2013-06-02 19:58 - 16757793 ____A C:\Users\Patrick\Downloads\World_Wind_1.4.0_Full.exe
2013-06-02 13:55 - 2013-06-02 13:55 - 00017779 ____A C:\Users\Patrick\Downloads\mostwasted.zip
2013-05-31 20:49 - 2013-05-31 20:49 - 03819928 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.4_112.exe
==================== One Month Modified Files and Folders =======
2013-06-30 22:12 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-30 22:12 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-30 22:08 - 2012-07-05 20:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2013-06-30 22:06 - 2012-10-01 14:41 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Dropbox
2013-06-30 22:05 - 2012-12-24 13:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-06-30 22:05 - 2012-10-01 18:09 - 00000000 ___RD C:\Users\Patrick\Dropbox
2013-06-30 22:04 - 2012-07-18 11:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-30 22:02 - 2012-12-23 21:44 - 00000364 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-06-30 22:01 - 2013-06-30 11:59 - 00000424 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-30 22:01 - 2012-08-09 13:15 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-30 22:01 - 2012-07-20 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-30 22:01 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 22:01 - 2009-07-14 06:51 - 00078880 ____A C:\Windows\setupact.log
2013-06-30 22:00 - 2009-07-14 01:19 - 00328192 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2013-06-30 21:56 - 2013-06-30 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-30 21:54 - 2013-06-30 20:26 - 00000000 ____D C:\Users\Patrick\Documents\SimCity 4
2013-06-30 21:45 - 2012-08-09 13:15 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-30 21:42 - 2012-07-05 21:44 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 20:14 - 2013-06-30 20:14 - 00000221 ____A C:\Users\Patrick\Desktop\SimCity 4 Deluxe.url
2013-06-30 19:23 - 2013-06-30 19:23 - 20258968 ____A (Acresso Software Inc. ) C:\Users\Patrick\Downloads\AS_OMSI_UPD_V104(1).exe
2013-06-30 17:40 - 2012-07-21 17:58 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-30 17:24 - 2013-06-30 17:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Patrick\Desktop\tdsskiller.exe
2013-06-30 15:42 - 2013-06-30 15:41 - 00025483 ____A C:\Users\Patrick\Desktop\Addition.txt
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-30 12:11 - 2012-07-05 20:52 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2013-06-30 12:05 - 2013-06-30 12:05 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 12:02 - 2012-07-05 20:10 - 01675214 ____A C:\Windows\WindowsUpdate.log
2013-06-30 11:58 - 2012-07-07 12:31 - 00072734 ____A C:\Windows\PFRO.log
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:34 - 2012-08-12 21:58 - 00000000 ____D C:\Program Files (x86)\RelevantKnowledge
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 19:29 - 2012-07-06 15:40 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-06-29 18:36 - 2012-05-28 20:32 - 00000000 ___DC C:\tmp
2013-06-29 16:42 - 2013-06-28 19:01 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-06-29 16:08 - 2012-07-18 16:32 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 13:05 - 2013-06-26 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-29 11:04 - 2009-07-14 06:45 - 05230272 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-28 19:16 - 2012-07-05 20:47 - 00147064 ____A C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-28 15:38 - 2012-08-22 21:40 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\FileZilla
2013-06-28 09:29 - 2013-01-12 11:27 - 00000000 ____D C:\Users\Patrick\Desktop\OMSI #2
2013-06-27 17:39 - 2012-12-29 20:05 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.minecraft
2013-06-27 17:38 - 2013-06-25 17:22 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-27 17:38 - 2013-04-01 13:19 - 00000000 ____D C:\Users\Patrick\Desktop\Cities in Motion 2
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 17:39 - 2013-06-26 17:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\B1Toolbar
2013-06-26 14:09 - 2012-07-20 15:22 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-Targa-Format - Voreinstellungen
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ____D C:\ProgramData\Skype
2013-06-25 17:31 - 2012-10-12 17:14 - 02830848 __ASH C:\Users\Patrick\Documents\Thumbs.db
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-25 17:18 - 2012-07-05 20:31 - 00000000 ____D C:\users\Patrick
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:27 - 2013-06-24 20:26 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:35 - 2012-07-05 21:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 14:32 - 2013-06-24 14:29 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-21 18:57 - 2012-07-05 20:31 - 00000000 ____D C:\Users\Patrick\AppData\Local\VirtualStore
2013-06-20 18:12 - 2013-06-18 14:05 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:33 - 2013-06-08 18:37 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:18 - 2013-06-18 14:16 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000543 ____A C:\Users\Public\Desktop\QSkope.lnk
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:14 - 2012-07-06 17:05 - 00000000 ____D C:\Python26
2013-06-17 21:11 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:36 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:33 - 2013-06-17 16:31 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-16 11:17 - 2012-12-24 15:34 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-13 19:21 - 2010-09-14 16:21 - 00545218 ____A C:\Windows\DirectX.log
2013-06-13 19:02 - 2012-12-24 13:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-13 18:36 - 2012-12-24 13:26 - 00000000 ____D C:\Users\Patrick\AppData\Local\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-13 15:33 - 2012-07-21 17:57 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-06-13 14:14 - 2012-10-01 18:09 - 00001033 ____A C:\Users\Patrick\Desktop\Dropbox.lnk
2013-06-12 17:42 - 2012-07-05 21:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:42 - 2012-07-05 21:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 15:33 - 2013-06-08 14:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:32 - 2013-06-07 20:27 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 20:06 - 2013-06-06 17:05 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-06 17:06 - 2012-07-18 16:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Paint.NET
2013-06-04 17:28 - 2013-06-04 17:27 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
2013-06-02 20:03 - 2013-06-02 20:02 - 61189703 ____A C:\Users\Patrick\Downloads\Sea_Level_Addon_1.0.exe
2013-06-02 19:59 - 2013-06-02 19:59 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\NASA
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\UpdatusUser\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00002094 ____A C:\Users\Patrick\Desktop\World Wind 1.4.lnk
2013-06-02 19:58 - 2013-06-02 19:58 - 00000000 ____D C:\Program Files (x86)\NASA
2013-06-02 19:58 - 2013-06-02 19:57 - 16757793 ____A C:\Users\Patrick\Downloads\World_Wind_1.4.0_Full.exe
2013-06-02 13:55 - 2013-06-02 13:55 - 00017779 ____A C:\Users\Patrick\Downloads\mostwasted.zip
2013-05-31 20:51 - 2012-12-24 15:35 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-31 20:51 - 2012-12-24 14:13 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-31 20:50 - 2012-12-24 14:13 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-31 20:49 - 2013-05-31 20:49 - 03819928 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.4_112.exe
2013-05-31 14:17 - 2012-07-24 12:33 - 00000000 ____D C:\Users\Patrick\Desktop\OMSI
ZeroAccess:
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3
Files to move or delete:
====================
C:\Users\Public\AutoUpdate.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 2F46C1760C531EB2B181F9076E552E8A ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 17:37
==================== End Of Log ============================
TDSSKiller Code:
ATTFilter 22:03:20.0889 3904 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:03:21.0170 3904 ============================================================
22:03:21.0170 3904 Current date / time: 2013/06/30 22:03:21.0170
22:03:21.0170 3904 SystemInfo:
22:03:21.0170 3904
22:03:21.0170 3904 OS Version: 6.1.7600 ServicePack: 0.0
22:03:21.0170 3904 Product type: Workstation
22:03:21.0170 3904 ComputerName: PATRICK-PC
22:03:21.0170 3904 UserName: Patrick
22:03:21.0170 3904 Windows directory: C:\Windows
22:03:21.0170 3904 System windows directory: C:\Windows
22:03:21.0170 3904 Running under WOW64
22:03:21.0170 3904 Processor architecture: Intel x64
22:03:21.0170 3904 Number of processors: 4
22:03:21.0170 3904 Page size: 0x1000
22:03:21.0170 3904 Boot type: Normal boot
22:03:21.0170 3904 ============================================================
22:03:28.0923 3904 BG loaded
22:03:31.0295 3904 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:31.0341 3904 ============================================================
22:03:31.0341 3904 \Device\Harddisk0\DR0:
22:03:31.0373 3904 MBR partitions:
22:03:31.0373 3904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x5747C000
22:03:31.0373 3904 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x57544800, BlocksNum 0x57542800
22:03:31.0373 3904 ============================================================
22:03:32.0589 3904 C: <-> \Device\Harddisk0\DR0\Partition1
22:03:34.0368 3904 D: <-> \Device\Harddisk0\DR0\Partition2
22:03:34.0368 3904 ============================================================
22:03:34.0368 3904 Initialize success
22:03:34.0368 3904 ============================================================
22:11:22.0420 4228 ============================================================
22:11:22.0420 4228 Scan started
22:11:22.0420 4228 Mode: Manual;
22:11:22.0420 4228 ============================================================
22:11:24.0542 4228 ================ Scan system memory ========================
22:11:24.0542 4228 System memory - ok
22:11:24.0542 4228 ================ Scan services =============================
22:11:25.0571 4228 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:11:25.0618 4228 1394ohci - ok
22:11:25.0665 4228 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:11:25.0665 4228 ACPI - ok
22:11:25.0680 4228 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:11:25.0680 4228 AcpiPmi - ok
22:11:26.0320 4228 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:11:26.0320 4228 AdobeARMservice - ok
22:11:26.0788 4228 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:11:26.0788 4228 AdobeFlashPlayerUpdateSvc - ok
22:11:26.0897 4228 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:11:26.0913 4228 adp94xx - ok
22:11:27.0053 4228 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:11:27.0069 4228 adpahci - ok
22:11:27.0100 4228 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:11:27.0100 4228 adpu320 - ok
22:11:27.0178 4228 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:11:27.0178 4228 AeLookupSvc - ok
22:11:27.0256 4228 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:11:27.0256 4228 AFD - ok
22:11:27.0287 4228 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:11:27.0287 4228 agp440 - ok
22:11:27.0318 4228 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:11:27.0318 4228 ALG - ok
22:11:27.0334 4228 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:11:27.0334 4228 aliide - ok
22:11:27.0350 4228 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:11:27.0350 4228 amdide - ok
22:11:27.0381 4228 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:11:27.0412 4228 AmdK8 - ok
22:11:27.0443 4228 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:11:27.0443 4228 AmdPPM - ok
22:11:27.0490 4228 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:11:27.0490 4228 amdsata - ok
22:11:27.0521 4228 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:11:27.0537 4228 amdsbs - ok
22:11:27.0568 4228 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:11:27.0584 4228 amdxata - ok
22:11:28.0254 4228 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:11:28.0254 4228 AntiVirSchedulerService - ok
