Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mail delivery failed Nachrichten und außerdem Balue Screen (https://www.trojaner-board.de/136246-mail-delivery-failed-nachrichten-ausserdem-balue-screen.html)

amir121 09.06.2013 13:49
Mail delivery failed Nachrichten und außerdem Balue Screen
 
Guten Tag
Ich bekomme jede Miunute eine Mail (Outlook 2007 ) mit der Titel Mail Delivery und außerdem jede Stunde einmal kommt eine Blaue Seite und pc fährt sofort runter und bitte um Hilfe, hier sind die Dataien :OTL Logfile:
Code:
OTL logfile created on: 09.06.2013 14:13:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hotel Tourist\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 68,36% Memory free
7,83 Gb Paging File | 6,52 Gb Available in Paging File | 83,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 804,28 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
 
Computer Name: HOTELTOURIST-PC | User Name: Hotel Tourist | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hotel Tourist\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
PRC - C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe (Microsoft)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Brother\Brmfl10f\brrunpp.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (mfevtp) -- C:\Programme\Common Files\mcafee\systemcore\mfevtps.exe (McAfee, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe ()
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (aswKbd) -- C:\windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^HJ^xdm179^YY^de&si=226019352&ptb=35BBDA33-F493-4FC6-B6F6-B0D6DFA52D59&ind=2013032304&n=77fc6f70&psa=&st=sb&searchfor={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A A6 DD ED FE 4F CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=746C4437E64CBA98
IE - HKCU\..\SearchScopes\{15449AE1-C3F5-475E-A34C-61299E3B328B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=a0c8f483-dd6b-41e4-85f4-36b1e8ba6b49&apn_sauid=CD20646F-1706-4CDE-81DE-D7C61EE992EB
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE453DE453
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.hrs.de/web3/showSessionTimeout.do;jsessionid=C9EBD03F212CE69E2CA97CEF01F35DCD.50-2?activity=showSessionError&branch=30205010&cid=50-2&clientId=ZGVfX05FWFQ-|https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: DivXWebPlayer%40divx.com:2.0.2.039
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.09 04:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.24 00:53:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.08 02:48:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013.04.09 04:17:02 | 000,000,000 | ---D | M]
 
[2013.04.09 04:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions
[2013.04.09 04:17:02 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
[2013.06.09 13:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions
[2012.05.29 21:16:43 | 000,000,000 | ---D | M] (Tradesignal Online Chart) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2013.05.10 09:17:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.03.14 00:16:45 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2013.05.13 15:18:55 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\plugin@yontoo.com
[2013.06.09 13:45:02 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\toolbar@ask.com
[2013.04.20 10:45:00 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\compatibility@addons.mozilla.org.xpi
[2012.07.24 23:58:03 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\DivXWebPlayer@divx.com.xpi
[2013.05.09 09:17:03 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.06.09 13:45:02 | 000,002,344 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\askcom.xml
[2013.05.13 15:18:45 | 000,006,505 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\babylon.xml
[2013.05.13 15:18:56 | 000,001,294 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\delta.xml
[2013.06.06 21:06:09 | 000,001,211 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\searchplugins\search.xml
[2013.05.24 00:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.24 00:53:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.04.12 21:33:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.04.12 21:33:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2005.04.05 05:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPJinit13122.dll
 
