Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner unter win 7 (https://www.trojaner-board.de/120456-gvu-trojaner-win-7-a.html)

littleTED 26.07.2012 11:49
GVU Trojaner unter win 7
 
Hallo, (schönen Dank schonmal im Vorraus:)

hab mir leider den GVU trojaner eingefangen . Typischen symptome , keine Systemwiederher. möglich , Avas hat nach starten mit einer alten xp Platte den Troji geblockt so kann ich wieder auf meinem Rechner zugreifen.

HTML-Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ted :: TEDS_PC [Administrator]

26.07.2012 11:46:12
mbam-log-2012-07-26 (11-46-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203551
Laufzeit: 2 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Ted\AppData\Roaming\msconfig.dat (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

HTML-Code:
OTL logfile created on: 26.07.2012 12:28:05 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe
PRC - [2012.07.18 17:36:56 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.07.26 11:58:30 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.07.26 11:58:30 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.07.18 17:36:56 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:[b]64bit:[/b] - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:[b]64bit:[/b] - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:[b]64bit:[/b] - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions
[2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions
[2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif
[2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml
[2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ]
O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{58e0532e-5d40-11e1-a402-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia
[2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ
[2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search
[2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 11:42:57 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 11:38:13 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 11:38:13 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 11:38:13 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 11:38:13 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 11:38:13 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 11:32:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 11:32:00 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf
[2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >

HTML-Code:
OTL Extras logfile created on: 26.07.2012 12:28:05 - Run 1
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 41,70% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,75 Gb Free Space | 42,12% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08FF9467-0EBB-4D2E-8983-6A5DECB494A5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{10301845-8A96-42A2-980F-19E07A84AC99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{127672F7-32A1-4C53-9679-507E298FFD70}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{206250BB-5498-48FC-ADA5-E1D1113B69D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2165F64C-6115-40A4-BB03-AD7D8F44C7B7}" = lport=139 | protocol=6 | dir=in | app=system |
"{3D09F290-31C8-46A2-B47D-3883FF1607BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E62C7ED-AC3E-40F6-B894-C2858E83649A}" = rport=139 | protocol=6 | dir=out | app=system |
"{41071AD6-A990-4D12-8D07-F02F646CD4B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{496C2D08-0DE5-4F68-A12E-C46ABEAD513D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D8B7C57-7FFE-477B-8D11-90E322BE3FC4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5206A194-2415-4D51-BABB-10FDBA6CEF69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54006AAE-9CE0-4DEA-918C-90E9D0EE3B80}" = lport=138 | protocol=17 | dir=in | app=system |
"{62BA3F5B-235A-44B0-B491-7D2B295B8F37}" = lport=445 | protocol=6 | dir=in | app=system |
"{65D0D109-B638-44E8-910A-F0B9CD76E77F}" = lport=137 | protocol=17 | dir=in | app=system |
"{691DAB3E-CC40-49D9-AB85-439DE094FECD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{738E0A30-1A83-41E4-9D83-8F77F7AB8C4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{83A82BD7-5C12-49D9-BCD6-2867031A1FA5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8F2537D9-4BD5-417C-AEB4-496273EB5CAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93BEC8E1-48DC-425F-83DC-6F9CD427D7B2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{944F9D6E-E635-4D00-B6C7-CF18FAD160B6}" = rport=137 | protocol=17 | dir=out | app=system |
"{A1AB3126-C3D6-4F8D-8167-6309636F8F6C}" = rport=445 | protocol=6 | dir=out | app=system |
"{A459DBFF-4560-4750-A025-AE73B839ABB7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9B00961-BF6B-4444-A2B7-107DFC5DCD54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AEC88ADA-0C05-40FD-8865-2754A6175C9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{B20C924F-E908-4486-AB8B-4ADFB9A3FA42}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B6E590A6-2AC2-406C-9EF0-485549003044}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9A96205-A3D9-44FB-B7CD-48C7CC6F8B02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DF6F1C14-5EB4-4369-87B4-9B8998F903D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E00B1205-A2BA-4D57-A99B-ADF254DF712E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0C692FD-F295-4046-8FB6-C1602052F56C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2DBC930-0ECD-4782-A0C9-AD5E213641C4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06242426-24E7-4354-B009-066C1CDE4A56}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{0778A342-DC8B-45C9-AA4F-7ED89C5B50B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0886FF0E-26E4-4D04-B4CC-213F4265DA7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{0CA1B0EA-7151-40F2-893A-CFBE2FBEC941}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{138EBF52-FA80-4018-8FF9-00FE82C8B7BA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{261E403A-437A-47EE-92D3-69A673E953F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{344C237E-C54A-4A10-8435-E96563B8DB5F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{34DFA264-1FEE-4A7C-BB62-9318EF6CD03E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{36A07CB5-3F99-46D3-8B65-017926D4B960}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3EA91836-C990-4B49-86F9-DB48843F5A0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{461C9832-A5E0-4552-B20D-614E6764B7F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{53A34F95-F75E-45CA-B4CE-B700BE6ED8A4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{58075F32-2172-4241-B208-319DEDF961C2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68FACBA3-95E6-4D37-8366-3039B31344AB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{78CDC20E-346E-4672-A802-63DEA9D4958D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{795B43FC-AA7A-467D-9D32-C3D5BFF57F30}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7DEC4397-FF44-4301-8E30-4EA9B8BC40F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{83DDF589-CBA9-4D7E-B4E5-3BF1C6D53287}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A9112E1-3266-4D98-9ED5-8154738523F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A34D7389-5631-412F-998E-24AFCB212D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4DEDDB9-4B2B-4442-A982-BEE81B74BF14}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{A7FA2C5D-C305-4904-B7BF-B1F83669A736}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{B3643AED-750D-41ED-AF3D-26C9F46B0166}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe |
"{B87D1060-62C8-4303-9D69-938AEF1738A4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{BCAF13A0-DDDE-4DF1-83AC-D132065CA338}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{CEB90C81-A451-4F5F-BE54-818A15475282}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{D51BF674-320B-4C29-A144-62E27B61EAF4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DCD0C259-C8A8-4578-9109-8564E1028C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEA7A762-0865-43C0-914D-167916492059}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2F8B5B0-0BE1-436D-BCCD-D94D6CA24258}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4EAA6E5-890D-4E1B-986A-F9C95531A47A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E608CD18-FE0C-4E07-B757-C12C894D8002}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F05C90D3-F406-4DCB-AE26-21097101DF51}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F3159932-F7F6-4CCB-B3ED-CBF47CFDDB4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F422221D-6119-4B42-935F-ACE69B5DE58A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FCF903C8-9525-4012-A4C1-785749D1CE91}" = protocol=6 | dir=out | app=system |
"{FFF86582-F9C8-4F29-9819-32830DB238DB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{089DD53D-C1F7-45E7-9E4D-FD74DCF6BEE8}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe |
"TCP Query User{156ACBF3-0E6A-41BD-B36B-1F5C60A9531F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{1D6111F1-67C3-4ACC-B105-64905AB9836A}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{56CA2C37-2357-4BF8-AFA2-5AF948124D99}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{6AD25C7A-9953-41CB-A063-7992419BF60F}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"TCP Query User{7275EE08-5CC5-4344-954F-3C6074218265}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{AD2B0C36-6B9D-4ED0-BED6-71A7D010B3B2}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{CF4678AE-1E35-4387-947E-E6DDEB5B1275}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{F7E16595-E7A8-4877-B50A-B604A33F3966}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{0F9D1E18-98DE-4154-B481-D6549C7A101F}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{0FEB7987-6492-4CDF-B88A-BAC4CF9C523F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{2CC35462-C51F-4CF0-B407-66071FF0BE37}C:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{8489EDB3-836A-4C7F-B604-A1976A2DAED7}C:\users\ted\downloads\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\ted\downloads\starcraft_2_eu_en-gb.exe |
"UDP Query User{B1251E4E-7B33-47B9-A5E0-431F65CA346C}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{B45FF184-1981-4DA8-91A3-AA79F7CC9521}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{BBFD1BD5-57F6-4597-A41C-4DFAB1E0FC57}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{DDEE9E00-B25B-420A-B2A6-672C9C1C38EE}C:\program files (x86)\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gameforge\nclauncher\nclauncher.exe |
"UDP Query User{E7A4C732-7CEB-437A-A342-56F8D11E5BB5}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"CCleaner" = CCleaner
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"avast" = avast! Free Antivirus
"Diablo III" = Diablo III
"EVE" = EVE Online (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"T4EPlayer" = T4E Player
"VLC media player" = VLC media player 2.0.0
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 24.07.2012 04:39:26 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 04:45:27 | Computer Name = Teds_PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = Vom Kryptografiedienst konnte das VSS-Sicherungsobjekt "System Writer"
 nicht initialisiert werden.  Details: Could not query the status of the EventSystem
 service.  System Error: Der Computer wird heruntergefahren.  .
 