22:11:28.0380 4228 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:11:28.0380 4228 AntiVirService - ok
22:11:28.0458 4228 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:11:28.0458 4228 AppID - ok
22:11:28.0505 4228 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:11:28.0536 4228 AppIDSvc - ok
22:11:28.0552 4228 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:11:28.0552 4228 Appinfo - ok
22:11:28.0567 4228 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:11:28.0567 4228 arc - ok
22:11:28.0567 4228 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:11:28.0567 4228 arcsas - ok
22:11:29.0113 4228 aspnet_state - ok
22:11:29.0176 4228 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:29.0176 4228 AsyncMac - ok
22:11:29.0207 4228 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:11:29.0207 4228 atapi - ok
22:11:29.0566 4228 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:11:29.0581 4228 athr - ok
22:11:29.0737 4228 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:11:29.0737 4228 AtiPcie - ok
22:11:30.0143 4228 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:30.0143 4228 AudioEndpointBuilder - ok
22:11:30.0252 4228 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:11:30.0252 4228 AudioSrv - ok
22:11:30.0424 4228 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:11:30.0424 4228 avgntflt - ok
22:11:30.0471 4228 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:11:30.0471 4228 avipbb - ok
22:11:30.0611 4228 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:11:30.0611 4228 avkmgr - ok
22:11:30.0783 4228 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:11:30.0783 4228 AxInstSV - ok
22:11:30.0814 4228 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:11:30.0829 4228 b06bdrv - ok
22:11:31.0017 4228 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:11:31.0126 4228 b57nd60a - ok
22:11:31.0204 4228 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:11:31.0204 4228 BDESVC - ok
22:11:31.0235 4228 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:11:31.0235 4228 Beep - ok
22:11:31.0266 4228 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:31.0266 4228 blbdrive - ok
22:11:31.0344 4228 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:11:31.0344 4228 bowser - ok
22:11:31.0407 4228 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:31.0422 4228 BrFiltLo - ok
22:11:31.0438 4228 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:31.0438 4228 BrFiltUp - ok
22:11:31.0500 4228 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:11:31.0500 4228 Browser - ok
22:11:31.0563 4228 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:11:31.0594 4228 Brserid - ok
22:11:31.0625 4228 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:31.0656 4228 BrSerWdm - ok
22:11:31.0672 4228 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:31.0672 4228 BrUsbMdm - ok
22:11:31.0687 4228 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:31.0687 4228 BrUsbSer - ok
22:11:31.0719 4228 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:31.0719 4228 BTHMODEM - ok
22:11:31.0765 4228 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:11:31.0797 4228 bthserv - ok
22:11:31.0797 4228 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:11:31.0797 4228 cdfs - ok
22:11:31.0828 4228 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:11:31.0828 4228 cdrom - ok
22:11:31.0875 4228 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:11:31.0875 4228 CertPropSvc - ok
22:11:31.0890 4228 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:11:31.0890 4228 circlass - ok
22:11:31.0999 4228 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:11:32.0046 4228 CLFS - ok
22:11:32.0077 4228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:32.0077 4228 clr_optimization_v2.0.50727_32 - ok
22:11:32.0484 4228 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:11:32.0531 4228 clr_optimization_v2.0.50727_64 - ok
22:11:32.0874 4228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:33.0092 4228 clr_optimization_v4.0.30319_32 - ok
22:11:33.0155 4228 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:11:33.0202 4228 clr_optimization_v4.0.30319_64 - ok
22:11:33.0202 4228 CltMngSvc - ok
22:11:33.0280 4228 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:33.0295 4228 CmBatt - ok
22:11:33.0326 4228 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:11:33.0326 4228 cmdide - ok
22:11:33.0514 4228 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:11:33.0545 4228 CNG - ok
22:11:33.0592 4228 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:11:33.0592 4228 Compbatt - ok
22:11:33.0623 4228 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:11:33.0623 4228 CompositeBus - ok
22:11:33.0623 4228 COMSysApp - ok
22:11:33.0638 4228 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:33.0638 4228 crcdisk - ok
22:11:33.0748 4228 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:11:33.0748 4228 CryptSvc - ok
22:11:34.0591 4228 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:11:34.0591 4228 cvhsvc - ok
22:11:34.0700 4228 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
22:11:34.0700 4228 dc3d - ok
22:11:35.0106 4228 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:11:35.0106 4228 DcomLaunch - ok
22:11:35.0246 4228 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:11:35.0277 4228 defragsvc - ok
22:11:35.0340 4228 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:11:35.0340 4228 DfsC - ok
22:11:35.0605 4228 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:11:35.0605 4228 Dhcp - ok
22:11:35.0683 4228 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:11:35.0683 4228 discache - ok
22:11:35.0714 4228 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:11:35.0714 4228 Disk - ok
22:11:35.0761 4228 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:11:35.0761 4228 Dnscache - ok
22:11:35.0870 4228 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:11:35.0901 4228 dot3svc - ok
22:11:35.0917 4228 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:11:35.0917 4228 DPS - ok
22:11:35.0995 4228 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:11:36.0011 4228 drmkaud - ok
22:11:36.0073 4228 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:11:36.0089 4228 DXGKrnl - ok
22:11:36.0120 4228 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:11:36.0120 4228 E1G60 - ok
22:11:36.0135 4228 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:11:36.0135 4228 EapHost - ok
22:11:36.0402 4228 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:11:36.0511 4228 ebdrv - ok
22:11:36.0589 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:11:36.0589 4228 EFS - ok
22:11:37.0291 4228 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:11:37.0306 4228 ehRecvr - ok
22:11:37.0384 4228 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:11:37.0384 4228 ehSched - ok
22:11:37.0712 4228 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:11:37.0743 4228 elxstor - ok
22:11:37.0790 4228 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:11:37.0806 4228 ErrDev - ok
22:11:37.0837 4228 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:11:37.0852 4228 EventSystem - ok
22:11:37.0899 4228 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:11:37.0899 4228 exfat - ok
22:11:37.0946 4228 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:11:37.0962 4228 fastfat - ok
22:11:37.0993 4228 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:11:38.0008 4228 Fax - ok
22:11:38.0024 4228 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:11:38.0055 4228 fdc - ok
22:11:38.0071 4228 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:11:38.0071 4228 fdPHost - ok
22:11:38.0102 4228 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:11:38.0102 4228 FDResPub - ok
22:11:38.0133 4228 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:11:38.0149 4228 FileInfo - ok
22:11:38.0180 4228 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:11:38.0180 4228 Filetrace - ok
22:11:38.0196 4228 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:38.0196 4228 flpydisk - ok
22:11:38.0227 4228 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:11:38.0227 4228 FltMgr - ok
22:11:38.0632 4228 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:11:38.0726 4228 FontCache - ok
22:11:38.0835 4228 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:11:38.0835 4228 FontCache3.0.0.0 - ok
22:11:38.0866 4228 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:11:38.0882 4228 FsDepends - ok
22:11:38.0913 4228 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:11:38.0913 4228 Fs_Rec - ok
22:11:38.0991 4228 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:11:38.0991 4228 fvevol - ok
22:11:39.0022 4228 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:39.0022 4228 gagp30kx - ok
22:11:39.0210 4228 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:11:39.0225 4228 gpsvc - ok
22:11:39.0428 4228 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:11:39.0428 4228 gupdate - ok
22:11:39.0459 4228 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:11:39.0459 4228 gupdatem - ok
22:11:39.0490 4228 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:11:39.0490 4228 hamachi - ok
22:11:39.0553 4228 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:11:39.0568 4228 hcw85cir - ok
22:11:39.0615 4228 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:39.0615 4228 HdAudAddService - ok
22:11:39.0662 4228 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:11:39.0662 4228 HDAudBus - ok
22:11:39.0678 4228 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:39.0678 4228 HidBatt - ok
22:11:39.0709 4228 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:11:39.0709 4228 HidBth - ok
22:11:39.0724 4228 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:11:39.0724 4228 HidIr - ok
22:11:39.0724 4228 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:11:39.0724 4228 hidserv - ok
22:11:39.0787 4228 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:11:39.0787 4228 HidUsb - ok
22:11:39.0849 4228 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:11:39.0896 4228 hkmsvc - ok
22:11:39.0974 4228 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:11:39.0990 4228 HomeGroupListener - ok
22:11:40.0021 4228 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:11:40.0021 4228 HomeGroupProvider - ok
22:11:40.0052 4228 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:11:40.0068 4228 HpSAMD - ok
22:11:40.0099 4228 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:11:40.0114 4228 HTTP - ok
22:11:40.0177 4228 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:11:40.0224 4228 hwpolicy - ok
22:11:40.0239 4228 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:11:40.0239 4228 i8042prt - ok
22:11:40.0442 4228 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:11:40.0520 4228 iaStorV - ok
22:11:40.0614 4228 [ F85EB9654B4C771470CD13A0A170D3B9 ] IBUpdaterService C:\Windows\system32\dmwu.exe
22:11:40.0629 4228 IBUpdaterService - ok
22:11:40.0848 4228 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:11:40.0879 4228 IDriverT - ok
22:11:41.0331 4228 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:11:41.0394 4228 idsvc - ok
22:11:41.0409 4228 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:11:41.0409 4228 iirsp - ok
22:11:41.0551 4228 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:11:41.0566 4228 IKEEXT - ok
22:11:41.0597 4228 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:11:41.0597 4228 intelide - ok
22:11:41.0691 4228 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:11:41.0691 4228 intelppm - ok
22:11:41.0722 4228 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:11:41.0738 4228 IPBusEnum - ok
22:11:41.0738 4228 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:41.0738 4228 IpFilterDriver - ok
22:11:41.0769 4228 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:11:41.0769 4228 IPMIDRV - ok
22:11:41.0769 4228 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:11:41.0769 4228 IPNAT - ok
22:11:41.0816 4228 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:11:41.0816 4228 IRENUM - ok