========== Chrome ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www1.delta-search.com/?affID=120519&tt=gc_&babsrc=HP_ss&mntrId=746C4437E64CBA98
CHR - plugin: Standardprofil (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: SpeedAnalysis.com = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon\1.0.0.1\
CHR - Extension: Google-Suche = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.1_0\
CHR - Extension: No name found = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.2_1\
CHR - Extension: avast! Online Security = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.6_0\
CHR - Extension: Iminent Toolbar = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcemhggbahmlmhgnbpbbdaklcojhbecn\2.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Hotel Tourist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2011.10.20 10:33:34 | 000,436,431 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20111017014348.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111017014348.dll (McAfee, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe (Brother Industries Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://192.168.2.150:888/DVRemoteAx.cab (DVRemoteControl Class)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
O16 - DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F3D4DD4-56AD-45B0-B74D-D660E8A85F1C}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0be50621-6e2c-11e1-867b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0be50621-6e2c-11e1-867b-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c459c83a-856c-11e1-9bb2-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c459c83a-856c-11e1-9bb2-005056c00008}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 14:00:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hotel Tourist\Desktop\OTL.exe
[2013.06.09 13:50:27 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Avira
[2013.06.09 13:45:55 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.09 13:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.09 13:44:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.06.09 13:44:38 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Local\APN
[2013.06.09 13:44:21 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2013.06.09 13:44:21 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2013.06.09 13:44:21 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2013.06.09 13:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.09 13:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.06.09 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Malwarebytes
[2013.06.09 13:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.09 13:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.09 13:32:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013.06.09 13:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.09 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Local\Programs
[2013.06.07 18:29:04 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\.jinit
[2013.06.07 17:23:19 | 000,000,000 | ---D | C] -- C:\Intel
[2013.06.07 17:16:01 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2013.06.06 21:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\2544a4
[2013.05.18 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner-Dateien
[2013.05.16 00:01:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013.05.16 00:01:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013.05.16 00:01:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013.05.16 00:01:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 00:01:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013.05.16 00:01:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013.05.16 00:01:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013.05.16 00:01:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013.05.16 00:01:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013.05.16 00:01:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013.05.16 00:01:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013.05.16 00:01:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 00:01:06 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013.05.16 00:01:06 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013.05.16 00:01:05 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013.05.15 14:52:10 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 14:52:09 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll
[2013.05.15 14:51:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013.05.15 14:51:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll
[2013.05.15 14:51:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013.05.15 14:51:56 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2013.05.15 14:51:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll
[2013.05.13 15:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013.05.13 15:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013.05.13 15:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013.05.13 15:18:53 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Yontoo
[2013.05.13 15:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.05.13 15:18:39 | 000,000,000 | ---D | C] -- C:\Users\Hotel Tourist\AppData\Roaming\Babylon
[2013.05.13 15:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.06.22 11:35:30 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 14:12:12 | 000,330,411 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013.06.09 14:12:07 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.09 14:11:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.09 14:11:29 | 3152,277,504 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 14:11:28 | 566,538,846 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013.06.09 14:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hotel Tourist\Desktop\OTL.exe
[2013.06.09 13:50:05 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 13:50:05 | 000,020,480 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 13:47:18 | 001,630,122 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.09 13:47:18 | 000,703,026 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.09 13:47:18 | 000,657,738 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.09 13:47:18 | 000,150,348 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.09 13:47:18 | 000,123,136 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.09 13:45:43 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\windows\SysNative\drivers\avnetflt.sys
[2013.06.09 13:37:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 13:32:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.09 13:26:28 | 000,019,658 | ---- | M] () -- C:\Users\Hotel Tourist\Documents\cc_20130609_132623.reg
[2013.06.09 13:18:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.09 07:44:49 | 000,000,152 | ---- | M] () -- C:\windows\Brfaxrx.ini
[2013.06.06 15:29:00 | 000,083,264 | ---- | M] () -- C:\Users\Hotel Tourist\Desktop\Internet-CheckIn-Boarding-Docs.pdf
[2013.06.05 17:07:24 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013.05.24 14:11:30 | 000,001,087 | ---- | M] () -- C:\windows\Brpfx04a.ini
[2013.05.18 18:30:16 | 000,045,361 | ---- | M] () -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner.htm
[2013.05.16 00:24:15 | 000,428,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.15 10:37:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 10:37:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.13 15:24:13 | 000,002,599 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.05.13 15:13:50 | 000,003,584 | ---- | M] () -- C:\Users\Hotel Tourist\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.13 11:39:48 | 000,066,477 | ---- | M] () -- C:\Users\Hotel Tourist\Documents\Vasilca Aurelia, Bewerbung um eine Stelle als Hausdame.pdf
[1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 14:11:28 | 566,538,846 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013.06.09 13:32:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.09 13:26:25 | 000,019,658 | ---- | C] () -- C:\Users\Hotel Tourist\Documents\cc_20130609_132623.reg
[2013.06.06 15:29:00 | 000,083,264 | ---- | C] () -- C:\Users\Hotel Tourist\Desktop\Internet-CheckIn-Boarding-Docs.pdf
[2013.05.18 18:30:13 | 000,045,361 | ---- | C] () -- C:\Users\Hotel Tourist\Desktop\ReiseBank AG Die Bargeld-Experten. - Währungsrechner.htm
[2013.05.13 15:24:13 | 000,002,599 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013.05.13 15:13:50 | 000,003,584 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.13 11:39:46 | 000,066,477 | ---- | C] () -- C:\Users\Hotel Tourist\Documents\Vasilca Aurelia, Bewerbung um eine Stelle als Hausdame.pdf
[2013.04.25 17:39:01 | 000,000,997 | ---- | C] () -- C:\windows\wininit.ini
[2013.02.26 18:23:55 | 000,000,060 | R--- | C] () -- C:\Program Files (x86)\BRINST.INI
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.11.16 17:31:18 | 000,004,096 | -H-- | C] () -- C:\Users\Hotel Tourist\AppData\Local\keyfile3.drm
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012.06.26 07:54:16 | 000,058,368 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\gfdebtif
[2012.06.26 07:50:15 | 000,000,000 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\SharedSettings.ccs
[2012.05.25 19:57:15 | 000,000,648 | ---- | C] () -- C:\windows\SysWow64\iCMS.dat
[2012.01.27 23:41:13 | 000,007,625 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Local\resmon.resmoncfg
[2011.12.22 18:05:36 | 000,009,339 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML
[2011.12.22 17:57:07 | 000,038,456 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2011.12.22 17:54:10 | 000,009,349 | ---- | C] () -- C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).EML
[2011.11.24 00:26:28 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD7320.DAT
[2011.11.24 00:25:58 | 000,000,152 | ---- | C] () -- C:\windows\Brfaxrx.ini
[2011.11.24 00:25:57 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
[2011.11.10 11:05:19 | 000,145,897 | ---- | C] () -- C:\Users\Hotel Tourist\LH_WEBCKI.LI.STANDALONE.1RRKuhLgD90zNzMjCL08d6.pdf
[2011.10.25 21:15:00 | 000,001,087 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2011.10.25 21:15:00 | 000,000,168 | ---- | C] () -- C:\windows\brpcfx.ini
[2011.10.25 21:14:50 | 000,000,432 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011.10.25 21:14:31 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2011.10.25 21:14:27 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2011.10.24 16:06:25 | 000,002,414 | ---- | C] () -- C:\Users\Hotel Tourist\jinitiator13125.trace
[2011.10.22 06:45:13 | 001,607,080 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.10.19 19:46:22 | 000,000,600 | ---- | C] () -- C:\windows\nsreg.dat
[2011.10.19 19:34:50 | 000,036,962 | ---- | C] () -- C:\windows\SysWow64\ActPanel.dll
[2011.08.31 19:51:16 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.08.31 19:51:16 | 000,216,000 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.06.22 12:15:34 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2011.06.22 12:15:33 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2011.06.22 11:23:49 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011.06.22 11:22:06 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 143 bytes -> C:\Users\Hotel Tourist\AppData\Roaming\Tabulatorgetrennte Werte (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Hotel Tourist\AppData\Roaming\Kommagetrennte Werte (DOS).EML:OECustomProperty
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 09.06.2013 14:13:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hotel Tourist\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 68,36% Memory free
7,83 Gb Paging File | 6,52 Gb Available in Paging File | 83,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906,34 Gb Total Space | 804,28 Gb Free Space | 88,74% Space Free | Partition Type: NTFS
 