Error - 24.07.2012 04:47:34 | Computer Name = Teds_PC | Source = Application Hang | ID = 1002
Description = Programm svchost.exe, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 848    Startzeit: 01cd6978d7b5db40    Endzeit: 0    Anwendungspfad: C:\Windows\syswow64\svchost.exe

Berichts-ID:
 32354e21-d56c-11e1-a164-e0cb4ecfef19 
 
Error - 24.07.2012 04:48:15 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 04:51:43 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 05:17:57 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 07:54:22 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 24.07.2012 07:58:55 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.07.2012 05:30:44 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
Error - 26.07.2012 05:33:52 | Computer Name = Teds_PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 24.07.2012 04:44:34 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:44:40 | Computer Name = Teds_PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 24.07.2012 04:50:04 | Computer Name = Teds_PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?07.?2012 um 10:48:21 unerwartet heruntergefahren.
 
Error - 26.07.2012 05:30:35 | Computer Name = Teds_PC | Source = DCOM | ID = 10010
Description =
 
Error - 26.07.2012 05:34:21 | Computer Name = Teds_PC | Source = nvstor64 | ID = 14548999
Description = Das Gerät wurde vom System entfernt.        Gerät: \Device\RaidPort0    Modell:
 WDC WD360GD-00FLC0    Firmware-Version: 33.0    Seriennummer: WD-WMAKH1218587    Anschluss:
 0 
 
 
< End of report >
hab meinen Rechner schon lang net mehr gereignigt leider :(
mfg
Mattes

markusg 26.07.2012 12:26
hi
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
dort rechtsklick auf den ordner cache, diesen mit winrar oder einem anderen programm packen, und im upload channel hochladen bitte
Trojaner-Board Upload Channel

littleTED 26.07.2012 12:54
Hallo,
diesen Ordner finde ich bei mir nicht , leider :(
finde Java nur unter C: Programme (x86)

oder ich bin zu blond dazu ^^

markusg 26.07.2012 12:55
hast du "name" durch deinen nutzernamen ersetzt?

littleTED 26.07.2012 13:02
ja hab ich ,
C: Benutzer / Name ist TED

als ordner hab ich da drin
Desktop
Diablo-III installer
Downloads
Eigene Bilder
Eigene Dokumente
Eigene Music
Eigene Videos
Favoriten
Gespeicherte Spiele
Kontakte
Links
SC 2 installer

ja bin doch blond sry
bekommste sofort

markusg 26.07.2012 13:04
blende mal versteckte dateien und ordner ein:
Versteckte Ordner einblenden in Windows

littleTED 26.07.2012 13:16
ich hoffe es hat geklappt ...:wtf:

markusg 26.07.2012 15:15
danke dir
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

littleTED 26.07.2012 16:23
Hallo,

der Rechner ist nicht neu gestartet bzw hatte ich black screen musste nochmal neu booten .

Combofix Logfile:
Code:
ComboFix 12-07-27.02 - Ted 26.07.2012  17:05:20.1.6 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4095.2485 [GMT 2:00]
ausgeführt von:: c:\users\Ted\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ted\AppData\Local\Temp\sfamcc00001.dll
c:\users\Ted\AppData\Local\Temp\sfareca00001.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-26 bis 2012-07-26  ))))))))))))))))))))))))))))))
.
.
2012-07-26 12:09 . 2012-07-26 12:09        --------        d-----w-        c:\program files\WinRAR
2012-07-18 15:36 . 2012-07-18 15:36        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 15:36 . 2012-07-18 15:36        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 22:12 . 2012-06-29 22:12        --------        d-----w-        c:\users\Ted\AppData\Local\Macromedia
2012-06-29 21:52 . 2012-06-29 21:52        --------        d-----w-        c:\program files (x86)\ICQ7M
2012-06-29 21:48 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-29 21:48 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-29 21:48 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-29 21:48 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-29 21:48 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-29 21:48 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-29 21:48 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-29 21:48 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-29 21:48 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-29 21:10 . 2012-06-29 21:10        --------        d-----w-        c:\windows\system32\appmgmt
2012-06-29 17:42 . 2012-06-29 17:42        --------        d-----w-        c:\users\Ted\AppData\Roaming\ICQ Search
2012-06-29 17:41 . 2012-06-29 17:41        --------        d-----w-        c:\programdata\ICQ
2012-06-29 17:41 . 2012-07-24 19:41        --------        d-----w-        c:\users\Ted\AppData\Roaming\ICQ
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-04-03 20:08        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-30 01:47 . 2012-06-15 01:38        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B08B24A-E2F0-4CE3-A694-30AE24CA8ACE}\offreg.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-10-28 2763776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-07-28 1918976]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-10-21 1270784]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15        135408        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\program files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-26  17:19:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-26 15:19
.
Vor Suchlauf: 7 Verzeichnis(se), 78.201.233.408 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 77.922.897.920 Bytes frei
.
- - End Of File - - 12B192E252F389A1B2DE8692D466EE04
--- --- ---