22:11:41.0831 4228 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:11:41.0831 4228 isapnp - ok
22:11:41.0894 4228 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:11:41.0941 4228 iScsiPrt - ok
22:11:41.0972 4228 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:41.0972 4228 kbdclass - ok
22:11:41.0972 4228 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:11:41.0972 4228 kbdhid - ok
22:11:41.0987 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:11:41.0987 4228 KeyIso - ok
22:11:42.0019 4228 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:11:42.0019 4228 KSecDD - ok
22:11:42.0034 4228 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:11:42.0050 4228 KSecPkg - ok
22:11:42.0050 4228 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:11:42.0050 4228 ksthunk - ok
22:11:42.0175 4228 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:11:42.0206 4228 KtmRm - ok
22:11:42.0331 4228 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:11:42.0346 4228 LanmanServer - ok
22:11:44.0920 4228 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:44.0936 4228 LanmanWorkstation - ok
22:11:45.0887 4228 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:11:45.0887 4228 lltdio - ok
22:11:46.0371 4228 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:11:46.0387 4228 lltdsvc - ok
22:11:46.0480 4228 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:11:46.0496 4228 lmhosts - ok
22:11:46.0575 4228 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:46.0622 4228 LSI_FC - ok
22:11:46.0668 4228 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:46.0700 4228 LSI_SAS - ok
22:11:46.0731 4228 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:46.0746 4228 LSI_SAS2 - ok
22:11:46.0809 4228 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:46.0809 4228 LSI_SCSI - ok
22:11:46.0840 4228 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:11:46.0840 4228 luafv - ok
22:11:46.0887 4228 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:11:46.0887 4228 Mcx2Svc - ok
22:11:46.0887 4228 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:11:46.0887 4228 megasas - ok
22:11:46.0965 4228 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:46.0996 4228 MegaSR - ok
22:11:47.0901 4228 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:11:47.0963 4228 Microsoft Office Groove Audit Service - ok
22:11:48.0604 4228 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:11:48.0604 4228 MMCSS - ok
22:11:48.0635 4228 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:11:48.0635 4228 Modem - ok
22:11:48.0713 4228 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:11:48.0713 4228 monitor - ok
22:11:48.0729 4228 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:11:48.0729 4228 mouclass - ok
22:11:48.0775 4228 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:11:48.0775 4228 mouhid - ok
22:11:48.0838 4228 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:11:48.0838 4228 mountmgr - ok
22:11:48.0963 4228 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:11:49.0072 4228 mpio - ok
22:11:49.0103 4228 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:11:49.0103 4228 mpsdrv - ok
22:11:50.0039 4228 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:11:50.0086 4228 MRxDAV - ok
22:11:50.0164 4228 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:50.0164 4228 mrxsmb - ok
22:11:50.0491 4228 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:50.0491 4228 mrxsmb10 - ok
22:11:50.0554 4228 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:50.0554 4228 mrxsmb20 - ok
22:11:50.0647 4228 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:11:50.0647 4228 msahci - ok
22:11:50.0710 4228 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:11:50.0741 4228 msdsm - ok
22:11:50.0897 4228 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:11:50.0913 4228 MSDTC - ok
22:11:50.0959 4228 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:11:50.0959 4228 Msfs - ok
22:11:51.0006 4228 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:11:51.0006 4228 mshidkmdf - ok
22:11:51.0006 4228 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:11:51.0006 4228 msisadrv - ok
22:11:51.0069 4228 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:11:51.0084 4228 MSiSCSI - ok
22:11:51.0084 4228 msiserver - ok
22:11:51.0209 4228 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:11:51.0256 4228 MSKSSRV - ok
22:11:51.0318 4228 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:51.0365 4228 MSPCLOCK - ok
22:11:51.0443 4228 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:11:51.0443 4228 MSPQM - ok
22:11:51.0537 4228 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:11:51.0630 4228 MsRPC - ok
22:11:51.0693 4228 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:11:51.0693 4228 mssmbios - ok
22:11:51.0849 4228 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:11:51.0864 4228 MSTEE - ok
22:11:51.0927 4228 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:52.0005 4228 MTConfig - ok
22:11:52.0098 4228 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:11:52.0098 4228 MTsensor - ok
22:11:52.0129 4228 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:11:52.0129 4228 Mup - ok
22:11:52.0410 4228 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:11:52.0488 4228 napagent - ok
22:11:52.0629 4228 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:11:52.0629 4228 NativeWifiP - ok
22:11:52.0660 4228 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:11:52.0675 4228 NDIS - ok
22:11:52.0707 4228 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:52.0753 4228 NdisCap - ok
22:11:52.0769 4228 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:52.0769 4228 NdisTapi - ok
22:11:52.0769 4228 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:52.0769 4228 Ndisuio - ok
22:11:52.0847 4228 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:52.0847 4228 NdisWan - ok
22:11:52.0894 4228 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:11:52.0894 4228 NDProxy - ok
22:11:52.0925 4228 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:11:52.0925 4228 NetBIOS - ok
22:11:53.0003 4228 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:11:53.0003 4228 NetBT - ok
22:11:53.0034 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:11:53.0034 4228 Netlogon - ok
22:11:53.0097 4228 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:11:53.0097 4228 Netman - ok
22:11:53.0143 4228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:53.0221 4228 NetMsmqActivator - ok
22:11:53.0284 4228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:53.0284 4228 NetPipeActivator - ok
22:11:53.0393 4228 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:11:53.0409 4228 netprofm - ok
22:11:53.0440 4228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:53.0440 4228 NetTcpActivator - ok
22:11:53.0611 4228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:11:53.0611 4228 NetTcpPortSharing - ok
22:11:53.0674 4228 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:53.0689 4228 nfrd960 - ok
22:11:53.0705 4228 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:11:53.0721 4228 NlaSvc - ok
22:11:53.0736 4228 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:11:53.0736 4228 Npfs - ok
22:11:53.0783 4228 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:11:53.0783 4228 nsi - ok
22:11:53.0861 4228 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:11:53.0861 4228 nsiproxy - ok
22:11:54.0641 4228 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:11:54.0657 4228 Ntfs - ok
22:11:54.0672 4228 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:11:54.0672 4228 Null - ok
22:11:54.0750 4228 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:11:54.0750 4228 NVHDA - ok
22:11:58.0433 4228 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:11:58.0480 4228 nvlddmkm - ok
22:11:58.0589 4228 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:11:58.0604 4228 nvraid - ok
22:11:58.0730 4228 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:11:58.0777 4228 nvstor - ok
22:11:58.0949 4228 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
22:11:58.0964 4228 nvsvc - ok
22:11:59.0136 4228 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:11:59.0151 4228 nvUpdatusService - ok
22:11:59.0276 4228 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:11:59.0292 4228 nv_agp - ok
22:11:59.0651 4228 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:59.0666 4228 odserv - ok
22:11:59.0697 4228 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:11:59.0713 4228 ohci1394 - ok
22:11:59.0791 4228 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:59.0807 4228 ose - ok
22:12:00.0384 4228 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:12:00.0431 4228 osppsvc - ok
22:12:00.0555 4228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:12:00.0587 4228 p2pimsvc - ok
22:12:00.0665 4228 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:12:00.0680 4228 p2psvc - ok
22:12:00.0743 4228 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:12:00.0758 4228 Parport - ok
22:12:00.0805 4228 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:12:00.0836 4228 partmgr - ok
22:12:00.0945 4228 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:12:00.0945 4228 PcaSvc - ok
22:12:01.0070 4228 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:12:01.0070 4228 pci - ok
22:12:01.0086 4228 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:12:01.0086 4228 pciide - ok
22:12:01.0101 4228 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:12:01.0101 4228 pcmcia - ok
22:12:01.0133 4228 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:12:01.0148 4228 pcw - ok
22:12:01.0179 4228 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:12:01.0195 4228 PEAUTH - ok
22:12:01.0460 4228 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:12:01.0476 4228 PerfHost - ok
22:12:01.0538 4228 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:12:01.0569 4228 pla - ok
22:12:01.0710 4228 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:12:01.0710 4228 PlugPlay - ok
22:12:01.0741 4228 PnkBstrA - ok
22:12:01.0757 4228 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:12:01.0772 4228 PNRPAutoReg - ok
22:12:01.0881 4228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:12:01.0897 4228 PNRPsvc - ok
22:12:02.0069 4228 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
22:12:02.0069 4228 Point64 - ok
22:12:02.0131 4228 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:12:02.0178 4228 PolicyAgent - ok
22:12:02.0240 4228 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:12:02.0240 4228 Power - ok
22:12:02.0287 4228 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:12:02.0287 4228 PptpMiniport - ok
22:12:02.0309 4228 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:12:02.0329 4228 Processor - ok
22:12:02.0409 4228 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:12:02.0409 4228 ProfSvc - ok
22:12:02.0429 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:12:02.0429 4228 ProtectedStorage - ok
22:12:02.0459 4228 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:12:02.0459 4228 Psched - ok
22:12:02.0719 4228 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:12:02.0749 4228 ql2300 - ok
22:12:02.0789 4228 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:12:02.0789 4228 ql40xx - ok
22:12:02.0819 4228 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:12:02.0829 4228 QWAVE - ok
22:12:02.0849 4228 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:12:02.0849 4228 QWAVEdrv - ok
22:12:02.0879 4228 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:12:02.0879 4228 RasAcd - ok
22:12:02.0929 4228 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:12:02.0929 4228 RasAgileVpn - ok
22:12:02.0959 4228 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:12:02.0989 4228 RasAuto - ok
22:12:03.0009 4228 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:12:03.0019 4228 Rasl2tp - ok
22:12:03.0109 4228 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:12:03.0119 4228 RasMan - ok
22:12:03.0119 4228 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:12:03.0119 4228 RasPppoe - ok