Computer Name: HOTELTOURIST-PC | User Name: Hotel Tourist | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.reg [@ = regfile] -- C:\windows\regedit.exe ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Hotel Tourist\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Hotel Tourist\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20483FF3-4755-4168-8A8A-3B0909694136}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A35F9F8-3B21-46EF-B6C5-707A26A47889}" = lport=137 | protocol=17 | dir=in | app=system |
"{2E17D0AE-9BFF-4734-ABDD-C5817A6A6B61}" = rport=138 | protocol=17 | dir=out | app=system |
"{2EA288B2-4E53-46AF-9922-2C597797CEBD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4405CA93-1CEC-4231-A770-12E73BA9BCFD}" = lport=138 | protocol=17 | dir=in | app=system |
"{48A629FD-C119-414B-AAA8-59A099D0368C}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F4F9053-D8CA-4028-BF5C-F85070040D2F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{708076D2-3B77-45C5-8233-EC63C0AA01D4}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3EE56EB-6AD6-4B2A-90D2-D8E41328043A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A8AD2EF9-177B-4CCA-AC12-280DA44865E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B944573B-9BD7-41BB-BE08-B45F42655200}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BCFA9B6A-1DF8-44B1-AA76-15E799B93067}" = rport=139 | protocol=6 | dir=out | app=system |
"{BDD4E400-F834-4F4D-A9DE-DF64E22199CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CD29F2B5-0E19-4A55-9D42-4684D33B7CA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE85521F-CFAF-4627-9316-29BDAD09508D}" = rport=445 | protocol=6 | dir=out | app=system |
"{E25372CE-3567-422F-8489-FABDEDCCFF06}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4A2C3EB-8C60-4785-A334-BEEFE818BC18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F12F10F2-81BB-4B30-8DAA-7F8E9CABB9E9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027F1924-9D36-4950-82F8-88E1B0812CA3}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{073A4A6B-687E-4B6A-879A-CBFDC64DF125}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{1F68DD21-17D2-4C9A-A10D-CBFD482957C9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{28F7CD5D-7606-4DB5-A66C-6B096326F036}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B133060-FC50-4DC6-8B20-6571E11DDDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{359002F8-2C19-43A8-969A-5E9923C493BA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{49B3B6BC-4D35-45A9-9D54-E07E05307664}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58F693BA-3E9B-45FE-8D19-6DE1609ACB3A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6485064B-4A7C-428F-A0B6-DFAAEBAA8FBD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{7AD6FE2C-CCDB-45FC-B3DD-C38E5F353241}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{86E0276B-624A-403D-8287-6576B35742D2}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{88561F2A-894B-446E-B23C-21224AD0FFAC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{92D17F70-2566-4AE1-B487-00B7329B2930}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{95F70F3B-CF84-42A1-8072-12954EC8C3EC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9A84D06E-6859-4BB4-BA83-265A4B8A5AD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2FCB489-0D27-46CC-B78A-87FD4D34FD8C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B6AB7F83-B351-4B7D-8335-27A9E7B06FD4}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{C2AC50F0-7B50-4EAA-AE04-90EB8A53DA4D}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C8477BE2-342A-42F2-A312-FC91CF55D2D3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{CD634C02-7466-42E5-A766-504DCB780C6E}" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DC48C796-0E51-490B-8C3E-8A0DF453F16E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{F2299B20-6DF3-4481-AA34-327288CCE9BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{2A0565F1-9178-44D4-889B-2E19721B5D99}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3C8AF33A-FBCC-4B9B-A06F-FE8120DCE833}C:\users\hotel tourist\appdata\roaming\evoz\mocab.exe" = protocol=6 | dir=in | app=c:\users\hotel tourist\appdata\roaming\evoz\mocab.exe |
"TCP Query User{831963F3-813C-4A05-954C-5B0F7204B54E}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"TCP Query User{92A58D4C-56B5-47AF-B877-B69C434C0F6A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{BDF1E5A1-C127-427F-B177-786C81B1A007}C:\program files (x86)\microsoft office\office12\drat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\drat.exe |
"UDP Query User{13DA210D-1B29-4582-B19E-6987383B328C}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{328BBDE4-5B7F-484D-9B96-EC9A5EFEAEF1}C:\program files (x86)\microsoft office\office12\drat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\drat.exe |
"UDP Query User{7F6F198E-9F6F-4CD3-B76D-492D20AEC67E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{CFA5868F-ACB1-43BB-B13B-BFB84AD6EABF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{D6EA648A-27D6-47D0-B4DC-393D793B4313}C:\users\hotel tourist\appdata\roaming\evoz\mocab.exe" = protocol=17 | dir=in | app=c:\users\hotel tourist\appdata\roaming\evoz\mocab.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"WinRAR archiver" = WinRAR 4.10 beta 1 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED38503-B69A-44B4-98BE-21BFF284A9B6}" = Brother Driver Deployment Wizard
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5183D7AB-D09B-411F-A74E-BBAEA61C6505}" = Lenovo Eye Distance System
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BF6FA12-4DA0-4BBD-A91C-81B1A1DDCE74}" = iCMS
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90DEECCD-DDD3-41F1-9DBE-19C851253912}" = Remote Viewer
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CAFECAFE-0013-0001-0125-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.25
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9ED6D06-6002-495E-A7BC-46E6AE386996}" = Lenovo Dynamic Brightness System
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"DomaIQ Uninstaller" = DomaIQ
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Micros Fidelio Opera Print Control" = Micros Fidelio Opera Print Control
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"Revo Uninstaller" = Revo Uninstaller 1.94
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VideoPerformer" = VideoPerformer
"VMware_Workstation" = VMware Workstation
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2013 14:02:00 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2013 14:49:08 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2013 15:03:42 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2013 15:46:16 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2013 16:06:07 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 07.06.2013 19:36:02 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.06.2013 00:28:28 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.06.2013 01:15:18 | Computer Name = HotelTourist-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.06.2013 01:17:23 | Computer Name = HotelTourist-PC | Source = ESENT | ID = 453
Description = taskhost (2420) WebCacheLocal: Die Datenbank 'C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat'
erfordert die Protokolldateien '2062' - '2063' (C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\V010080E.log
- C:\Users\Hotel Tourist\AppData\Local\Microsoft\Windows\WebCache\V01.log) für
eine erfolgreiche Wiederherstellung. Es wurden nur Protokolldateien bis '2062' (C:\Users\Hotel
Tourist\AppData\Local\Microsoft\Windows\WebCache\V010080E.log) gefunden.
 