hab nochmal OTL drüberlaufenlassen

OTL Logfile:
Code:
OTL logfile created on: 26.07.2012 17:25:21 - Run 2
OTL by OldTimer - Version 3.2.54.1    Folder = C:\Users\Ted\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,54 Gb Available in Paging File | 81,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172,69 Gb Total Space | 72,96 Gb Free Space | 42,25% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 277,54 Gb Free Space | 94,73% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 138,82 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive G: | 3,70 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TEDS_PC | User Name: Ted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.26 12:26:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ted\Downloads\OTL.exe
PRC - [2012.07.18 17:35:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.11.03 10:29:04 | 004,657,048 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe
PRC - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.26 17:23:05 | 000,192,512 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfamcc00001.dll
MOD - [2012.07.26 17:23:05 | 000,172,032 | ---- | M] () -- C:\Users\Ted\AppData\Local\Temp\sfareca00001.dll
MOD - [2012.07.18 17:35:32 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.09 21:05:16 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 13:20:22 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2011.02.15 13:20:08 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2011.02.15 13:20:02 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2011.02.15 13:19:44 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2011.02.15 13:19:30 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2011.02.15 13:19:20 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2011.02.07 06:14:24 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2011.02.07 06:14:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2011.02.07 06:14:18 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2011.02.07 06:14:16 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2011.02.07 06:14:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2010.07.27 06:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.18 17:35:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.10 06:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.09 21:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.08.10 17:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 17:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.28 05:01:42 | 001,918,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.10.21 05:30:32 | 001,270,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.14 03:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 EC C8 DC 51 F1 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.06.29 23:45:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.26 12:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.02.22 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Extensions
[2012.07.04 23:50:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions
[2012.06.07 22:59:49 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ted\AppData\Roaming\mozilla\Firefox\Profiles\hptqz0np.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.29 19:41:38 | 000,000,168 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.gif
[2012.07.22 22:45:48 | 000,001,056 | ---- | M] () -- C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\hptqz0np.default\searchplugins\icqplugin.xml
[2012.02.22 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.29 23:45:07 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.07.18 17:35:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 04:58:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.19 04:58:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.19 04:58:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.19 04:58:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.19 04:58:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.19 04:58:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - Extension: YouTube = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Ted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012.07.26 17:16:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ted\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75C0382A-25AA-41C7-8311-D7BAA7B453BA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0241155-722B-40A4-87B0-F0CAA4F68DF3}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 15:16:34 | 002,070,624 | R--- | M] () - G:\Autorun.bba -- [ CDFS ]
O32 - AutoRun File - [2007.08.12 11:48:35 | 000,648,440 | R--- | M] (Blue Byte GmbH) - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.15 21:47:33 | 000,000,102 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.26 17:16:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.26 17:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.26 17:04:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.26 17:04:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.26 17:04:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.26 17:04:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.26 17:03:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\WinRAR
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.26 14:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.07.26 14:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012.07.18 17:36:56 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.30 00:12:08 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Local\Macromedia
[2012.06.29 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7M
[2012.06.29 23:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7M
[2012.06.29 23:48:26 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.29 23:48:26 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.29 23:48:26 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.29 23:48:19 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.29 23:48:19 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.29 23:48:19 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.29 23:48:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.29 23:48:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.29 23:10:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.06.29 19:54:06 | 000,000,000 | ---D | C] -- C:\Users\Ted\Documents\ICQ
[2012.06.29 19:42:01 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ Search
[2012.06.29 19:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2012.06.29 19:41:22 | 000,000,000 | ---D | C] -- C:\Users\Ted\AppData\Roaming\ICQ
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 17:22:33 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.26 17:19:33 | 000,762,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.26 17:19:33 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.26 17:19:33 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.26 17:19:33 | 000,004,086 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.26 17:19:33 | 000,003,894 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.26 17:16:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.26 17:15:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.26 17:15:02 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 14:10:35 | 000,661,396 | ---- | M] () -- C:\Users\Ted\Desktop\cache.rar
[2012.07.26 11:45:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.26 11:30:22 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.26 11:30:08 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.07.26 11:30:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.18 17:36:56 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.18 17:36:56 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.04 09:37:42 | 000,000,024 | ---- | M] () -- C:\Users\Ted\Documents\aionmemo_d17e7c 7.dat
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.30 00:20:35 | 000,094,944 | ---- | M] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.06.29 23:52:33 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7M.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 17:04:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.26 17:04:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.26 17:04:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.26 17:04:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.26 17:04:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.26 14:10:35 | 000,661,396 | ---- | C] () -- C:\Users\Ted\Desktop\cache.rar
[2012.07.16 10:44:12 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.06 14:14:16 | 001,065,432 | ---- | C] () -- C:\Users\Ted\Desktop\Dokument test.rtf
[2012.06.29 23:52:33 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7M.lnk
[2012.06.29 23:45:18 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.06.29 20:15:35 | 000,094,944 | ---- | C] () -- C:\Users\Ted\Desktop\[000731]_1.jpg
[2012.03.06 23:24:00 | 000,000,017 | ---- | C] () -- C:\Users\Ted\AppData\Local\resmon.resmoncfg
[2012.02.22 14:30:54 | 000,029,347 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.02.22 12:58:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.22 12:58:45 | 000,022,996 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.02.09 21:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

< End of report >
--- --- ---

und noch ein ein vollstandiger scan
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.26.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ted :: TEDS_PC [Administrator]

26.07.2012 17:32:48
mbam-log-2012-07-26 (17-32-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 308649
Laufzeit: 23 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

hab ich noch was vergessen ?

:kaffee::abklatsch:

markusg 26.07.2012 19:05
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

littleTED 26.07.2012 19:10
ergebniss:)