22:12:03.0129 4228 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:12:03.0129 4228 RasSstp - ok
22:12:03.0179 4228 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:12:03.0179 4228 rdbss - ok
22:12:03.0249 4228 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:12:03.0289 4228 rdpbus - ok
22:12:03.0369 4228 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:12:03.0369 4228 RDPCDD - ok
22:12:03.0379 4228 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:12:03.0379 4228 RDPENCDD - ok
22:12:03.0419 4228 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:12:03.0419 4228 RDPREFMP - ok
22:12:03.0850 4228 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:12:03.0850 4228 RDPWD - ok
22:12:03.0880 4228 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:12:03.0880 4228 rdyboost - ok
22:12:04.0020 4228 RelevantKnowledge - ok
22:12:04.0060 4228 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:12:04.0060 4228 RemoteAccess - ok
22:12:04.0090 4228 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:12:04.0100 4228 RemoteRegistry - ok
22:12:04.0100 4228 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:12:04.0100 4228 RpcEptMapper - ok
22:12:04.0120 4228 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:12:04.0120 4228 RpcLocator - ok
22:12:04.0150 4228 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:12:04.0150 4228 RpcSs - ok
22:12:04.0170 4228 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:12:04.0170 4228 rspndr - ok
22:12:04.0270 4228 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:12:04.0280 4228 RTL8167 - ok
22:12:04.0310 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:12:04.0310 4228 SamSs - ok
22:12:04.0330 4228 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:12:04.0340 4228 sbp2port - ok
22:12:04.0370 4228 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:12:04.0380 4228 SCardSvr - ok
22:12:04.0400 4228 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:12:04.0410 4228 scfilter - ok
22:12:04.0550 4228 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:12:04.0560 4228 Schedule - ok
22:12:04.0650 4228 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:12:04.0660 4228 SCPolicySvc - ok
22:12:04.0690 4228 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:12:04.0690 4228 SDRSVC - ok
22:12:04.0710 4228 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:12:04.0720 4228 secdrv - ok
22:12:04.0750 4228 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:12:04.0780 4228 seclogon - ok
22:12:04.0810 4228 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:12:04.0810 4228 SENS - ok
22:12:04.0840 4228 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:12:04.0850 4228 SensrSvc - ok
22:12:04.0910 4228 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:12:04.0910 4228 Serenum - ok
22:12:04.0980 4228 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:12:04.0980 4228 Serial - ok
22:12:05.0070 4228 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:12:05.0100 4228 sermouse - ok
22:12:05.0170 4228 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:12:05.0170 4228 SessionEnv - ok
22:12:05.0200 4228 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:12:05.0220 4228 sffdisk - ok
22:12:05.0290 4228 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:12:05.0360 4228 sffp_mmc - ok
22:12:05.0390 4228 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:12:05.0410 4228 sffp_sd - ok
22:12:05.0440 4228 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:12:05.0460 4228 sfloppy - ok
22:12:05.0640 4228 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:12:05.0640 4228 Sftfs - ok
22:12:06.0310 4228 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:12:06.0310 4228 sftlist - ok
22:12:06.0440 4228 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:12:06.0440 4228 Sftplay - ok
22:12:06.0450 4228 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:12:06.0460 4228 Sftredir - ok
22:12:06.0560 4228 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:12:06.0570 4228 Sftvol - ok
22:12:06.0660 4228 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:12:06.0660 4228 sftvsa - ok
22:12:06.0700 4228 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:12:06.0700 4228 ShellHWDetection - ok
22:12:06.0720 4228 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:12:06.0720 4228 SiSRaid2 - ok
22:12:06.0730 4228 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:12:06.0730 4228 SiSRaid4 - ok
22:12:08.0180 4228 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:12:08.0200 4228 Skype C2C Service - ok
22:12:08.0330 4228 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:12:08.0330 4228 SkypeUpdate - ok
22:12:08.0410 4228 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:12:08.0410 4228 Smb - ok
22:12:08.0460 4228 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:12:08.0460 4228 SNMPTRAP - ok
22:12:08.0520 4228 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:12:08.0530 4228 spldr - ok
22:12:08.0640 4228 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:12:08.0640 4228 Spooler - ok
22:12:09.0420 4228 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:12:09.0450 4228 sppsvc - ok
22:12:09.0480 4228 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:12:09.0540 4228 sppuinotify - ok
22:12:09.0720 4228 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:12:09.0730 4228 srv - ok
22:12:09.0770 4228 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:12:09.0780 4228 srv2 - ok
22:12:09.0960 4228 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:12:09.0960 4228 srvnet - ok
22:12:10.0050 4228 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:12:10.0050 4228 SSDPSRV - ok
22:12:10.0320 4228 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:12:10.0370 4228 SstpSvc - ok
22:12:10.0420 4228 Steam Client Service - ok
22:12:10.0680 4228 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:12:10.0680 4228 Stereo Service - ok
22:12:10.0750 4228 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:12:10.0800 4228 stexstor - ok
22:12:11.0370 4228 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:12:11.0380 4228 stisvc - ok
22:12:11.0420 4228 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:12:11.0420 4228 swenum - ok
22:12:11.0900 4228 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:12:11.0900 4228 SwitchBoard - ok
22:12:12.0430 4228 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:12:12.0440 4228 swprv - ok
22:12:12.0660 4228 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:12:12.0680 4228 SysMain - ok
22:12:12.0730 4228 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:12:12.0740 4228 TabletInputService - ok
22:12:12.0810 4228 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:12:12.0810 4228 TapiSrv - ok
22:12:12.0840 4228 TBPanel - ok
22:12:12.0850 4228 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:12:12.0850 4228 TBS - ok
22:12:13.0180 4228 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:12:13.0200 4228 Tcpip - ok
22:12:13.0240 4228 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:12:13.0240 4228 TCPIP6 - ok
22:12:13.0360 4228 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:12:13.0360 4228 tcpipreg - ok
22:12:13.0500 4228 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:12:13.0520 4228 TDPIPE - ok
22:12:13.0610 4228 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:12:13.0610 4228 TDTCP - ok
22:12:13.0680 4228 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:12:13.0680 4228 tdx - ok
22:12:15.0280 4228 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
22:12:15.0300 4228 TeamViewer8 - ok
22:12:15.0460 4228 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:12:15.0460 4228 TermDD - ok
22:12:15.0520 4228 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:12:15.0540 4228 TermService - ok
22:12:15.0550 4228 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:12:15.0550 4228 Themes - ok
22:12:15.0580 4228 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:12:15.0580 4228 THREADORDER - ok
22:12:15.0600 4228 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:12:15.0600 4228 TrkWks - ok
22:12:16.0680 4228 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:12:16.0700 4228 TrustedInstaller - ok
22:12:16.0740 4228 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:12:16.0750 4228 tssecsrv - ok
22:12:16.0790 4228 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:12:16.0790 4228 tunnel - ok
22:12:16.0810 4228 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:12:16.0830 4228 uagp35 - ok
22:12:16.0860 4228 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:12:16.0870 4228 udfs - ok
22:12:16.0910 4228 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:12:16.0940 4228 UI0Detect - ok
22:12:16.0980 4228 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:12:16.0980 4228 uliagpkx - ok
22:12:16.0990 4228 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:12:16.0990 4228 umbus - ok
22:12:17.0040 4228 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:12:17.0040 4228 UmPass - ok
22:12:17.0150 4228 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:12:17.0160 4228 upnphost - ok
22:12:17.0270 4228 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:12:17.0270 4228 usbaudio - ok
22:12:17.0330 4228 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:12:17.0340 4228 usbccgp - ok
22:12:17.0380 4228 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:12:17.0390 4228 usbcir - ok
22:12:17.0430 4228 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:12:17.0430 4228 usbehci - ok
22:12:18.0120 4228 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:12:18.0120 4228 usbhub - ok
22:12:18.0260 4228 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:12:18.0320 4228 usbohci - ok
22:12:18.0350 4228 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:12:18.0350 4228 usbprint - ok
22:12:18.0380 4228 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:12:18.0380 4228 usbscan - ok
22:12:18.0410 4228 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:12:18.0410 4228 USBSTOR - ok
22:12:18.0440 4228 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:12:18.0450 4228 usbuhci - ok
22:12:18.0490 4228 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:12:18.0490 4228 UxSms - ok
22:12:18.0510 4228 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:12:18.0510 4228 VaultSvc - ok
22:12:18.0560 4228 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
22:12:18.0560 4228 VClone - ok
22:12:18.0590 4228 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:12:18.0590 4228 vdrvroot - ok
22:12:18.0890 4228 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:12:18.0920 4228 vds - ok
22:12:18.0960 4228 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:18.0970 4228 vga - ok
22:12:18.0980 4228 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:12:18.0980 4228 VgaSave - ok
22:12:19.0070 4228 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:12:19.0130 4228 vhdmp - ok
22:12:19.0150 4228 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:12:19.0160 4228 viaide - ok
22:12:19.0200 4228 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:12:19.0240 4228 volmgr - ok
22:12:19.0310 4228 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:12:19.0350 4228 volmgrx - ok
22:12:19.0670 4228 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:12:19.0700 4228 volsnap - ok
22:12:19.0780 4228 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:12:19.0800 4228 vsmraid - ok
22:12:20.0150 4228 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:12:20.0220 4228 VSS - ok
22:12:20.0280 4228 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:12:20.0280 4228 vwifibus - ok
22:12:20.0340 4228 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:12:20.0340 4228 vwififlt - ok
22:12:20.0430 4228 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:12:20.0430 4228 vwifimp - ok
22:12:20.0470 4228 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:12:20.0470 4228 W32Time - ok
22:12:20.0490 4228 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:12:20.0510 4228 WacomPen - ok