Error - 08.06.2013 01:17:23 | Computer Name = HotelTourist-PC | Source = ESENT | ID = 454
Description = taskhost (2420) WebCacheLocal: Bei Datenbankwiederherstellung trat
ein unerwarteter Fehler -543 auf.
 
[ OSession Events ]
Error - 13.03.2012 03:06:13 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89544
seconds with 6780 seconds of active time. This session ended with a crash.
 
Error - 21.03.2012 11:04:26 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22384
seconds with 2880 seconds of active time. This session ended with a crash.
 
Error - 28.03.2012 05:40:58 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16349
seconds with 3420 seconds of active time. This session ended with a crash.
 
Error - 29.03.2012 08:00:08 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 86810
seconds with 2520 seconds of active time. This session ended with a crash.
 
Error - 12.04.2012 10:49:22 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35370
seconds with 5520 seconds of active time. This session ended with a crash.
 
Error - 13.04.2012 09:10:32 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2009
seconds with 1080 seconds of active time. This session ended with a crash.
 
Error - 25.04.2012 07:35:48 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 196440
seconds with 12420 seconds of active time. This session ended with a crash.
 
Error - 07.03.2013 06:55:48 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 423686
seconds with 18000 seconds of active time. This session ended with a crash.
 
Error - 02.04.2013 07:39:02 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 434373
seconds with 14760 seconds of active time. This session ended with a crash.
 
Error - 31.05.2013 13:04:44 | Computer Name = HotelTourist-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 278947
seconds with 15960 seconds of active time. This session ended with a crash.
 
[ System Events ]
Error - 08.06.2013 10:51:47 | Computer Name = HotelTourist-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 08.06.2013 11:06:09 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2013 um 17:05:12 unerwartet heruntergefahren.
 
Error - 08.06.2013 11:06:10 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 08.06.2013 11:23:01 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2013 um 17:21:03 unerwartet heruntergefahren.
 
Error - 08.06.2013 11:23:04 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 08.06.2013 14:45:25 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?08.?06.?2013 um 20:43:56 unerwartet heruntergefahren.
 
Error - 08.06.2013 14:45:29 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 09.06.2013 07:41:20 | Computer Name = HotelTourist-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
 
Error - 09.06.2013 08:11:38 | Computer Name = HotelTourist-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 14:09:41 unerwartet heruntergefahren.
 
Error - 09.06.2013 08:11:42 | Computer Name = HOTELTOURIST-PC | Source = BugCheck | ID = 1001
Description =
 
 
< End of report >
--- --- ---


GMER Logfile:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 14:38:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HDS721010CLA332 rev.JP4OA3FE 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\HOTELT~1\AppData\Local\Temp\kxrcrpog.sys
 
 
---- Kernel code sections - GMER 2.1 ----
 
PAGE C:\windows\system32\ntoskrnl.exe!NtResumeThread fffff8000337df50 1 byte INT3
 
---- User code sections - GMER 2.1 ----
 
.text C:\windows\Explorer.EXE[1780] C:\windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a01830 1 byte [FB]
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[1208] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[1208] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[3744] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
.text C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe[3728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000775d1465 2 bytes [5D, 77]
.text C:\Users\Hotel Tourist\AppData\Roaming\Yontoo\YontooDesktop.exe[3728] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000775d14bb 2 bytes [5D, 77]
.text ... * 2
.text C:\windows\explorer.exe[4492] C:\windows\SYSTEM32\ntdll.dll!NtResumeThread 0000000077a01830 1 byte [FB]
 
---- Threads - GMER 2.1 ----
 
Thread C:\windows\Explorer.EXE [1780:3024] 0000000001f9e7b4
Thread C:\windows\Explorer.EXE [1780:3028] 0000000001fa25ec
Thread C:\windows\explorer.exe [4492:4584] 000000000018e7b4
Thread C:\windows\explorer.exe [4492:4588] 00000000001925ec
Thread C:\windows\explorer.exe [4492:4792] 0000000000189aa2
 
---- EOF - GMER 2.1 ----
--- --- ---
habe auch Antimalware durchgeführt und wurde keine infizierte Dataien gefunden..
Freue mich auf eine baldige Antwort
VG