HTML-Code:
20:07:14.0038 0848        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:07:14.0105 0848        ============================================================
20:07:14.0106 0848        Current date / time: 2012/07/26 20:07:14.0105
20:07:14.0106 0848        SystemInfo:
20:07:14.0106 0848       
20:07:14.0106 0848        OS Version: 6.1.7601 ServicePack: 1.0
20:07:14.0106 0848        Product type: Workstation
20:07:14.0106 0848        ComputerName: TEDS_PC
20:07:14.0106 0848        UserName: Ted
20:07:14.0106 0848        Windows directory: C:\Windows
20:07:14.0106 0848        System windows directory: C:\Windows
20:07:14.0106 0848        Running under WOW64
20:07:14.0106 0848        Processor architecture: Intel x64
20:07:14.0106 0848        Number of processors: 6
20:07:14.0106 0848        Page size: 0x1000
20:07:14.0106 0848        Boot type: Normal boot
20:07:14.0106 0848        ============================================================
20:07:15.0249 0848        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:15.0264 0848        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
20:07:15.0268 0848        ============================================================
20:07:15.0268 0848        \Device\Harddisk0\DR0:
20:07:15.0268 0848        MBR partitions:
20:07:15.0268 0848        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
20:07:15.0268 0848        \Device\Harddisk1\DR1:
20:07:15.0268 0848        MBR partitions:
20:07:15.0268 0848        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:07:15.0268 0848        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x15963800
20:07:15.0268 0848        \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x15996000, BlocksNum 0x249EF000
20:07:15.0268 0848        ============================================================
20:07:15.0287 0848        C: <-> \Device\Harddisk1\DR1\Partition1
20:07:15.0379 0848        D: <-> \Device\Harddisk1\DR1\Partition2
20:07:15.0414 0848        E: <-> \Device\Harddisk0\DR0\Partition0
20:07:15.0414 0848        ============================================================
20:07:15.0414 0848        Initialize success
20:07:15.0414 0848        ============================================================
20:07:53.0403 0852        ============================================================
20:07:53.0403 0852        Scan started
20:07:53.0403 0852        Mode: Manual; SigCheck; TDLFS;
20:07:53.0403 0852        ============================================================
20:07:54.0317 0852        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:07:54.0441 0852        1394ohci - ok
20:07:54.0485 0852        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:07:54.0499 0852        ACPI - ok
20:07:54.0507 0852        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:07:54.0565 0852        AcpiPmi - ok
20:07:54.0654 0852        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:07:54.0662 0852        AdobeARMservice - ok
20:07:54.0709 0852        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:07:54.0725 0852        adp94xx - ok
20:07:54.0755 0852        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:07:54.0769 0852        adpahci - ok
20:07:54.0807 0852        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:07:54.0818 0852        adpu320 - ok
20:07:54.0841 0852        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:07:54.0984 0852        AeLookupSvc - ok
20:07:55.0068 0852        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:07:55.0126 0852        AFD - ok
20:07:55.0141 0852        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:07:55.0150 0852        agp440 - ok
20:07:55.0175 0852        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:07:55.0216 0852        ALG - ok
20:07:55.0247 0852        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:07:55.0256 0852        aliide - ok
20:07:55.0271 0852        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:07:55.0280 0852        amdide - ok
20:07:55.0291 0852        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:07:55.0315 0852        AmdK8 - ok
20:07:55.0339 0852        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:07:55.0360 0852        AmdPPM - ok
20:07:55.0395 0852        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:07:55.0405 0852        amdsata - ok
20:07:55.0430 0852        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:07:55.0441 0852        amdsbs - ok
20:07:55.0454 0852        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:07:55.0463 0852        amdxata - ok
20:07:55.0484 0852        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:07:55.0605 0852        AppID - ok
20:07:55.0633 0852        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:07:55.0679 0852        AppIDSvc - ok
20:07:55.0702 0852        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:07:55.0749 0852        Appinfo - ok
20:07:55.0808 0852        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:07:55.0874 0852        AppMgmt - ok
20:07:55.0903 0852        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:07:55.0914 0852        arc - ok
20:07:55.0926 0852        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:07:55.0936 0852        arcsas - ok
20:07:55.0981 0852        aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
20:07:56.0003 0852        aswFsBlk - ok
20:07:56.0075 0852        aswMonFlt      (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
20:07:56.0085 0852        aswMonFlt - ok
20:07:56.0138 0852        aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
20:07:56.0147 0852        aswRdr - ok
20:07:56.0189 0852        aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
20:07:56.0215 0852        aswSnx - ok
20:07:56.0239 0852        aswSP          (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
20:07:56.0252 0852        aswSP - ok
20:07:56.0268 0852        aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
20:07:56.0277 0852        aswTdi - ok
20:07:56.0293 0852        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:56.0337 0852        AsyncMac - ok
20:07:56.0376 0852        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:07:56.0385 0852        atapi - ok
20:07:56.0513 0852        athur          (417b9bab376e8e50f6770196656fd348) C:\Windows\system32\DRIVERS\athurx.sys
20:07:56.0588 0852        athur - ok
20:07:56.0737 0852        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:56.0799 0852        AudioEndpointBuilder - ok
20:07:56.0804 0852        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:07:56.0833 0852        AudioSrv - ok
20:07:56.0914 0852        avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:07:56.0923 0852        avast! Antivirus - ok
20:07:56.0969 0852        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:07:57.0031 0852        AxInstSV - ok
20:07:57.0100 0852        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:07:57.0153 0852        b06bdrv - ok
20:07:57.0184 0852        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:57.0220 0852        b57nd60a - ok
20:07:57.0246 0852        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:07:57.0309 0852        BDESVC - ok
20:07:57.0360 0852        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:07:57.0408 0852        Beep - ok
20:07:57.0472 0852        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:07:57.0550 0852        BFE - ok
20:07:57.0612 0852        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:07:57.0715 0852        BITS - ok
20:07:57.0767 0852        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:57.0777 0852        blbdrive - ok
20:07:57.0805 0852        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:07:57.0838 0852        bowser - ok
20:07:57.0876 0852        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:07:57.0902 0852        BrFiltLo - ok
20:07:57.0919 0852        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:07:57.0954 0852        BrFiltUp - ok
20:07:57.0989 0852        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:07:58.0030 0852        BridgeMP - ok
20:07:58.0078 0852        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:07:58.0104 0852        Browser - ok
20:07:58.0136 0852        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:07:58.0186 0852        Brserid - ok
20:07:58.0196 0852        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:58.0223 0852        BrSerWdm - ok
20:07:58.0238 0852        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:58.0250 0852        BrUsbMdm - ok
20:07:58.0264 0852        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:58.0288 0852        BrUsbSer - ok
20:07:58.0304 0852        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:07:58.0317 0852        BTHMODEM - ok
20:07:58.0343 0852        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:07:58.0369 0852        bthserv - ok
20:07:58.0387 0852        catchme - ok
20:07:58.0416 0852        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:07:58.0460 0852        cdfs - ok
20:07:58.0509 0852        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:07:58.0520 0852        cdrom - ok
20:07:58.0558 0852        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:07:58.0584 0852        CertPropSvc - ok
20:07:58.0601 0852        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
20:07:58.0613 0852        circlass - ok
20:07:58.0665 0852        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:07:58.0679 0852        CLFS - ok
20:07:58.0745 0852        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:58.0754 0852        clr_optimization_v2.0.50727_32 - ok
20:07:58.0790 0852        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:58.0799 0852        clr_optimization_v2.0.50727_64 - ok
20:07:58.0836 0852        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
20:07:58.0865 0852        CmBatt - ok
20:07:58.0880 0852        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:07:58.0889 0852        cmdide - ok
20:07:58.0945 0852        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:07:58.0985 0852        CNG - ok
20:07:58.0998 0852        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
20:07:59.0007 0852        Compbatt - ok
20:07:59.0035 0852        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:07:59.0067 0852        CompositeBus - ok
20:07:59.0084 0852        COMSysApp - ok
20:07:59.0099 0852        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:07:59.0108 0852        crcdisk - ok
20:07:59.0150 0852        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:07:59.0204 0852        CryptSvc - ok
20:07:59.0251 0852        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:07:59.0332 0852        CSC - ok
20:07:59.0367 0852        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:07:59.0441 0852        CscService - ok
20:07:59.0494 0852        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:07:59.0530 0852        DcomLaunch - ok
20:07:59.0557 0852        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:07:59.0588 0852        defragsvc - ok
20:07:59.0622 0852        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:07:59.0661 0852        DfsC - ok
20:07:59.0705 0852        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:07:59.0758 0852        Dhcp - ok
20:07:59.0786 0852        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:07:59.0846 0852        discache - ok
20:07:59.0908 0852        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:07:59.0918 0852        Disk - ok
20:07:59.0958 0852        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:07:59.0982 0852        dmvsc - ok
20:08:00.0008 0852        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:08:00.0049 0852        Dnscache - ok
20:08:00.0069 0852        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:08:00.0111 0852        dot3svc - ok
20:08:00.0119 0852        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:08:00.0159 0852        DPS - ok
20:08:00.0198 0852        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:08:00.0226 0852        drmkaud - ok
20:08:00.0280 0852        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:08:00.0315 0852        DXGKrnl - ok
20:08:00.0338 0852        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:08:00.0378 0852        EapHost - ok
20:08:00.0511 0852        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:08:00.0596 0852        ebdrv - ok
20:08:00.0721 0852        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:08:00.0741 0852        EFS - ok
20:08:00.0805 0852        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:08:00.0878 0852        ehRecvr - ok
20:08:00.0901 0852        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:08:00.0939 0852        ehSched - ok