22:12:20.0530 4228 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:12:20.0530 4228 WANARP - ok
22:12:20.0540 4228 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:12:20.0540 4228 Wanarpv6 - ok
22:12:20.0610 4228 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:12:20.0630 4228 WatAdminSvc - ok
22:12:20.0730 4228 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:12:20.0770 4228 wbengine - ok
22:12:20.0780 4228 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:12:20.0780 4228 WbioSrvc - ok
22:12:20.0920 4228 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:12:20.0960 4228 wcncsvc - ok
22:12:20.0960 4228 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:12:20.0970 4228 WcsPlugInService - ok
22:12:20.0990 4228 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:12:20.0990 4228 Wd - ok
22:12:21.0320 4228 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:12:21.0330 4228 Wdf01000 - ok
22:12:21.0350 4228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:12:21.0350 4228 WdiServiceHost - ok
22:12:21.0350 4228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:12:21.0350 4228 WdiSystemHost - ok
22:12:21.0620 4228 [ 9AE1DCBA82607B9722A1223129E9E066 ] Web Assistant C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
22:12:21.0620 4228 Web Assistant - ok
22:12:21.0800 4228 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:12:21.0810 4228 WebClient - ok
22:12:21.0850 4228 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:12:21.0850 4228 Wecsvc - ok
22:12:21.0860 4228 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:12:21.0860 4228 wercplsupport - ok
22:12:21.0930 4228 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:12:21.0930 4228 WerSvc - ok
22:12:21.0970 4228 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:12:21.0970 4228 WfpLwf - ok
22:12:21.0990 4228 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:12:22.0010 4228 WIMMount - ok
22:12:22.0030 4228 WinHttpAutoProxySvc - ok
22:12:22.0230 4228 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:12:22.0240 4228 Winmgmt - ok
22:12:22.0660 4228 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:12:22.0680 4228 WinRM - ok
22:12:22.0850 4228 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:12:22.0880 4228 WinUsb - ok
22:12:22.0910 4228 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:12:22.0920 4228 Wlansvc - ok
22:12:23.0310 4228 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:12:23.0330 4228 wlidsvc - ok
22:12:23.0430 4228 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
22:12:23.0430 4228 WmBEnum - ok
22:12:23.0470 4228 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
22:12:23.0490 4228 WmFilter - ok
22:12:23.0530 4228 [ AC4331AF118A720F13C9C5CABBFE27BD ] WmHidLo C:\Windows\system32\drivers\WmHidLo.sys
22:12:23.0540 4228 WmHidLo - ok
22:12:23.0560 4228 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:12:23.0570 4228 WmiAcpi - ok
22:12:23.0640 4228 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:12:23.0660 4228 wmiApSrv - ok
22:12:23.0730 4228 WMPNetworkSvc - ok
22:12:23.0850 4228 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
22:12:23.0850 4228 WmVirHid - ok
22:12:23.0900 4228 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
22:12:23.0900 4228 WmXlCore - ok
22:12:23.0940 4228 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:12:23.0960 4228 WPCSvc - ok
22:12:23.0980 4228 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:12:23.0980 4228 WPDBusEnum - ok
22:12:24.0020 4228 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:12:24.0040 4228 ws2ifsl - ok
22:12:24.0040 4228 WSearch - ok
22:12:24.0070 4228 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:12:24.0070 4228 WudfPf - ok
22:12:24.0140 4228 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:24.0140 4228 WUDFRd - ok
22:12:24.0220 4228 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:12:24.0220 4228 wudfsvc - ok
22:12:24.0470 4228 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:12:24.0500 4228 WwanSvc - ok
22:12:24.0740 4228 X6va008 - ok
22:12:24.0790 4228 ================ Scan global ===============================
22:12:24.0870 4228 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:12:25.0140 4228 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:12:25.0240 4228 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
22:12:25.0330 4228 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:12:25.0480 4228 [ 2F46C1760C531EB2B181F9076E552E8A ] C:\Windows\system32\services.exe
22:12:25.0490 4228 [Global] - ok
22:12:25.0490 4228 ================ Scan MBR ==================================
22:12:25.0850 4228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:12:28.0960 4228 \Device\Harddisk0\DR0 - ok
22:12:28.0960 4228 ================ Scan VBR ==================================
22:12:28.0980 4228 [ 10606B300EF62A6B3BF768CB2918BFB4 ] \Device\Harddisk0\DR0\Partition1
22:12:28.0990 4228 \Device\Harddisk0\DR0\Partition1 - ok
22:12:29.0030 4228 [ 28C8F297807ECEEC4B5614AD17D23406 ] \Device\Harddisk0\DR0\Partition2
22:12:29.0030 4228 \Device\Harddisk0\DR0\Partition2 - ok
22:12:29.0030 4228 ============================================================
22:12:29.0030 4228 Scan finished
22:12:29.0030 4228 ============================================================
22:12:29.0040 2948 Detected object count: 0
22:12:29.0040 2948 Actual detected object count: 0
|
|
01.07.2013, 08:07
| #9 | |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 HI, Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.07.2013, 10:16
| #10 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312Code:
ATTFilter ComboFix 13-06-30.01 - Patrick 01.07.2013 10:42:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.43.1031.18.8183.6272 [GMT 2:00]
ausgeführt von:: c:\users\Patrick\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\MW
c:\program files (x86)\MW\TGATool2\TGATool2A.exe
c:\program files (x86)\MW\TGATool2\unins000.dat
c:\program files (x86)\MW\TGATool2\unins000.exe
c:\program files (x86)\RelevantKnowledge
c:\program files (x86)\RelevantKnowledge\asmcf.dat
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\components\rlxg.dll
c:\program files (x86)\RelevantKnowledge\firefox\bootstrap.js
c:\program files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js
c:\program files (x86)\RelevantKnowledge\firefox\harness-options.json
c:\program files (x86)\RelevantKnowledge\firefox\install.rdf
c:\program files (x86)\RelevantKnowledge\firefox\locale\en-GB.json
c:\program files (x86)\RelevantKnowledge\firefox\locale\eo.json
c:\program files (x86)\RelevantKnowledge\firefox\locale\fr-FR.json
c:\program files (x86)\RelevantKnowledge\firefox\locales.json
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\file.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\list.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\process.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\system.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\url.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js
c:\program files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\rlcm.crx
c:\program files (x86)\RelevantKnowledge\rlcm.txt
c:\program files (x86)\RelevantKnowledge\rlls.dll
c:\program files (x86)\RelevantKnowledge\rlls64.dll
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\rlph.dll
c:\program files (x86)\RelevantKnowledge\rlservice.exe
c:\program files (x86)\RelevantKnowledge\rlvknlg64.exe
c:\program files (x86)\RelevantKnowledge\rlxf.dll
c:\program files (x86)\RelevantKnowledge\shfscp.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\1964.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\_tempDescriptors.XML
D:\install.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-01 bis 2013-07-01 ))))))))))))))))))))))))))))))
.
.
2013-07-01 08:59 . 2013-07-01 08:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-01 08:59 . 2013-07-01 08:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 19:56 . 2013-06-30 19:56 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-30 13:38 . 2013-06-30 13:38 -------- d-----w- C:\FRST
2013-06-30 10:05 . 2013-07-01 08:34 83672 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-29 19:32 . 2013-06-29 19:32 -------- d-----w- c:\users\Patrick\AppData\Roaming\Avira
2013-06-29 19:30 . 2013-06-29 19:30 -------- d-----w- c:\programdata\Avira
2013-06-29 19:30 . 2013-06-29 19:30 -------- d-----w- c:\program files (x86)\Avira
2013-06-29 19:30 . 2013-06-29 19:30 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-06-29 19:30 . 2013-06-29 19:30 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-06-29 19:30 . 2013-06-29 19:30 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-06-26 15:39 . 2013-06-26 15:39 -------- d-----w- c:\users\Patrick\AppData\Roaming\B1Toolbar
2013-06-25 15:22 . 2013-06-27 15:38 -------- d-----w- c:\users\Patrick\AppData\Roaming\maps4cim
2013-06-18 12:34 . 2013-06-18 12:34 -------- d-----w- c:\users\Patrick\AppData\Local\Firaxis Games
2013-06-18 12:18 . 2013-06-18 12:18 -------- d-----w- c:\program files (x86)\Granny Viewer
2013-06-18 12:16 . 2013-06-18 12:18 -------- d-----w- c:\program files (x86)\NifTools
2013-06-18 12:14 . 2013-06-18 12:14 -------- d-----w- c:\program files (x86)\PyFFI
2013-06-17 14:48 . 2013-06-12 13:31 1223168 ----a-w- c:\program files (x86)\MSBuild\Firaxis\ModBuddy\7z.dll
2013-06-17 14:48 . 2013-06-12 13:31 142336 ----a-w- c:\program files (x86)\MSBuild\Firaxis\ModBuddy\SevenZipSharp.dll
2013-06-17 14:48 . 2013-06-12 13:31 25600 ----a-w- c:\program files (x86)\MSBuild\Firaxis\ModBuddy\ModBuddy.Civ5ModBuildTasks.dll
2013-06-17 14:39 . 2013-06-17 14:39 -------- d-----w- c:\users\Patrick\AppData\Roaming\Firaxis
2013-06-17 14:39 . 2013-06-17 14:39 -------- d-----w- c:\users\Patrick\AppData\Local\Firaxis
2013-06-17 14:39 . 2013-06-17 14:39 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-06-17 14:38 . 2013-06-17 14:38 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2013-06-17 14:36 . 2013-06-17 14:36 -------- d-----w- c:\windows\SysWow64\1033
2013-06-17 14:35 . 2013-06-17 14:35 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-06-17 14:35 . 2013-06-17 14:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2013-06-17 14:35 . 2013-06-17 14:35 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2013-06-08 16:38 . 2013-06-08 16:38 -------- d-----w- c:\users\Patrick\AppData\Local\My Games
2013-06-08 12:33 . 2013-06-08 13:33 -------- d-----w- C:\HammerAutosave
2013-06-02 17:59 . 2013-06-02 17:59 -------- d-----w- c:\users\Patrick\AppData\Roaming\NASA
2013-06-02 17:58 . 2013-06-02 17:58 -------- d-----w- c:\program files (x86)\NASA
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-17 14:37 . 2013-06-17 14:37 84192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-06-12 15:42 . 2012-07-05 19:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 15:42 . 2012-07-05 19:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-31 18:51 . 2012-12-24 13:35 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-31 18:51 . 2012-12-24 12:13 291088 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-31 18:50 . 2012-12-24 12:13 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-17 07:09 . 2013-05-17 07:09 644400 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2013-05-11 08:27 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-19 17:11 . 2013-04-19 17:11 1841475 ----a-w- c:\windows\MapCreator 2 Uninstaller.exe
2013-04-07 08:54 . 2013-02-28 14:25 1455408 ----a-w- c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2013-02-28 14:25 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-31 12:28 170840 ----a-w- c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{665AC9DA-6B9A-143E-6239-0B59E35A55E4}]
2012-12-23 19:45 118272 ----a-w- c:\programdata\SaveAs\50d75f7471b2d.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2009-05-12 2158592]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-06-06 1641896]
"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-12 306088]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-13 3456080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-07-01 345144]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 15:42]
.