markusg 09.06.2013 13:53
Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

amir121 09.06.2013 14:07
Hi,Hier ist das Ergebniss:
15:02:08.0625 4092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:02:08.0725 4092 ============================================================
15:02:08.0725 4092 Current date / time: 2013/06/09 15:02:08.0725
15:02:08.0725 4092 SystemInfo:
15:02:08.0725 4092
15:02:08.0725 4092 OS Version: 6.1.7601 ServicePack: 1.0
15:02:08.0725 4092 Product type: Workstation
15:02:08.0725 4092 ComputerName: HOTELTOURIST-PC
15:02:08.0725 4092 UserName: Hotel Tourist
15:02:08.0725 4092 Windows directory: C:\windows
15:02:08.0725 4092 System windows directory: C:\windows
15:02:08.0725 4092 Running under WOW64
15:02:08.0725 4092 Processor architecture: Intel x64
15:02:08.0725 4092 Number of processors: 4
15:02:08.0725 4092 Page size: 0x1000
15:02:08.0725 4092 Boot type: Normal boot
15:02:08.0725 4092 ============================================================
15:02:09.0755 4092 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:02:09.0755 4092 ============================================================
15:02:09.0755 4092 \Device\Harddisk0\DR0:
15:02:09.0755 4092 MBR partitions:
15:02:09.0755 4092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:02:09.0755 4092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
15:02:09.0755 4092 ============================================================
15:02:09.0785 4092 C: <-> \Device\Harddisk0\DR0\Partition2
15:02:09.0785 4092 ============================================================
15:02:09.0785 4092 Initialize success
15:02:09.0785 4092 ============================================================
15:03:18.0295 2812 ============================================================
15:03:18.0295 2812 Scan started
15:03:18.0295 2812 Mode: Manual; SigCheck; TDLFS;
15:03:18.0295 2812 ============================================================
15:03:18.0555 2812 ================ Scan system memory ========================
15:03:18.0555 2812 System memory - ok
15:03:18.0555 2812 ================ Scan services =============================
15:03:18.0665 2812 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:03:18.0785 2812 1394ohci - ok
15:03:18.0805 2812 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:03:18.0815 2812 ACPI - ok
15:03:18.0835 2812 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:03:18.0895 2812 AcpiPmi - ok
15:03:18.0955 2812 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:18.0975 2812 AdobeARMservice - ok
15:03:19.0085 2812 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:19.0105 2812 AdobeFlashPlayerUpdateSvc - ok
15:03:19.0135 2812 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:03:19.0155 2812 adp94xx - ok
15:03:19.0185 2812 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:03:19.0205 2812 adpahci - ok
15:03:19.0215 2812 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:03:19.0225 2812 adpu320 - ok
15:03:19.0255 2812 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:03:19.0385 2812 AeLookupSvc - ok
15:03:19.0415 2812 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:03:19.0465 2812 AFD - ok
15:03:19.0495 2812 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:03:19.0505 2812 agp440 - ok
15:03:19.0525 2812 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:03:19.0565 2812 ALG - ok
15:03:19.0585 2812 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:03:19.0605 2812 aliide - ok
15:03:19.0605 2812 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:03:19.0615 2812 amdide - ok
15:03:19.0635 2812 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:03:19.0665 2812 AmdK8 - ok
15:03:19.0685 2812 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:03:19.0715 2812 AmdPPM - ok
15:03:19.0745 2812 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:03:19.0755 2812 amdsata - ok
15:03:19.0765 2812 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:03:19.0785 2812 amdsbs - ok
15:03:19.0795 2812 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:03:19.0805 2812 amdxata - ok
15:03:19.0945 2812 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:19.0965 2812 AntiVirSchedulerService - ok
15:03:19.0995 2812 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:20.0015 2812 AntiVirService - ok
15:03:20.0045 2812 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:03:20.0055 2812 AntiVirWebService - ok
15:03:20.0105 2812 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:03:20.0355 2812 AppID - ok
15:03:20.0375 2812 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:03:20.0415 2812 AppIDSvc - ok
15:03:20.0435 2812 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
15:03:20.0455 2812 Appinfo - ok
15:03:20.0485 2812 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:03:20.0495 2812 arc - ok
15:03:20.0505 2812 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:03:20.0525 2812 arcsas - ok
15:03:20.0585 2812 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:03:20.0605 2812 aspnet_state - ok
15:03:20.0675 2812 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
15:03:20.0685 2812 aswKbd - ok
15:03:20.0705 2812 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:03:20.0755 2812 AsyncMac - ok
15:03:20.0775 2812 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:03:20.0785 2812 atapi - ok
15:03:20.0865 2812 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
15:03:20.0965 2812 atikmdag - ok
15:03:21.0005 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:03:21.0095 2812 AudioEndpointBuilder - ok
15:03:21.0105 2812 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:03:21.0135 2812 AudioSrv - ok
15:03:21.0185 2812 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
15:03:21.0215 2812 avgntflt - ok
15:03:21.0235 2812 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
15:03:21.0255 2812 avipbb - ok
15:03:21.0265 2812 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
15:03:21.0275 2812 avkmgr - ok
15:03:21.0305 2812 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:03:21.0345 2812 AxInstSV - ok
15:03:21.0385 2812 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:03:21.0435 2812 b06bdrv - ok
15:03:21.0465 2812 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:03:21.0505 2812 b57nd60a - ok
15:03:21.0555 2812 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:03:21.0605 2812 BDESVC - ok
15:03:21.0635 2812 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:03:21.0705 2812 Beep - ok
15:03:21.0735 2812 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:03:21.0775 2812 BFE - ok
15:03:21.0805 2812 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
15:03:21.0855 2812 BITS - ok
15:03:21.0885 2812 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:03:21.0915 2812 blbdrive - ok
15:03:21.0935 2812 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:03:21.0975 2812 bowser - ok
15:03:21.0985 2812 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
15:03:21.0995 2812 BPntDrv - ok
15:03:22.0015 2812 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:03:22.0045 2812 BrFiltLo - ok
15:03:22.0065 2812 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:03:22.0085 2812 BrFiltUp - ok
15:03:22.0095 2812 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:03:22.0135 2812 Browser - ok
15:03:22.0155 2812 [ 63A00CDBEB300522C49EC7CA77324060 ] BrSerIb C:\windows\system32\DRIVERS\BrSerIb.sys
15:03:22.0175 2812 BrSerIb - ok
15:03:22.0195 2812 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:03:22.0245 2812 Brserid - ok
15:03:22.0255 2812 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:03:22.0285 2812 BrSerWdm - ok
15:03:22.0305 2812 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:03:22.0335 2812 BrUsbMdm - ok
15:03:22.0345 2812 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:03:22.0375 2812 BrUsbSer - ok
15:03:22.0415 2812 [ BBCFD6C6EF66449F55AF1BFDB08C9B12 ] BrUsbSIb C:\windows\system32\DRIVERS\BrUsbSIb.sys
15:03:22.0425 2812 BrUsbSIb - ok