20:08:01.0012 0852        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:08:01.0031 0852        elxstor - ok
20:08:01.0045 0852        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:08:01.0071 0852        ErrDev - ok
20:08:01.0126 0852        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:08:01.0173 0852        EventSystem - ok
20:08:01.0213 0852        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:08:01.0242 0852        exfat - ok
20:08:01.0268 0852        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:08:01.0307 0852        fastfat - ok
20:08:01.0365 0852        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:08:01.0421 0852        Fax - ok
20:08:01.0431 0852        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:08:01.0467 0852        fdc - ok
20:08:01.0504 0852        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:08:01.0543 0852        fdPHost - ok
20:08:01.0564 0852        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:08:01.0606 0852        FDResPub - ok
20:08:01.0629 0852        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:08:01.0639 0852        FileInfo - ok
20:08:01.0661 0852        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:08:01.0715 0852        Filetrace - ok
20:08:01.0733 0852        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:08:01.0743 0852        flpydisk - ok
20:08:01.0767 0852        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:08:01.0780 0852        FltMgr - ok
20:08:01.0827 0852        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
20:08:01.0894 0852        FontCache - ok
20:08:01.0956 0852        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:08:01.0965 0852        FontCache3.0.0.0 - ok
20:08:02.0093 0852        ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
20:08:02.0121 0852        ForceWare Intelligent Application Manager (IAM) - ok
20:08:02.0173 0852        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:08:02.0182 0852        FsDepends - ok
20:08:02.0216 0852        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:08:02.0225 0852        Fs_Rec - ok
20:08:02.0281 0852        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:08:02.0295 0852        fvevol - ok
20:08:02.0329 0852        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:08:02.0339 0852        gagp30kx - ok
20:08:02.0382 0852        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:08:02.0440 0852        gpsvc - ok
20:08:02.0506 0852        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:08:02.0516 0852        gusvc - ok
20:08:02.0538 0852        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:08:02.0607 0852        hcw85cir - ok
20:08:02.0669 0852        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:08:02.0699 0852        HdAudAddService - ok
20:08:02.0725 0852        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:08:02.0761 0852        HDAudBus - ok
20:08:02.0785 0852        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:08:02.0813 0852        HidBatt - ok
20:08:02.0854 0852        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:08:02.0878 0852        HidBth - ok
20:08:02.0936 0852        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
20:08:02.0947 0852        HidIr - ok
20:08:02.0968 0852        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:08:03.0008 0852        hidserv - ok
20:08:03.0037 0852        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:08:03.0047 0852        HidUsb - ok
20:08:03.0073 0852        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:08:03.0116 0852        hkmsvc - ok
20:08:03.0139 0852        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:08:03.0164 0852        HomeGroupListener - ok
20:08:03.0196 0852        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:08:03.0230 0852        HomeGroupProvider - ok
20:08:03.0263 0852        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:08:03.0273 0852        HpSAMD - ok
20:08:03.0313 0852        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:08:03.0370 0852        HTTP - ok
20:08:03.0390 0852        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:08:03.0399 0852        hwpolicy - ok
20:08:03.0442 0852        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:08:03.0452 0852        i8042prt - ok
20:08:03.0478 0852        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:08:03.0492 0852        iaStorV - ok
20:08:03.0570 0852        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:03.0594 0852        idsvc - ok
20:08:03.0612 0852        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:08:03.0621 0852        iirsp - ok
20:08:03.0670 0852        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:08:03.0726 0852        IKEEXT - ok
20:08:03.0744 0852        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:08:03.0753 0852        intelide - ok
20:08:03.0790 0852        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
20:08:03.0816 0852        intelppm - ok
20:08:03.0837 0852        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:08:03.0877 0852        IPBusEnum - ok
20:08:03.0899 0852        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:03.0924 0852        IpFilterDriver - ok
20:08:03.0988 0852        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:08:04.0049 0852        iphlpsvc - ok
20:08:04.0073 0852        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:08:04.0084 0852        IPMIDRV - ok
20:08:04.0091 0852        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:08:04.0140 0852        IPNAT - ok
20:08:04.0169 0852        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:08:04.0204 0852        IRENUM - ok
20:08:04.0223 0852        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:08:04.0232 0852        isapnp - ok
20:08:04.0259 0852        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:08:04.0272 0852        iScsiPrt - ok
20:08:04.0294 0852        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:04.0303 0852        kbdclass - ok
20:08:04.0329 0852        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:08:04.0359 0852        kbdhid - ok
20:08:04.0393 0852        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:04.0404 0852        KeyIso - ok
20:08:04.0440 0852        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:04.0449 0852        KSecDD - ok
20:08:04.0469 0852        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:08:04.0480 0852        KSecPkg - ok
20:08:04.0493 0852        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:08:04.0538 0852        ksthunk - ok
20:08:04.0590 0852        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:08:04.0632 0852        KtmRm - ok
20:08:04.0680 0852        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:08:04.0724 0852        LanmanServer - ok
20:08:04.0759 0852        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:08:04.0812 0852        LanmanWorkstation - ok
20:08:04.0858 0852        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:04.0905 0852        lltdio - ok
20:08:04.0936 0852        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:08:04.0987 0852        lltdsvc - ok
20:08:05.0019 0852        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:08:05.0057 0852        lmhosts - ok
20:08:05.0108 0852        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:08:05.0118 0852        LSI_FC - ok
20:08:05.0143 0852        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:08:05.0153 0852        LSI_SAS - ok
20:08:05.0166 0852        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:08:05.0176 0852        LSI_SAS2 - ok
20:08:05.0198 0852        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:08:05.0209 0852        LSI_SCSI - ok
20:08:05.0228 0852        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:08:05.0275 0852        luafv - ok
20:08:05.0307 0852        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:08:05.0320 0852        Mcx2Svc - ok
20:08:05.0339 0852        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:08:05.0348 0852        megasas - ok
20:08:05.0370 0852        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:08:05.0383 0852        MegaSR - ok
20:08:05.0402 0852        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:05.0429 0852        MMCSS - ok
20:08:05.0440 0852        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:08:05.0489 0852        Modem - ok
20:08:05.0517 0852        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:08:05.0551 0852        monitor - ok
20:08:05.0583 0852        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:08:05.0592 0852        mouclass - ok
20:08:05.0627 0852        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:05.0649 0852        mouhid - ok
20:08:05.0682 0852        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:08:05.0692 0852        mountmgr - ok
20:08:05.0807 0852        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:08:05.0817 0852        MozillaMaintenance - ok
20:08:05.0837 0852        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:08:05.0848 0852        mpio - ok
20:08:05.0859 0852        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:08:05.0885 0852        mpsdrv - ok
20:08:05.0931 0852        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:08:05.0972 0852        MpsSvc - ok
20:08:05.0993 0852        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:08:06.0028 0852        MRxDAV - ok
20:08:06.0066 0852        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:06.0109 0852        mrxsmb - ok
20:08:06.0136 0852        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:06.0149 0852        mrxsmb10 - ok
20:08:06.0163 0852        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:06.0174 0852        mrxsmb20 - ok
20:08:06.0186 0852        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:08:06.0195 0852        msahci - ok
20:08:06.0217 0852        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:08:06.0228 0852        msdsm - ok
20:08:06.0266 0852        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:08:06.0290 0852        MSDTC - ok
20:08:06.0310 0852        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:08:06.0354 0852        Msfs - ok
20:08:06.0374 0852        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:08:06.0412 0852        mshidkmdf - ok
20:08:06.0436 0852        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:08:06.0445 0852        msisadrv - ok
20:08:06.0493 0852        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:08:06.0534 0852        MSiSCSI - ok
20:08:06.0536 0852        msiserver - ok
20:08:06.0577 0852        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:06.0618 0852        MSKSSRV - ok
20:08:06.0632 0852        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:06.0673 0852        MSPCLOCK - ok
20:08:06.0691 0852        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:08:06.0717 0852        MSPQM - ok
20:08:06.0739 0852        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:08:06.0753 0852        MsRPC - ok
20:08:06.0767 0852        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:08:06.0776 0852        mssmbios - ok
20:08:06.0790 0852        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:08:06.0816 0852        MSTEE - ok
20:08:06.0827 0852        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:08:06.0837 0852        MTConfig - ok
20:08:06.0876 0852        MTsensor        (2219a3d695405e7ba2186ba6b9ede14a) C:\Windows\system32\DRIVERS\ASACPI.sys
20:08:06.0884 0852        MTsensor - ok
20:08:06.0906 0852        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:08:06.0916 0852        Mup - ok
20:08:06.0962 0852        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:08:07.0015 0852        napagent - ok
20:08:07.0076 0852        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:07.0116 0852        NativeWifiP - ok
20:08:07.0170 0852        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:08:07.0196 0852        NDIS - ok
20:08:07.0220 0852        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:07.0246 0852        NdisCap - ok
20:08:07.0286 0852        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:07.0311 0852        NdisTapi - ok
20:08:07.0355 0852        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:07.0392 0852        Ndisuio - ok
20:08:07.0411 0852        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:07.0460 0852        NdisWan - ok
20:08:07.0482 0852        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:08:07.0506 0852        NDProxy - ok
20:08:07.0544 0852        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:08:07.0593 0852        NetBIOS - ok