2013-07-01 c:\windows\Tasks\AmiUpdXp.job
- c:\users\Patrick\AppData\Local\SwvUpdater\Updater.exe [2012-12-23 14:29]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 11:15]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 11:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={317B9779-4C5B-11E2-BC07-958A15D29700}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013
IE: Free YouTube to MP3 Converter - c:\users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013
FF - ExtSQL: 2013-06-08 17:18; en-gb@flyingtophat.co.uk; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\extensions\en-gb@flyingtophat.co.uk
FF - ExtSQL: 2013-06-29 15:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyLZyQ75r&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - f45bfddc000000000000062127e9074d
FF - user.js: extensions.incredibar_i.instlDay - 15576
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1412:17
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyLZyQ75r
FF - user.js: extensions.incredibar_i.upn2n - 92261985463428109
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
FF - user.js: extentions.y2layers.installId - 41c6e747-56c5-437b-a32b-c68bd43e29f0
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f45bfddc000000000000062127e9074d
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15753
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:57
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Patrick\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-SearchProtect - c:\users\Patrick\AppData\Roaming\SearchProtect\bin\cltmng.exe
Wow6432Node-HKLM-Run-SearchProtectAll - c:\program files (x86)\SearchProtect\bin\cltmng.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-20838287.sys
WebBrowser-{40C3CC16-7269-4B32-9531-17F2950FB06F} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-SearchProtect - c:\program files (x86)\SearchProtect\bin\uninstall.exe
AddRemove-TGATool2A_is1 - c:\program files (x86)\MW\TGATool2\unins000.exe
AddRemove-Unity - c:\program files (x86)\Unity\Editor\Uninstall.exe
AddRemove-[Sound Mod] Reality Sound Mod (RSM) for Cities In Motion 1.0.10 - c:\program files (x86)\Steam\SteamApps\common\cities in motion\Cities In Motion\RSMuninstall.exe
AddRemove-BVE Millenniumi Földalatti Vasút - c:\users\Patrick\Desktop\OpenBVE\UserData\UninstM1.exe
AddRemove-Route_Riter v7.5 - c:\program files (x86)\Route_Riter\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-782762324-3358802095-2333334879-1000\Software\SecuROM\License information*]
"datasecu"=hex:8a,c6,be,b8,40,0e,c2,23,a2,61,27,7f,f2,9e,8c,06,aa,0d,f0,fd,0c,
e6,85,76,55,79,2c,c0,c3,58,25,5d,06,71,b7,7a,4d,35,04,e3,39,6d,f3,56,b1,ea,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-01 11:14:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-01 09:14
.
Vor Suchlauf: 33 Verzeichnis(se), 207.764.045.824 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 230.738.976.768 Bytes frei
.
- - End Of File - - 1650D50DC7040D816D458AF1E9B54C4C
A36C5E4F47E84449FF07ED3517B43A31
|
|
01.07.2013, 12:52
| #11 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST Log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2013, 11:18
| #12 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312Code:
ATTFilter # AdwCleaner v2.303 - Datei am 03/07/2013 um 11:47:00 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Patrick - PATRICK-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Patrick\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : CltMngSvc
Gestoppt & Gelöscht : IBUpdaterService
Gestoppt & Gelöscht : Web Assistant
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Gophoto.it
Ordner Gelöscht : C:\Program Files (x86)\Red Sky
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\TornTV.com
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Ordner Gelöscht : C:\ProgramData\SaveAs
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Patrick\AppData\Local\DownTango
Ordner Gelöscht : C:\Users\Patrick\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Patrick\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Patrick\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Patrick\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Patrick\AppData\LocalLow\SaveAs
Ordner Gelöscht : C:\Users\Patrick\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\B1Toolbar
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\jetpack
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Smartbar
Ordner Gelöscht : C:\Users\Patrick\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Ordner Gelöscht : C:\Windows\SysWOW64\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{665AC9DA-6B9A-143E-6239-0B59E35A55E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{665AC9DA-6B9A-143E-6239-0B59E35A55E4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\d2db8be268b812
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{665AC9DA-6B9A-143E-6239-0B59E35A55E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\d2db8be268b812
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\egfpkcbgnbnnpmgojfdpnlofifjpjepj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{665AC9DA-6B9A-143E-6239-0B59E35A55E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=hp&installDate=03/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=f917b994-198f-4386-905a-6206f067468e&searchtype=ds&q={searchTerms}&installDate=03/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={317B9779-4C5B-11E2-BC07-958A15D29700} --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\prefs.js
C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=[...]
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.id", "f45bfddc000000000000062127e9074d");
Gelöscht : user_pref("extensions.delta.instlDay", "15753");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.017:57:14");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10643");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "f45bfddc000000000000062127e9074d");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15576");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "1");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLZyQ75r&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyLZyQ75r");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261985463428109");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:17:18");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "41c6e747-56c5-437b-a32b-c68bd43e29f0");
*************************
AdwCleaner[S1].txt - [21816 octets] - [03/07/2013 11:47:00]
########## EOF - C:\AdwCleaner[S1].txt - [21877 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Patrick on 03.07.2013 at 12:03:20,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-782762324-3358802095-2333334879-1000\software\web assistant"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Patrick\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}
Emptied folder: C:\Users\Patrick\AppData\Roaming\mozilla\firefox\profiles\ph0grm69.default\minidumps [198 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.07.2013 at 12:13:36,37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01
Ran by Patrick (administrator) on 03-07-2013 12:14:08
Running from C:\Users\Patrick\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\Vtune\TBPANEL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dropbox, Inc.) C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\program files (x86)\avira\antivir desktop\ipmGui.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)
HKCU\...\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe /A [2158592 2009-05-12] ()
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1641896 2013-06-07] (Valve Corporation)
HKCU\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [306088 2008-12-12] (Take-Two Interactive Software, Inc.)
HKCU\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3456080 2013-06-13] (Electronic Arts)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Policies\system: [DisableRegistryTools] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345144 2013-07-01] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Deutsches Wörterbuch, erweitert für Österreich - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\de-AT@dictionaries.addons.mozilla.org
FF Extension: British English Dictionary (Updated) - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\en-gb@flyingtophat.co.uk
FF Extension: No Name - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\ph0grm69.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-01] (Avira Operations GmbH & Co. KG)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-12-24] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-06-29] (Avira Operations GmbH & Co. KG)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-03 12:13 - 2013-07-03 12:13 - 00001457 ____A C:\Users\Patrick\Desktop\JRT.txt
2013-07-03 12:03 - 2013-07-03 12:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 12:02 - 2013-07-03 12:02 - 00000000 ____D C:\JRT
2013-07-03 12:01 - 2013-07-03 12:02 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Patrick\Desktop\JRT.exe
2013-07-03 11:47 - 2013-07-03 11:49 - 00021907 ____A C:\AdwCleaner[S1].txt
2013-07-03 11:43 - 2013-07-03 11:43 - 00648201 ____A C:\Users\Patrick\Desktop\adwcleaner.exe
2013-07-02 16:40 - 2013-07-02 18:35 - 00000000 ____D C:\Users\Patrick\Desktop\Unnötiges (NICHT LÖSCHEN)
2013-07-02 13:15 - 2013-07-02 13:15 - 00000000 ____D C:\Windows\System32\SPReview
2013-07-02 13:14 - 2013-07-02 13:14 - 00000000 ____D C:\Windows\System32\EventProviders
2013-07-02 13:12 - 2013-02-22 08:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-02 13:12 - 2013-02-22 08:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-02 13:12 - 2013-02-22 08:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-02 13:12 - 2013-02-22 08:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-02 13:12 - 2013-02-22 08:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-02 13:12 - 2013-02-22 08:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-07-02 13:12 - 2013-02-22 08:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-07-02 13:12 - 2013-02-22 08:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-02 13:12 - 2013-02-22 08:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-02 13:12 - 2013-02-22 08:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-07-02 13:12 - 2013-02-22 08:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-07-02 13:12 - 2013-02-22 08:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-02 13:12 - 2013-02-22 08:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-02 13:12 - 2013-02-22 08:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-07-02 13:12 - 2013-02-22 08:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-02 13:12 - 2013-02-22 08:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-02 13:12 - 2013-02-22 06:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-02 13:12 - 2013-02-22 05:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-02 13:12 - 2013-02-22 05:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-02 13:12 - 2013-02-22 05:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-02 13:12 - 2013-02-22 05:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-02 13:12 - 2013-02-22 05:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-02 13:12 - 2013-02-22 05:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-02 13:12 - 2013-02-22 05:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-02 13:12 - 2013-02-22 05:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-02 13:12 - 2013-02-22 05:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-02 13:12 - 2013-02-22 05:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-02 13:12 - 2013-02-22 05:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-02 13:12 - 2013-02-22 05:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-02 13:12 - 2013-02-22 05:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-02 13:12 - 2013-02-22 05:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-02 13:12 - 2013-02-22 05:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-02 13:07 - 2013-07-02 13:08 - 03378079 ____A C:\Users\Patrick\Downloads\Stadtbus305Templates.zip