15:03:22.0455 2812 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
15:03:22.0465 2812 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
15:03:22.0465 2812 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
15:03:22.0485 2812 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
15:03:22.0515 2812 BTHMODEM - ok
15:03:22.0545 2812 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:03:22.0575 2812 bthserv - ok
15:03:22.0595 2812 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:03:22.0645 2812 cdfs - ok
15:03:22.0685 2812 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:03:22.0715 2812 cdrom - ok
15:03:22.0735 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:03:22.0785 2812 CertPropSvc - ok
15:03:22.0815 2812 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\windows\system32\drivers\cfwids.sys
15:03:22.0825 2812 cfwids - ok
15:03:22.0835 2812 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:03:22.0855 2812 circlass - ok
15:03:22.0875 2812 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:03:22.0895 2812 CLFS - ok
15:03:22.0945 2812 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:22.0955 2812 clr_optimization_v2.0.50727_32 - ok
15:03:22.0985 2812 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:22.0995 2812 clr_optimization_v2.0.50727_64 - ok
15:03:23.0055 2812 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:23.0065 2812 clr_optimization_v4.0.30319_32 - ok
15:03:23.0075 2812 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:23.0095 2812 clr_optimization_v4.0.30319_64 - ok
15:03:23.0115 2812 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
15:03:23.0145 2812 CmBatt - ok
15:03:23.0165 2812 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:03:23.0175 2812 cmdide - ok
15:03:23.0215 2812 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
15:03:23.0245 2812 CNG - ok
15:03:23.0255 2812 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:03:23.0275 2812 Compbatt - ok
15:03:23.0285 2812 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:03:23.0315 2812 CompositeBus - ok
15:03:23.0325 2812 COMSysApp - ok
15:03:23.0365 2812 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
15:03:23.0375 2812 cphs - ok
15:03:23.0405 2812 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:03:23.0425 2812 crcdisk - ok
15:03:23.0455 2812 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
15:03:23.0515 2812 CryptSvc - ok
15:03:23.0545 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:03:23.0605 2812 DcomLaunch - ok
15:03:23.0645 2812 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:03:23.0695 2812 defragsvc - ok
15:03:23.0715 2812 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:03:23.0765 2812 DfsC - ok
15:03:23.0785 2812 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:03:23.0845 2812 Dhcp - ok
15:03:23.0865 2812 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:03:23.0915 2812 discache - ok
15:03:23.0935 2812 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:03:23.0955 2812 Disk - ok
15:03:23.0975 2812 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:03:24.0005 2812 Dnscache - ok
15:03:24.0025 2812 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:03:24.0065 2812 dot3svc - ok
15:03:24.0075 2812 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:03:24.0125 2812 DPS - ok
15:03:24.0155 2812 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:03:24.0185 2812 drmkaud - ok
15:03:24.0225 2812 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:03:24.0255 2812 DXGKrnl - ok
15:03:24.0285 2812 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
15:03:24.0295 2812 e1cexpress - ok
15:03:24.0325 2812 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:03:24.0365 2812 EapHost - ok
15:03:24.0415 2812 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:03:24.0475 2812 ebdrv - ok
15:03:24.0505 2812 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:03:24.0555 2812 EFS - ok
15:03:24.0595 2812 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:03:24.0665 2812 ehRecvr - ok
15:03:24.0685 2812 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:03:24.0695 2812 ehSched - ok
15:03:24.0735 2812 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:03:24.0755 2812 elxstor - ok
15:03:24.0765 2812 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:03:24.0795 2812 ErrDev - ok
15:03:24.0855 2812 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:03:24.0905 2812 EventSystem - ok
15:03:24.0915 2812 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:03:24.0955 2812 exfat - ok
15:03:24.0955 2812 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:03:25.0005 2812 fastfat - ok
15:03:25.0025 2812 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:03:25.0075 2812 Fax - ok
15:03:25.0095 2812 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
15:03:25.0105 2812 fbfmon - ok
15:03:25.0115 2812 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:03:25.0155 2812 fdc - ok
15:03:25.0175 2812 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:03:25.0205 2812 fdPHost - ok
15:03:25.0215 2812 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:03:25.0245 2812 FDResPub - ok
15:03:25.0265 2812 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:03:25.0275 2812 FileInfo - ok
15:03:25.0285 2812 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:03:25.0365 2812 Filetrace - ok
15:03:25.0405 2812 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:03:25.0455 2812 flpydisk - ok
15:03:25.0485 2812 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:03:25.0505 2812 FltMgr - ok
15:03:25.0545 2812 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
15:03:25.0575 2812 FontCache - ok
15:03:25.0615 2812 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:25.0635 2812 FontCache3.0.0.0 - ok
15:03:25.0655 2812 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:03:25.0675 2812 FsDepends - ok
15:03:25.0695 2812 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:03:25.0715 2812 Fs_Rec - ok
15:03:25.0735 2812 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:03:25.0755 2812 fvevol - ok
15:03:25.0775 2812 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:03:25.0795 2812 gagp30kx - ok
15:03:25.0815 2812 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:03:25.0855 2812 gpsvc - ok
15:03:25.0865 2812 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:25.0875 2812 gupdate - ok
15:03:25.0895 2812 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:25.0905 2812 gupdatem - ok
15:03:25.0925 2812 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\windows\system32\drivers\hcmon.sys
15:03:25.0935 2812 hcmon - ok
15:03:25.0955 2812 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:03:26.0005 2812 hcw85cir - ok
15:03:26.0025 2812 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:03:26.0055 2812 HdAudAddService - ok
15:03:26.0095 2812 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:03:26.0125 2812 HDAudBus - ok
15:03:26.0125 2812 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:03:26.0135 2812 HidBatt - ok
15:03:26.0155 2812 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:03:26.0175 2812 HidBth - ok
15:03:26.0195 2812 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:03:26.0215 2812 HidIr - ok
15:03:26.0235 2812 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:03:26.0265 2812 hidserv - ok
15:03:26.0285 2812 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:03:26.0295 2812 HidUsb - ok
15:03:26.0315 2812 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:03:26.0365 2812 hkmsvc - ok
15:03:26.0375 2812 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:03:26.0415 2812 HomeGroupListener - ok
15:03:26.0435 2812 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:03:26.0465 2812 HomeGroupProvider - ok
15:03:26.0485 2812 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:03:26.0495 2812 HpSAMD - ok
15:03:26.0525 2812 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:03:26.0585 2812 HTTP - ok