20:08:07.0621 0852        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:08:07.0649 0852        NetBT - ok
20:08:07.0694 0852        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:07.0704 0852        Netlogon - ok
20:08:07.0766 0852        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:08:07.0819 0852        Netman - ok
20:08:07.0856 0852        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:08:07.0899 0852        netprofm - ok
20:08:07.0988 0852        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
20:08:08.0015 0852        netr28ux - ok
20:08:08.0101 0852        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:08.0110 0852        NetTcpPortSharing - ok
20:08:08.0154 0852        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:08:08.0164 0852        nfrd960 - ok
20:08:08.0208 0852        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:08:08.0257 0852        NlaSvc - ok
20:08:08.0277 0852        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:08:08.0302 0852        Npfs - ok
20:08:08.0316 0852        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:08:08.0361 0852        nsi - ok
20:08:08.0387 0852        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:08:08.0413 0852        nsiproxy - ok
20:08:08.0520 0852        nSvcIp          (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
20:08:08.0531 0852        nSvcIp - ok
20:08:08.0599 0852        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:08:08.0634 0852        Ntfs - ok
20:08:08.0736 0852        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:08:08.0773 0852        Null - ok
20:08:08.0820 0852        NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:08:08.0848 0852        NVENETFD - ok
20:08:08.0897 0852        NVHDA          (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
20:08:08.0909 0852        NVHDA - ok
20:08:09.0450 0852        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:08:09.0698 0852        nvlddmkm - ok
20:08:09.0859 0852        NVNET          (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:08:09.0872 0852        NVNET - ok
20:08:09.0935 0852        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:08:09.0945 0852        nvraid - ok
20:08:09.0981 0852        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:08:09.0992 0852        nvstor - ok
20:08:10.0033 0852        nvstor64        (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
20:08:10.0043 0852        nvstor64 - ok
20:08:10.0132 0852        nvsvc          (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe
20:08:10.0157 0852        nvsvc - ok
20:08:10.0286 0852        nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:08:10.0331 0852        nvUpdatusService - ok
20:08:10.0425 0852        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:08:10.0435 0852        nv_agp - ok
20:08:10.0447 0852        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:08:10.0469 0852        ohci1394 - ok
20:08:10.0516 0852        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:10.0580 0852        p2pimsvc - ok
20:08:10.0617 0852        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:08:10.0632 0852        p2psvc - ok
20:08:10.0645 0852        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:08:10.0670 0852        Parport - ok
20:08:10.0691 0852        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:08:10.0701 0852        partmgr - ok
20:08:10.0720 0852        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:08:10.0749 0852        PcaSvc - ok
20:08:10.0779 0852        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:08:10.0790 0852        pci - ok
20:08:10.0802 0852        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:08:10.0811 0852        pciide - ok
20:08:10.0833 0852        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:08:10.0845 0852        pcmcia - ok
20:08:10.0863 0852        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:08:10.0872 0852        pcw - ok
20:08:10.0914 0852        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:08:10.0981 0852        PEAUTH - ok
20:08:11.0067 0852        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:08:11.0152 0852        PeerDistSvc - ok
20:08:11.0222 0852        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:08:11.0233 0852        PerfHost - ok
20:08:11.0364 0852        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:08:11.0430 0852        pla - ok
20:08:11.0492 0852        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:08:11.0551 0852        PlugPlay - ok
20:08:11.0564 0852        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:08:11.0596 0852        PNRPAutoReg - ok
20:08:11.0632 0852        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:08:11.0645 0852        PNRPsvc - ok
20:08:11.0695 0852        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:08:11.0748 0852        PolicyAgent - ok
20:08:11.0791 0852        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:08:11.0836 0852        Power - ok
20:08:11.0889 0852        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:11.0927 0852        PptpMiniport - ok
20:08:11.0946 0852        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:08:11.0970 0852        Processor - ok
20:08:12.0002 0852        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:08:12.0050 0852        ProfSvc - ok
20:08:12.0086 0852        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:12.0096 0852        ProtectedStorage - ok
20:08:12.0137 0852        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:08:12.0185 0852        Psched - ok
20:08:12.0481 0852        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:08:12.0512 0852        ql2300 - ok
20:08:12.0585 0852        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:08:12.0595 0852        ql40xx - ok
20:08:12.0623 0852        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:08:12.0640 0852        QWAVE - ok
20:08:12.0656 0852        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:08:12.0669 0852        QWAVEdrv - ok
20:08:12.0682 0852        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:12.0708 0852        RasAcd - ok
20:08:12.0762 0852        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:12.0810 0852        RasAgileVpn - ok
20:08:12.0830 0852        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:08:12.0873 0852        RasAuto - ok
20:08:12.0880 0852        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:12.0906 0852        Rasl2tp - ok
20:08:12.0929 0852        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:08:12.0959 0852        RasMan - ok
20:08:12.0973 0852        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:13.0023 0852        RasPppoe - ok
20:08:13.0054 0852        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:13.0080 0852        RasSstp - ok
20:08:13.0104 0852        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:13.0132 0852        rdbss - ok
20:08:13.0151 0852        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:13.0177 0852        rdpbus - ok
20:08:13.0207 0852        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:13.0232 0852        RDPCDD - ok
20:08:13.0272 0852        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:08:13.0294 0852        RDPDR - ok
20:08:13.0311 0852        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:08:13.0355 0852        RDPENCDD - ok
20:08:13.0360 0852        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:08:13.0385 0852        RDPREFMP - ok
20:08:13.0427 0852        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:08:13.0446 0852        RDPWD - ok
20:08:13.0472 0852        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:08:13.0483 0852        rdyboost - ok
20:08:13.0515 0852        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:08:13.0558 0852        RemoteAccess - ok
20:08:13.0595 0852        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:08:13.0637 0852        RemoteRegistry - ok
20:08:13.0662 0852        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:08:13.0702 0852        RpcEptMapper - ok
20:08:13.0719 0852        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:08:13.0742 0852        RpcLocator - ok
20:08:13.0787 0852        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:08:13.0816 0852        RpcSs - ok
20:08:13.0829 0852        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:13.0856 0852        rspndr - ok
20:08:13.0941 0852        RTCore64        (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
20:08:13.0950 0852        RTCore64 - ok
20:08:13.0978 0852        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:08:14.0005 0852        s3cap - ok
20:08:14.0042 0852        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:14.0052 0852        SamSs - ok
20:08:14.0073 0852        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:08:14.0083 0852        sbp2port - ok
20:08:14.0101 0852        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:08:14.0130 0852        SCardSvr - ok
20:08:14.0148 0852        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:08:14.0189 0852        scfilter - ok
20:08:14.0246 0852        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:08:14.0293 0852        Schedule - ok
20:08:14.0326 0852        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:08:14.0351 0852        SCPolicySvc - ok
20:08:14.0372 0852        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:08:14.0426 0852        SDRSVC - ok
20:08:14.0476 0852        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:08:14.0523 0852        secdrv - ok
20:08:14.0539 0852        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:08:14.0566 0852        seclogon - ok
20:08:14.0582 0852        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:08:14.0622 0852        SENS - ok
20:08:14.0642 0852        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:08:14.0695 0852        SensrSvc - ok
20:08:14.0734 0852        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:08:14.0756 0852        Serenum - ok
20:08:14.0776 0852        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:08:14.0806 0852        Serial - ok
20:08:14.0844 0852        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:08:14.0864 0852        sermouse - ok
20:08:14.0896 0852        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:08:14.0942 0852        SessionEnv - ok
20:08:14.0961 0852        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:08:14.0973 0852        sffdisk - ok
20:08:14.0985 0852        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:15.0020 0852        sffp_mmc - ok
20:08:15.0044 0852        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:08:15.0075 0852        sffp_sd - ok
20:08:15.0098 0852        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:08:15.0108 0852        sfloppy - ok
20:08:15.0144 0852        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:08:15.0188 0852        SharedAccess - ok
20:08:15.0227 0852        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:08:15.0257 0852        ShellHWDetection - ok
20:08:15.0294 0852        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:08:15.0304 0852        SiSRaid2 - ok
20:08:15.0320 0852        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:08:15.0330 0852        SiSRaid4 - ok
20:08:15.0422 0852        SkypeUpdate    (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:08:15.0431 0852        SkypeUpdate - ok
20:08:15.0471 0852        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:08:15.0517 0852        Smb - ok
20:08:15.0549 0852        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:08:15.0582 0852        SNMPTRAP - ok
20:08:15.0665 0852        speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
20:08:15.0676 0852        speedfan - ok
20:08:15.0684 0852        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:08:15.0693 0852        spldr - ok
20:08:15.0724 0852        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:08:15.0769 0852        Spooler - ok
20:08:15.0914 0852        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:08:16.0013 0852        sppsvc - ok
20:08:16.0105 0852        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:08:16.0132 0852        sppuinotify - ok
20:08:16.0177 0852        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:08:16.0227 0852        srv - ok
20:08:16.0253 0852        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:08:16.0287 0852        srv2 - ok
20:08:16.0308 0852        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:16.0319 0852        srvnet - ok