2013-07-01 21:55 - 2013-07-01 21:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-01 21:55 - 2013-07-01 21:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-01 21:53 - 2013-07-01 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-01 21:53 - 2013-07-01 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-01 21:52 - 2013-07-01 21:52 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-07-01 21:52 - 2013-07-01 21:52 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-07-01 21:11 - 2013-07-01 21:11 - 08898902 ____A C:\Users\Patrick\Downloads\SC4BATInstaller.zip
2013-07-01 21:11 - 2013-07-01 21:11 - 00001160 ____A C:\Users\UpdatusUser\Desktop\SC4 Plug-in Manager.lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00001160 ____A C:\Users\Patrick\Desktop\SC4 Plug-in Manager.lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00000517 ____A C:\Users\UpdatusUser\Desktop\SC4 B.A.T..lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00000517 ____A C:\Users\Patrick\Desktop\SC4 B.A.T..lnk
2013-07-01 17:41 - 2013-07-01 17:41 - 00000000 ____D C:\Users\Patrick\Desktop\SimCity4
2013-07-01 11:38 - 2013-02-15 08:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-07-01 11:38 - 2013-02-15 08:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-07-01 11:38 - 2013-02-15 08:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-07-01 11:38 - 2013-02-15 06:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-07-01 11:38 - 2013-02-15 06:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-07-01 11:38 - 2013-02-15 05:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-07-01 11:38 - 2012-11-09 07:45 - 00750592 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-07-01 11:38 - 2012-11-09 06:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-07-01 11:37 - 2013-04-12 16:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-07-01 11:37 - 2013-03-01 05:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-01 11:37 - 2013-02-12 06:12 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-07-01 11:37 - 2013-01-04 07:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-07-01 11:37 - 2013-01-04 06:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-07-01 11:37 - 2013-01-04 04:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-07-01 11:37 - 2013-01-04 04:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-07-01 11:37 - 2013-01-04 04:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-07-01 11:37 - 2013-01-04 04:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-07-01 11:37 - 2012-11-22 07:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-07-01 11:37 - 2012-11-22 06:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-07-01 11:37 - 2012-11-20 07:48 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-07-01 11:37 - 2012-11-20 06:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-07-01 11:37 - 2012-11-01 07:43 - 02002432 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-07-01 11:37 - 2012-11-01 07:43 - 01882624 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-07-01 11:37 - 2012-11-01 06:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-07-01 11:37 - 2012-11-01 06:47 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-07-01 11:36 - 2013-01-03 08:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-07-01 11:36 - 2013-01-03 08:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-07-01 11:36 - 2012-12-07 15:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-07-01 11:36 - 2012-12-07 15:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-07-01 11:36 - 2012-12-07 14:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-07-01 11:36 - 2012-12-07 14:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-07-01 11:36 - 2012-12-07 13:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-07-01 11:36 - 2012-12-07 13:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-07-01 11:36 - 2012-12-07 13:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-07-01 11:36 - 2012-12-07 12:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-07-01 11:36 - 2012-08-22 20:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-07-01 11:35 - 2012-11-30 07:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-07-01 11:35 - 2012-11-30 07:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-07-01 11:35 - 2012-11-30 07:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-07-01 11:35 - 2012-11-30 07:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-07-01 11:35 - 2012-11-30 07:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-07-01 11:35 - 2012-11-30 07:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 07:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-07-01 11:35 - 2012-11-30 06:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 06:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 05:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-07-01 11:35 - 2012-11-30 04:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 04:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 04:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 04:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-07-01 11:35 - 2012-11-30 01:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-07-01 11:35 - 2012-11-30 01:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-07-01 11:34 - 2013-03-19 08:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-07-01 11:34 - 2013-03-19 07:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-07-01 11:34 - 2013-03-19 07:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-07-01 11:34 - 2013-03-19 07:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-07-01 11:34 - 2013-03-19 06:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-07-01 11:34 - 2013-03-19 05:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-07-01 11:34 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-07-01 11:14 - 2013-07-01 11:14 - 00035529 ____A C:\ComboFix.txt
2013-07-01 10:39 - 2013-07-01 11:15 - 00000000 ____D C:\ComboFix
2013-07-01 10:39 - 2013-07-01 11:14 - 00000000 ___AD C:\Qoobox
2013-07-01 10:39 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-01 10:39 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-01 10:39 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-01 10:39 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-01 10:39 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-01 10:39 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-01 10:39 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-01 10:39 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 10:38 - 2013-07-01 11:13 - 00000000 ____D C:\Windows\erdnt
2013-07-01 10:36 - 2013-07-01 10:36 - 05084517 ____R (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe
2013-06-30 21:56 - 2013-06-30 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-30 20:26 - 2013-07-02 21:26 - 00000000 ____D C:\Users\Patrick\Documents\SimCity 4
2013-06-30 20:14 - 2013-06-30 20:14 - 00000221 ____A C:\Users\Patrick\Desktop\SimCity 4 Deluxe.url
2013-06-30 19:23 - 2013-06-30 19:23 - 20258968 ____A (Acresso Software Inc. ) C:\Users\Patrick\Downloads\AS_OMSI_UPD_V104(1).exe
2013-06-30 17:23 - 2013-06-30 17:24 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Patrick\Desktop\tdsskiller.exe
2013-06-30 15:41 - 2013-06-30 15:42 - 00025483 ____A C:\Users\Patrick\Desktop\Addition.txt
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-30 12:05 - 2013-07-01 10:34 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-06-30 11:59 - 2013-07-01 10:28 - 00001004 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-28 19:01 - 2013-07-02 18:38 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 14:12 - 2013-06-29 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-25 17:22 - 2013-06-27 17:38 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:26 - 2013-06-24 20:27 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:29 - 2013-06-24 14:32 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:16 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:05 - 2013-06-20 18:12 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:39 - 2013-06-17 21:11 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:35 - 2013-06-17 16:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:31 - 2013-06-17 16:33 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 18:37 - 2013-06-18 14:33 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 14:33 - 2013-06-08 15:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:27 - 2013-06-07 20:32 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 17:05 - 2013-06-06 20:06 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-04 17:27 - 2013-06-04 17:28 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
==================== One Month Modified Files and Folders =======
2013-07-03 12:17 - 2012-07-05 20:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Skype
2013-07-03 12:13 - 2013-07-03 12:13 - 00001457 ____A C:\Users\Patrick\Desktop\JRT.txt
2013-07-03 12:13 - 2012-07-05 20:10 - 01214795 ____A C:\Windows\WindowsUpdate.log
2013-07-03 12:06 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-03 12:06 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-03 12:03 - 2013-07-03 12:03 - 00000000 ____D C:\Windows\ERUNT
2013-07-03 12:02 - 2013-07-03 12:02 - 00000000 ____D C:\JRT
2013-07-03 12:02 - 2013-07-03 12:01 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Patrick\Desktop\JRT.exe
2013-07-03 11:58 - 2012-10-01 18:09 - 00000000 ___RD C:\Users\Patrick\Dropbox
2013-07-03 11:58 - 2012-10-01 14:41 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Dropbox
2013-07-03 11:57 - 2012-07-18 11:39 - 00000000 ____D C:\Program Files (x86)\Steam
2013-07-03 11:55 - 2012-12-24 13:25 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-03 11:54 - 2012-08-09 13:15 - 00001108 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-03 11:54 - 2012-07-20 21:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-03 11:54 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-03 11:54 - 2009-07-14 06:51 - 00079776 ____A C:\Windows\setupact.log
2013-07-03 11:49 - 2013-07-03 11:47 - 00021907 ____A C:\AdwCleaner[S1].txt
2013-07-03 11:47 - 2012-07-05 20:52 - 00000000 ____D C:\Users\Patrick\AppData\Local\Adobe
2013-07-03 11:45 - 2012-08-09 13:15 - 00001112 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-03 11:43 - 2013-07-03 11:43 - 00648201 ____A C:\Users\Patrick\Desktop\adwcleaner.exe
2013-07-03 11:42 - 2012-07-05 21:44 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-03 11:42 - 2009-07-14 19:58 - 00708150 ____A C:\Windows\System32\perfh007.dat
2013-07-03 11:42 - 2009-07-14 19:58 - 00153378 ____A C:\Windows\System32\perfc007.dat
2013-07-03 11:42 - 2009-07-14 07:13 - 01644896 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-03 11:34 - 2009-07-14 06:45 - 05236400 ____A C:\Windows\System32\FNTCACHE.DAT
2013-07-02 22:08 - 2013-05-23 16:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-02 22:02 - 2009-07-14 04:34 - 00000478 ____A C:\Windows\win.ini
2013-07-02 21:26 - 2013-06-30 20:26 - 00000000 ____D C:\Users\Patrick\Documents\SimCity 4
2013-07-02 18:38 - 2013-06-28 19:01 - 00000000 ____D C:\Users\Patrick\Documents\OMSI Zeitung
2013-07-02 18:35 - 2013-07-02 16:40 - 00000000 ____D C:\Users\Patrick\Desktop\Unnötiges (NICHT LÖSCHEN)
2013-07-02 18:10 - 2012-07-07 12:31 - 00078190 ____A C:\Windows\PFRO.log
2013-07-02 17:59 - 2009-07-14 20:18 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-07-02 17:59 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-02 17:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-07-02 17:59 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2013-07-02 17:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\sppui
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Setup
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\oobe
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\manifeststore
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\Dism
2013-07-02 17:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\AdvancedInstallers
2013-07-02 17:51 - 2009-07-14 04:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2013-07-02 17:51 - 2009-07-14 04:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2013-07-02 16:21 - 2012-05-28 20:32 - 00000000 ___DC C:\tmp