15:03:26.0605 2812 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:03:26.0615 2812 hwpolicy - ok
15:03:26.0665 2812 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:03:26.0695 2812 i8042prt - ok
15:03:26.0715 2812 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:03:26.0735 2812 iaStorV - ok
15:03:26.0775 2812 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:26.0795 2812 idsvc - ok
15:03:26.0895 2812 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:03:27.0025 2812 igfx - ok
15:03:27.0055 2812 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:03:27.0065 2812 iirsp - ok
15:03:27.0095 2812 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:03:27.0145 2812 IKEEXT - ok
15:03:27.0215 2812 [ 62C93ABEC0F8A9A235BF7A86B9FC3A0C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:03:27.0275 2812 IntcAzAudAddService - ok
15:03:27.0315 2812 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:03:27.0345 2812 IntcDAud - ok
15:03:27.0355 2812 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:03:27.0375 2812 intelide - ok
15:03:27.0405 2812 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:03:27.0425 2812 intelppm - ok
15:03:27.0455 2812 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:03:27.0495 2812 IPBusEnum - ok
15:03:27.0515 2812 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:03:27.0545 2812 IpFilterDriver - ok
15:03:27.0595 2812 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:03:27.0655 2812 iphlpsvc - ok
15:03:27.0665 2812 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:03:27.0685 2812 IPMIDRV - ok
15:03:27.0705 2812 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:03:27.0755 2812 IPNAT - ok
15:03:27.0775 2812 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:03:27.0805 2812 IRENUM - ok
15:03:27.0815 2812 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:03:27.0825 2812 isapnp - ok
15:03:27.0845 2812 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:03:27.0865 2812 iScsiPrt - ok
15:03:27.0895 2812 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe
15:03:27.0915 2812 JME Keyboard ( UnsignedFile.Multi.Generic ) - warning
15:03:27.0915 2812 JME Keyboard - detected UnsignedFile.Multi.Generic (1)
15:03:27.0935 2812 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:03:27.0945 2812 kbdclass - ok
15:03:27.0965 2812 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
15:03:27.0985 2812 kbdhid - ok
15:03:28.0005 2812 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:03:28.0015 2812 KeyIso - ok
15:03:28.0035 2812 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:03:28.0055 2812 KSecDD - ok
15:03:28.0065 2812 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:03:28.0085 2812 KSecPkg - ok
15:03:28.0095 2812 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:03:28.0145 2812 ksthunk - ok
15:03:28.0175 2812 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:03:28.0225 2812 KtmRm - ok
15:03:28.0255 2812 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:03:28.0305 2812 LanmanServer - ok
15:03:28.0325 2812 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:03:28.0365 2812 LanmanWorkstation - ok
15:03:28.0385 2812 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:03:28.0435 2812 lltdio - ok
15:03:28.0445 2812 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:03:28.0485 2812 lltdsvc - ok
15:03:28.0495 2812 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:03:28.0545 2812 lmhosts - ok
15:03:28.0605 2812 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:03:28.0625 2812 LMS - ok
15:03:28.0655 2812 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:03:28.0675 2812 LSI_FC - ok
15:03:28.0695 2812 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:03:28.0705 2812 LSI_SAS - ok
15:03:28.0715 2812 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:03:28.0725 2812 LSI_SAS2 - ok
15:03:28.0735 2812 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:03:28.0755 2812 LSI_SCSI - ok
15:03:28.0765 2812 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:03:28.0805 2812 luafv - ok
15:03:28.0855 2812 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
15:03:28.0865 2812 MBAMProtector - ok
15:03:28.0905 2812 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:03:28.0925 2812 MBAMScheduler - ok
15:03:28.0955 2812 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:03:28.0985 2812 MBAMService - ok
15:03:29.0065 2812 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:03:29.0085 2812 McNASvc - ok
15:03:29.0115 2812 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:03:29.0145 2812 McShield - ok
15:03:29.0165 2812 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:03:29.0205 2812 Mcx2Svc - ok
15:03:29.0225 2812 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:03:29.0245 2812 megasas - ok
15:03:29.0255 2812 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:03:29.0275 2812 MegaSR - ok
15:03:29.0305 2812 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:03:29.0315 2812 MEIx64 - ok
15:03:29.0335 2812 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
15:03:29.0345 2812 mfeapfk - ok
15:03:29.0375 2812 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
15:03:29.0385 2812 mfeavfk - ok
15:03:29.0395 2812 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:03:29.0405 2812 mfefire - ok
15:03:29.0415 2812 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
15:03:29.0435 2812 mfefirek - ok
15:03:29.0455 2812 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\windows\system32\drivers\mfehidk.sys
15:03:29.0475 2812 mfehidk - ok
15:03:29.0495 2812 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
15:03:29.0505 2812 mfenlfk - ok
15:03:29.0515 2812 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\windows\system32\drivers\mferkdet.sys
15:03:29.0525 2812 mferkdet - ok
15:03:29.0575 2812 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
15:03:29.0585 2812 mfevtp - ok
15:03:29.0585 2812 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
15:03:29.0605 2812 mfewfpk - ok
15:03:29.0665 2812 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:03:29.0685 2812 Microsoft Office Groove Audit Service - ok
15:03:29.0705 2812 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:03:29.0765 2812 MMCSS - ok
15:03:29.0775 2812 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:03:29.0815 2812 Modem - ok
15:03:29.0835 2812 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:03:29.0865 2812 monitor - ok
15:03:29.0895 2812 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:03:29.0905 2812 mouclass - ok
15:03:29.0925 2812 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:03:29.0955 2812 mouhid - ok
15:03:29.0985 2812 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:03:29.0995 2812 mountmgr - ok
15:03:30.0065 2812 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:03:30.0085 2812 MozillaMaintenance - ok
15:03:30.0105 2812 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:03:30.0115 2812 mpio - ok
15:03:30.0125 2812 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:03:30.0155 2812 mpsdrv - ok
15:03:30.0185 2812 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:03:30.0245 2812 MpsSvc - ok
15:03:30.0255 2812 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:03:30.0285 2812 MRxDAV - ok
15:03:30.0315 2812 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:03:30.0365 2812 mrxsmb - ok
15:03:30.0375 2812 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:03:30.0395 2812 mrxsmb10 - ok
15:03:30.0395 2812 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:03:30.0415 2812 mrxsmb20 - ok
15:03:30.0425 2812 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:03:30.0445 2812 msahci - ok
15:03:30.0455 2812 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:03:30.0465 2812 msdsm - ok
15:03:30.0485 2812 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:03:30.0515 2812 MSDTC - ok
15:03:30.0545 2812 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:03:30.0595 2812 Msfs - ok
15:03:30.0615 2812 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:03:30.0725 2812 mshidkmdf - ok