20:08:16.0359 0852        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:08:16.0388 0852        SSDPSRV - ok
20:08:16.0412 0852        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:08:16.0440 0852        SstpSvc - ok
20:08:16.0540 0852        Stereo Service  (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:08:16.0555 0852        Stereo Service - ok
20:08:16.0592 0852        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:08:16.0601 0852        stexstor - ok
20:08:16.0666 0852        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:08:16.0722 0852        stisvc - ok
20:08:16.0754 0852        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:08:16.0763 0852        storflt - ok
20:08:16.0792 0852        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:08:16.0858 0852        StorSvc - ok
20:08:16.0894 0852        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:08:16.0903 0852        storvsc - ok
20:08:16.0919 0852        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:08:16.0928 0852        swenum - ok
20:08:16.0962 0852        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:08:17.0008 0852        swprv - ok
20:08:17.0102 0852        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:08:17.0170 0852        SysMain - ok
20:08:17.0275 0852        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:08:17.0291 0852        TabletInputService - ok
20:08:17.0317 0852        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:08:17.0364 0852        TapiSrv - ok
20:08:17.0381 0852        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:08:17.0409 0852        TBS - ok
20:08:17.0562 0852        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:08:17.0600 0852        Tcpip - ok
20:08:17.0755 0852        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:17.0799 0852        TCPIP6 - ok
20:08:17.0849 0852        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:08:17.0890 0852        tcpipreg - ok
20:08:17.0908 0852        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:08:17.0937 0852        TDPIPE - ok
20:08:17.0975 0852        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:08:18.0003 0852        TDTCP - ok
20:08:18.0027 0852        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:08:18.0053 0852        tdx - ok
20:08:18.0100 0852        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:08:18.0109 0852        TermDD - ok
20:08:18.0171 0852        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:08:18.0225 0852        TermService - ok
20:08:18.0247 0852        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:08:18.0262 0852        Themes - ok
20:08:18.0290 0852        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:08:18.0316 0852        THREADORDER - ok
20:08:18.0335 0852        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:08:18.0380 0852        TrkWks - ok
20:08:18.0431 0852        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:08:18.0458 0852        TrustedInstaller - ok
20:08:18.0472 0852        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:18.0514 0852        tssecsrv - ok
20:08:18.0544 0852        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:08:18.0562 0852        TsUsbFlt - ok
20:08:18.0580 0852        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:08:18.0590 0852        TsUsbGD - ok
20:08:18.0643 0852        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:18.0685 0852        tunnel - ok
20:08:18.0710 0852        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:08:18.0720 0852        uagp35 - ok
20:08:18.0744 0852        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:08:18.0795 0852        udfs - ok
20:08:18.0816 0852        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:08:18.0848 0852        UI0Detect - ok
20:08:18.0866 0852        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:08:18.0875 0852        uliagpkx - ok
20:08:18.0911 0852        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:08:18.0937 0852        umbus - ok
20:08:18.0975 0852        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:08:18.0999 0852        UmPass - ok
20:08:19.0039 0852        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:08:19.0087 0852        UmRdpService - ok
20:08:19.0138 0852        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:08:19.0189 0852        upnphost - ok
20:08:19.0216 0852        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:19.0228 0852        usbccgp - ok
20:08:19.0240 0852        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:08:19.0253 0852        usbcir - ok
20:08:19.0269 0852        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
20:08:19.0299 0852        usbehci - ok
20:08:19.0328 0852        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
20:08:19.0348 0852        usbhub - ok
20:08:19.0370 0852        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:08:19.0381 0852        usbohci - ok
20:08:19.0390 0852        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
20:08:19.0424 0852        usbprint - ok
20:08:19.0441 0852        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:19.0467 0852        USBSTOR - ok
20:08:19.0484 0852        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:08:19.0494 0852        usbuhci - ok
20:08:19.0508 0852        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:08:19.0553 0852        UxSms - ok
20:08:19.0586 0852        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:08:19.0596 0852        VaultSvc - ok
20:08:19.0636 0852        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:08:19.0645 0852        vdrvroot - ok
20:08:19.0677 0852        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:08:19.0735 0852        vds - ok
20:08:19.0768 0852        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:19.0780 0852        vga - ok
20:08:19.0801 0852        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:08:19.0855 0852        VgaSave - ok
20:08:19.0883 0852        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:08:19.0895 0852        vhdmp - ok
20:08:19.0995 0852        VIAHdAudAddService (db88ca4f876c7dcaeec29bab9e31ffc1) C:\Windows\system32\drivers\viahduaa.sys
20:08:20.0057 0852        VIAHdAudAddService - ok
20:08:20.0077 0852        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:08:20.0086 0852        viaide - ok
20:08:20.0113 0852        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:08:20.0125 0852        vmbus - ok
20:08:20.0144 0852        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:08:20.0167 0852        VMBusHID - ok
20:08:20.0189 0852        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:08:20.0199 0852        volmgr - ok
20:08:20.0228 0852        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:08:20.0242 0852        volmgrx - ok
20:08:20.0287 0852        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:08:20.0300 0852        volsnap - ok
20:08:20.0349 0852        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:08:20.0360 0852        vsmraid - ok
20:08:20.0446 0852        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:08:20.0511 0852        VSS - ok
20:08:20.0609 0852        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:08:20.0642 0852        vwifibus - ok
20:08:20.0673 0852        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:08:20.0703 0852        vwififlt - ok
20:08:20.0744 0852        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:08:20.0776 0852        W32Time - ok
20:08:20.0788 0852        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:08:20.0812 0852        WacomPen - ok
20:08:20.0848 0852        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:20.0889 0852        WANARP - ok
20:08:20.0892 0852        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:20.0917 0852        Wanarpv6 - ok
20:08:20.0993 0852        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:08:21.0069 0852        wbengine - ok
20:08:21.0128 0852        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:08:21.0145 0852        WbioSrvc - ok
20:08:21.0175 0852        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:08:21.0207 0852        wcncsvc - ok
20:08:21.0230 0852        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:08:21.0280 0852        WcsPlugInService - ok
20:08:21.0308 0852        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:08:21.0317 0852        Wd - ok
20:08:21.0355 0852        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:08:21.0385 0852        Wdf01000 - ok
20:08:21.0397 0852        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:21.0463 0852        WdiServiceHost - ok
20:08:21.0465 0852        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:08:21.0481 0852        WdiSystemHost - ok
20:08:21.0507 0852        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:08:21.0546 0852        WebClient - ok
20:08:21.0578 0852        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:08:21.0624 0852        Wecsvc - ok
20:08:21.0646 0852        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:08:21.0675 0852        wercplsupport - ok
20:08:21.0716 0852        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:08:21.0744 0852        WerSvc - ok
20:08:21.0783 0852        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:21.0809 0852        WfpLwf - ok
20:08:21.0827 0852        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:08:21.0836 0852        WIMMount - ok
20:08:21.0853 0852        WinDefend - ok
20:08:21.0857 0852        WinHttpAutoProxySvc - ok
20:08:21.0910 0852        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:08:21.0938 0852        Winmgmt - ok
20:08:22.0028 0852        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:08:22.0093 0852        WinRM - ok
20:08:22.0206 0852        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:08:22.0245 0852        Wlansvc - ok
20:08:22.0282 0852        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:08:22.0312 0852        WmiAcpi - ok
20:08:22.0338 0852        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:08:22.0367 0852        wmiApSrv - ok
20:08:22.0382 0852        WMPNetworkSvc - ok
20:08:22.0400 0852        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:08:22.0425 0852        WPCSvc - ok
20:08:22.0447 0852        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:08:22.0482 0852        WPDBusEnum - ok
20:08:22.0492 0852        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:22.0518 0852        ws2ifsl - ok
20:08:22.0539 0852        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:08:22.0574 0852        wscsvc - ok
20:08:22.0576 0852        WSearch - ok
20:08:22.0687 0852        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:08:22.0743 0852        wuauserv - ok
20:08:22.0851 0852        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:08:22.0888 0852        WudfPf - ok
20:08:22.0932 0852        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:22.0974 0852        WUDFRd - ok
20:08:22.0995 0852        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:08:23.0023 0852        wudfsvc - ok
20:08:23.0070 0852        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:08:23.0110 0852        WwanSvc - ok
20:08:23.0124 0852        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
20:08:23.0194 0852        \Device\Harddisk0\DR0 - ok
20:08:23.0209 0852        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:08:23.0444 0852        \Device\Harddisk1\DR1 - ok
20:08:23.0446 0852        Boot (0x1200)  (c3d0598b57cfabfc4ad05681c4ff25b9) \Device\Harddisk0\DR0\Partition0
20:08:23.0448 0852        \Device\Harddisk0\DR0\Partition0 - ok
20:08:23.0450 0852        Boot (0x1200)  (893b656c55016f6191da9fe036d346f2) \Device\Harddisk1\DR1\Partition0
20:08:23.0451 0852        \Device\Harddisk1\DR1\Partition0 - ok
20:08:23.0481 0852        Boot (0x1200)  (b0d2b6faa2d50b9ceb0eb5f5b3891500) \Device\Harddisk1\DR1\Partition1
20:08:23.0482 0852        \Device\Harddisk1\DR1\Partition1 - ok
20:08:23.0507 0852        Boot (0x1200)  (ba88f2d3ef38b1070efc19574cc1f72d) \Device\Harddisk1\DR1\Partition2
20:08:23.0508 0852        \Device\Harddisk1\DR1\Partition2 - ok
20:08:23.0509 0852        ============================================================
20:08:23.0509 0852        Scan finished
20:08:23.0509 0852        ============================================================
20:08:23.0517 2540        Detected object count: 0
20:08:23.0517 2540        Actual detected object count: 0
Hallo , vielleicht könntest du mir auch ein paar nützliche Tipps oder Links geben das ich mich in zukunft besser davor schützen kann .
aber auf alle Fälle schonmal herzlichen dank für die Betreung ist echt ein klasse Forum das ihr hier habt . :dankeschoen:

markusg 27.07.2012 22:32
kommt noch
lade den CCleaner standard:
CCleaner Download - CCleaner 3.21.1767
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

littleTED 28.07.2012 14:34
Hallo,

Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.07.2012 6,00MB 11.3.300.268
Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 21.02.2012 121,0MB 10.1.2
AION Free-To-Play Gameforge 29.02.2012 22,6MB 2.70.0000
avast! Free Antivirus AVAST Software 28.06.2012 7.0.1426.0
CCleaner Piriform 21.02.2012 3.15
Diablo III Blizzard Entertainment 10.07.2012 1.0.3.10485
EVE Online (remove only) CCP Games Ltd. 09.05.2012
Free YouTube to MP3 Converter version 3.11.22.508 DVDVideoSoft Ltd. 06.06.2012 87,6MB 3.11.22.508
Heroes of Newerth S2 Games 22.02.2012 2.3.0
ICQ7M ICQ 28.06.2012 7.8
Java(TM) 6 Update 31 Oracle 23.02.2012 74,5MB 6.0.310
Java(TM) 7 Update 3 (64-bit) Oracle 23.02.2012 93,7MB 7.0.30
Malwarebytes Anti-Malware Version 1.62.0.1300 Malwarebytes Corporation 25.07.2012 18,8MB 1.62.0.1300
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.02.2012 0,42MB 8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 02.03.2012 0,77MB 9.0.30729 irgendwelche updates ?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.02.2012 0,23MB 9.0.30729 irgendwelche updates ?
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 21.02.2012 0,58MB 9.0.30729.4148 irgendwelche updates ?
Mozilla Firefox 14.0.1 (x86 de) Mozilla 17.07.2012 36,3MB 14.0.1
Mozilla Maintenance Service Mozilla 17.07.2012 0,30MB 14.0.1
MSI Afterburner 2.1.0 MSI Co., LTD 21.02.2012 2.1.0
NC Launcher (GameForge) NCsoft 29.02.2012
NVIDIA 3D Vision Controller-Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA 3D Vision Treiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA Drivers NVIDIA Corporation 21.02.2012 1.7
NVIDIA ForceWare Network Access Manager NVIDIA Corporation 21.02.2012 39,0MB 1.00.7316
NVIDIA Grafiktreiber 295.73 NVIDIA Corporation 21.02.2012 295.73
NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Corporation 21.02.2012 1.3.12.0
NVIDIA Update 1.7.11 NVIDIA Corporation 21.02.2012 1.7.11
Picasa 3 Google, Inc. 26.02.2012 3.8
Skype™ 5.9 Skype Technologies S.A. 30.05.2012 19,3MB 5.9.115
SpeedFan (remove only) 21.02.2012
StarCraft II Blizzard Entertainment 21.02.2012 1.4.3.21029
T4E Player Techno4ever 22.03.2012
TeamSpeak 3 Client TeamSpeak Systems GmbH 03.03.2012
TP-LINK Wireless Client Utility TP-LINK 03.04.2012 7.0
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 21.02.2012 2,62MB 1.34
VLC media player 2.0.0 VideoLAN 21.02.2012 2.0.0
WinRAR 4.20 (64-bit) win.rar GmbH 25.07.2012 4.20.0

sehe auf anhieb kein Programm das stören würde :pfeiff:

littleTED 29.07.2012 17:42
???
gehts noch weiter :)
:rolleyes:

markusg 29.07.2012 17:44
wieso fehlen die beschriftungen


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131