2013-07-02 13:48 - 2012-07-05 20:45 - 01621854 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-02 13:37 - 2012-07-18 14:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-02 13:34 - 2012-07-20 21:28 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-02 13:29 - 2012-07-06 15:40 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-BMP-Format - Voreinstellungen
2013-07-02 13:15 - 2013-07-02 13:15 - 00000000 ____D C:\Windows\System32\SPReview
2013-07-02 13:14 - 2013-07-02 13:14 - 00000000 ____D C:\Windows\System32\EventProviders
2013-07-02 13:08 - 2013-07-02 13:07 - 03378079 ____A C:\Users\Patrick\Downloads\Stadtbus305Templates.zip
2013-07-02 13:06 - 2012-07-05 20:47 - 00147064 ____A C:\Users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-01 21:56 - 2013-05-23 16:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-07-01 21:55 - 2013-07-01 21:55 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-07-01 21:55 - 2013-07-01 21:55 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-07-01 21:53 - 2013-07-01 21:53 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-01 21:53 - 2013-07-01 21:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-01 21:52 - 2013-07-01 21:52 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-07-01 21:52 - 2013-07-01 21:52 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-07-01 21:11 - 2013-07-01 21:11 - 08898902 ____A C:\Users\Patrick\Downloads\SC4BATInstaller.zip
2013-07-01 21:11 - 2013-07-01 21:11 - 00001160 ____A C:\Users\UpdatusUser\Desktop\SC4 Plug-in Manager.lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00001160 ____A C:\Users\Patrick\Desktop\SC4 Plug-in Manager.lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00000517 ____A C:\Users\UpdatusUser\Desktop\SC4 B.A.T..lnk
2013-07-01 21:11 - 2013-07-01 21:11 - 00000517 ____A C:\Users\Patrick\Desktop\SC4 B.A.T..lnk
2013-07-01 17:41 - 2013-07-01 17:41 - 00000000 ____D C:\Users\Patrick\Desktop\SimCity4
2013-07-01 16:19 - 2013-04-21 17:11 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\HpUpdate
2013-07-01 11:15 - 2013-07-01 10:39 - 00000000 ____D C:\ComboFix
2013-07-01 11:14 - 2013-07-01 11:14 - 00035529 ____A C:\ComboFix.txt
2013-07-01 11:14 - 2013-07-01 10:39 - 00000000 ___AD C:\Qoobox
2013-07-01 11:14 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default
2013-07-01 11:13 - 2013-07-01 10:38 - 00000000 ____D C:\Windows\erdnt
2013-07-01 11:03 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini
2013-07-01 11:00 - 2009-07-14 04:34 - 79953920 ____A C:\Windows\System32\config\SOFTWARE.bak
2013-07-01 11:00 - 2009-07-14 04:34 - 16515072 ____A C:\Windows\System32\config\SYSTEM.bak
2013-07-01 11:00 - 2009-07-14 04:34 - 03407872 ____A C:\Windows\System32\config\DEFAULT.bak
2013-07-01 11:00 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2013-07-01 11:00 - 2009-07-14 04:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2013-07-01 10:36 - 2013-07-01 10:36 - 05084517 ____R (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe
2013-07-01 10:34 - 2013-06-30 12:05 - 00083672 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-07-01 10:28 - 2013-06-30 11:59 - 00001004 ____A C:\Windows\SysWOW64\OSSService.log
2013-06-30 21:56 - 2013-06-30 21:56 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-06-30 20:14 - 2013-06-30 20:14 - 00000221 ____A C:\Users\Patrick\Desktop\SimCity 4 Deluxe.url
2013-06-30 19:23 - 2013-06-30 19:23 - 20258968 ____A (Acresso Software Inc. ) C:\Users\Patrick\Downloads\AS_OMSI_UPD_V104(1).exe
2013-06-30 17:24 - 2013-06-30 17:23 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Patrick\Desktop\tdsskiller.exe
2013-06-30 15:42 - 2013-06-30 15:41 - 00025483 ____A C:\Users\Patrick\Desktop\Addition.txt
2013-06-30 15:38 - 2013-06-30 15:38 - 00000000 ____D C:\FRST
2013-06-30 15:37 - 2013-06-30 15:37 - 01933592 ____A (Farbar) C:\Users\Patrick\Desktop\FRST64.exe
2013-06-29 22:01 - 2013-06-29 22:01 - 00004502 ____A C:\Users\Patrick\AppData\Local\recently-used.xbel
2013-06-29 21:32 - 2013-06-29 21:32 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00130016 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00100712 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00028600 ____A (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2013-06-29 21:30 - 2013-06-29 21:30 - 00002073 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\ProgramData\Avira
2013-06-29 21:30 - 2013-06-29 21:30 - 00000000 ____D C:\Program Files (x86)\Avira
2013-06-29 21:27 - 2013-06-29 21:27 - 02092792 ____A C:\Users\Patrick\Downloads\avira_free_antivirus.exe
2013-06-29 16:08 - 2012-07-18 16:32 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2013-06-29 13:05 - 2013-06-29 13:05 - 00001154 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-29 13:05 - 2013-06-26 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-29 12:02 - 2013-06-29 12:02 - 00000000 ____D C:\Users\Patrick\Desktop\Metrosimulator
2013-06-28 18:33 - 2013-06-28 18:33 - 00027542 ____A C:\Users\Patrick\Downloads\Museo-700.zip
2013-06-28 15:38 - 2012-08-22 21:40 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\FileZilla
2013-06-28 09:29 - 2013-01-12 11:27 - 00000000 ____D C:\Users\Patrick\Desktop\OMSI #2
2013-06-27 17:39 - 2012-12-29 20:05 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.minecraft
2013-06-27 17:38 - 2013-06-25 17:22 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\maps4cim
2013-06-27 17:38 - 2013-04-01 13:19 - 00000000 ____D C:\Users\Patrick\Desktop\Cities in Motion 2
2013-06-26 17:39 - 2013-06-26 17:39 - 00686448 ____A C:\Users\Patrick\Downloads\HalteOmroep BETA 3.5.exe
2013-06-26 14:09 - 2012-07-20 15:22 - 00000132 ____A C:\Users\Patrick\AppData\Roaming\Adobe CS6-Targa-Format - Voreinstellungen
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-26 13:31 - 2012-07-05 20:39 - 00000000 ____D C:\ProgramData\Skype
2013-06-25 17:31 - 2012-10-12 17:14 - 02830848 __ASH C:\Users\Patrick\Documents\Thumbs.db
2013-06-25 17:22 - 2013-06-25 17:22 - 05602359 ____A C:\Users\Patrick\Downloads\maps4cim-gui-0.9-beta.zip
2013-06-25 17:18 - 2013-06-25 17:18 - 00026641 ____A C:\Users\Patrick\beta3b-rushhour-lineC.act
2013-06-25 17:18 - 2012-07-05 20:31 - 00000000 ____D C:\users\Patrick
2013-06-24 20:35 - 2013-06-24 20:35 - 02622765 ____A C:\Users\Patrick\Downloads\SD77_Konsum(3).zip
2013-06-24 20:29 - 2013-06-24 20:29 - 00726992 ____A C:\Users\Patrick\Documents\E2H_1975_Hosby Haus.rar
2013-06-24 20:27 - 2013-06-24 20:26 - 00000000 ____D C:\Users\Patrick\Documents\E2H_1975_Hosby Haus
2013-06-24 14:35 - 2012-07-05 21:02 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-24 14:32 - 2013-06-24 14:29 - 222373021 ____A C:\Users\Patrick\Downloads\AS_OMSI-ADDON-STADTBUS-O305.zip
2013-06-21 18:57 - 2012-07-05 20:31 - 00000000 ____D C:\Users\Patrick\AppData\Local\VirtualStore
2013-06-20 18:12 - 2013-06-18 14:05 - 00000000 ____D C:\Users\Patrick\Desktop\Civilization 5
2013-06-18 14:34 - 2013-06-18 14:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis Games
2013-06-18 14:33 - 2013-06-08 18:37 - 00000000 ____D C:\Users\Patrick\Documents\My Games
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a.zip
2013-06-18 14:32 - 2013-06-18 14:32 - 00247903 ____A C:\Users\Patrick\Downloads\IndieStoneNexusBuddy0_5a(1).zip
2013-06-18 14:18 - 2013-06-18 14:18 - 00000000 ____D C:\Program Files (x86)\Granny Viewer
2013-06-18 14:18 - 2013-06-18 14:16 - 00000000 ____D C:\Program Files (x86)\NifTools
2013-06-18 14:14 - 2013-06-18 14:14 - 00000000 ____D C:\Program Files (x86)\PyFFI
2013-06-18 14:14 - 2012-07-06 17:05 - 00000000 ____D C:\Python26
2013-06-17 21:11 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\Documents\Firaxis ModBuddy
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1.zip
2013-06-17 19:49 - 2013-06-17 19:49 - 00021058 ____A C:\Users\Patrick\Downloads\true_start_location_earth_maps__v_1(1).zip
2013-06-17 16:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Users\Patrick\AppData\Local\Firaxis
2013-06-17 16:39 - 2013-06-17 16:39 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-06-17 16:38 - 2013-06-17 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-06-17 16:37 - 2013-06-17 16:37 - 00000000 ____D C:\Users\Patrick\Documents\Visual Studio 2010
2013-06-17 16:36 - 2013-06-17 16:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-06-17 16:36 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-06-17 16:35 - 2013-06-17 16:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-06-17 16:33 - 2013-06-17 16:31 - 174883152 ____A (Microsoft Corporation) C:\Users\Patrick\Downloads\VSIsoShell.exe
2013-06-16 11:17 - 2012-12-24 15:34 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-06-15 20:37 - 2013-06-15 20:37 - 03820480 ____A C:\Users\Patrick\Downloads\battlelog-web-plugins_2.1.7_115.exe
2013-06-13 19:22 - 2013-06-13 19:22 - 00001217 ____A C:\Users\Public\Desktop\Battlefield 1942.lnk
2013-06-13 19:21 - 2010-09-14 16:21 - 00545218 ____A C:\Windows\DirectX.log
2013-06-13 19:02 - 2012-12-24 13:26 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-06-13 18:36 - 2012-12-24 13:26 - 00000000 ____D C:\Users\Patrick\AppData\Local\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Origin
2013-06-13 18:36 - 2012-12-24 13:25 - 00000000 ____D C:\ProgramData\Origin
2013-06-13 15:33 - 2012-07-21 17:57 - 00000000 ____D C:\Program Files (x86)\win2day Poker
2013-06-12 17:42 - 2012-07-05 21:44 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 17:42 - 2012-07-05 21:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 15:00 - 2013-06-12 15:00 - 00000221 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V SDK.url
2013-06-08 18:38 - 2013-06-08 18:38 - 00000000 ____D C:\Users\Patrick\AppData\Local\My Games
2013-06-08 17:10 - 2013-06-08 17:10 - 00000220 ____A C:\Users\Patrick\Desktop\Sid Meier's Civilization V.url
2013-06-08 15:33 - 2013-06-08 14:33 - 00000000 ____D C:\HammerAutosave
2013-06-07 20:32 - 2013-06-07 20:27 - 04103350 ____A C:\Users\Patrick\Documents\LC_Main01.rar
2013-06-06 20:06 - 2013-06-06 17:05 - 00000000 ____D C:\Users\Patrick\Documents\China
2013-06-06 17:06 - 2012-07-18 16:34 - 00000000 ____D C:\Users\Patrick\AppData\Local\Paint.NET
2013-06-04 17:28 - 2013-06-04 17:27 - 164242463 ____A C:\Users\Patrick\Downloads\Portal2-OST-Volume1.zip
ZeroAccess:
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3
Files to move or delete:
====================
C:\Users\Public\AutoUpdate.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-03 17:37
==================== End Of Log ============================
|
|
03.07.2013, 12:34
| #13 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter
ZeroAccess:
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3
C:\Users\Public\AutoUpdate.exe
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.07.2013, 20:33
| #14 |
| | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 ESET scannt nun seit 7 Stunden, kann ich, wenn ich den Scan stoppe ihn morgen da fortsetzen wo er aufgehört hat? Denn nach 7 Stunden ist er erst bei 23% bei 24 Funden (sind aber meistens die selben Trojaner) Die fixlog.txt hab ich aber schon. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-06-2013 01
Ran by Patrick at 2013-07-04 14:25:11 Run:1
Running from C:\Users\Patrick\Desktop
Boot Mode: Normal
==============================================
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05} => Moved successfully.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\U => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000004.@ => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\00000008.@ => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\201d3dde => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\6715e287 => File/Directory not found.
C:\Windows\Installer\{be18010e-094e-4b86-5849-11063d54af05}\L\76603ac3 => File/Directory not found.
C:\Users\Public\AutoUpdate.exe => Moved successfully.
==== End of Fixlog ====
|
|
05.07.2013, 07:32
| #15 |
| /// the machine /// TB-Ausbilder | W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 Ehm ich weiss nicht ob der da weiter scannt
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu W32/Patched.UC, TR/ATRAPS.Gen2 und TR/Sirefef.77312 |
| anderen, anleitung, antivirus, aufsetzen, avira, beseitigen, clean, computer, doppelt, doppelt unterstrichen, einzelne, experten, fenster, firefox, gefahr, guten, löschen, meldungen, nicht löschen, september, systemüberprüfung, tr/atraps.gen, unterstrichen, virus.win64.zaccess.a, viruse, wörter |
Linear-Darstellung