15:03:30.0725 2812 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:03:30.0735 2812 msisadrv - ok
15:03:30.0755 2812 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:03:30.0795 2812 MSiSCSI - ok
15:03:30.0795 2812 msiserver - ok
15:03:30.0805 2812 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:03:30.0855 2812 MSKSSRV - ok
15:03:30.0875 2812 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:03:30.0915 2812 MSPCLOCK - ok
15:03:30.0925 2812 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:03:30.0975 2812 MSPQM - ok
15:03:30.0995 2812 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:03:31.0015 2812 MsRPC - ok
15:03:31.0015 2812 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:03:31.0025 2812 mssmbios - ok
15:03:31.0035 2812 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:03:31.0075 2812 MSTEE - ok
15:03:31.0085 2812 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:03:31.0105 2812 MTConfig - ok
15:03:31.0115 2812 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:03:31.0125 2812 Mup - ok
15:03:31.0155 2812 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:03:31.0205 2812 napagent - ok
15:03:31.0235 2812 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:03:31.0275 2812 NativeWifiP - ok
15:03:31.0325 2812 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:03:31.0355 2812 NDIS - ok
15:03:31.0365 2812 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:03:31.0405 2812 NdisCap - ok
15:03:31.0415 2812 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:03:31.0445 2812 NdisTapi - ok
15:03:31.0455 2812 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:03:31.0495 2812 Ndisuio - ok
15:03:31.0505 2812 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:03:31.0555 2812 NdisWan - ok
15:03:31.0575 2812 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:03:31.0605 2812 NDProxy - ok
15:03:31.0635 2812 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:03:31.0685 2812 NetBIOS - ok
15:03:31.0705 2812 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:03:31.0735 2812 NetBT - ok
15:03:31.0755 2812 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:03:31.0775 2812 Netlogon - ok
15:03:31.0805 2812 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:03:31.0845 2812 Netman - ok
15:03:31.0895 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:31.0925 2812 NetMsmqActivator - ok
15:03:31.0935 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:31.0955 2812 NetPipeActivator - ok
15:03:31.0955 2812 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:03:32.0005 2812 netprofm - ok
15:03:32.0005 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:32.0015 2812 NetTcpActivator - ok
15:03:32.0025 2812 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:03:32.0035 2812 NetTcpPortSharing - ok
15:03:32.0065 2812 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:03:32.0075 2812 nfrd960 - ok
15:03:32.0105 2812 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
15:03:32.0125 2812 NlaSvc - ok
15:03:32.0125 2812 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:03:32.0165 2812 Npfs - ok
15:03:32.0185 2812 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:03:32.0225 2812 nsi - ok
15:03:32.0245 2812 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:03:32.0275 2812 nsiproxy - ok
15:03:32.0305 2812 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:03:32.0345 2812 Ntfs - ok
15:03:32.0365 2812 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:03:32.0395 2812 Null - ok
15:03:32.0415 2812 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:03:32.0435 2812 nvraid - ok
15:03:32.0455 2812 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:03:32.0465 2812 nvstor - ok
15:03:32.0485 2812 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:03:32.0495 2812 nv_agp - ok
15:03:32.0525 2812 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:03:32.0545 2812 odserv - ok
15:03:32.0555 2812 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:03:32.0565 2812 ohci1394 - ok
15:03:32.0595 2812 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:03:32.0605 2812 ose - ok
15:03:32.0655 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:03:32.0705 2812 p2pimsvc - ok
15:03:32.0725 2812 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:03:32.0745 2812 p2psvc - ok
15:03:32.0765 2812 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:03:32.0805 2812 Parport - ok
15:03:32.0835 2812 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:03:32.0855 2812 partmgr - ok
15:03:32.0865 2812 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:03:32.0895 2812 PcaSvc - ok
15:03:32.0905 2812 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:03:32.0925 2812 pci - ok
15:03:32.0935 2812 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:03:32.0945 2812 pciide - ok
15:03:32.0955 2812 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:03:32.0975 2812 pcmcia - ok
15:03:32.0975 2812 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:03:32.0995 2812 pcw - ok
15:03:33.0055 2812 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
15:03:33.0075 2812 PDFProFiltSrvPP - ok
15:03:33.0085 2812 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:03:33.0145 2812 PEAUTH - ok
15:03:33.0215 2812 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:03:33.0245 2812 PerfHost - ok
15:03:33.0305 2812 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:03:33.0375 2812 pla - ok
15:03:33.0395 2812 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:03:33.0445 2812 PlugPlay - ok
15:03:33.0455 2812 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:03:33.0485 2812 PNRPAutoReg - ok
15:03:33.0505 2812 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:03:33.0515 2812 PNRPsvc - ok
15:03:33.0545 2812 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:03:33.0595 2812 PolicyAgent - ok
15:03:33.0625 2812 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:03:33.0675 2812 Power - ok
15:03:33.0705 2812 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:03:33.0755 2812 PptpMiniport - ok
15:03:33.0765 2812 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:03:33.0795 2812 Processor - ok
15:03:33.0815 2812 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:03:33.0845 2812 ProfSvc - ok
15:03:33.0855 2812 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:03:33.0865 2812 ProtectedStorage - ok
15:03:33.0885 2812 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:03:33.0935 2812 Psched - ok
15:03:33.0975 2812 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:03:34.0015 2812 ql2300 - ok
15:03:34.0025 2812 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:03:34.0045 2812 ql40xx - ok
15:03:34.0065 2812 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:03:34.0085 2812 QWAVE - ok
15:03:34.0095 2812 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:03:34.0135 2812 QWAVEdrv - ok
15:03:34.0155 2812 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:03:34.0195 2812 RasAcd - ok
15:03:34.0215 2812 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:03:34.0255 2812 RasAgileVpn - ok
15:03:34.0265 2812 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:03:34.0305 2812 RasAuto - ok
15:03:34.0325 2812 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:03:34.0355 2812 Rasl2tp - ok
15:03:34.0375 2812 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:03:34.0415 2812 RasMan - ok
15:03:34.0415 2812 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:03:34.0465 2812 RasPppoe - ok
15:03:34.0465 2812 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:03:34.0505 2812 RasSstp - ok
15:03:34.0525 2812 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:03:34.0565 2812 rdbss - ok
15:03:34.0585 2812 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:03:34.0605 2812 rdpbus - ok
15:03:34.0645 2812 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:03:34.0695 2812 RDPCDD - ok
15:03:34.0705 2812 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:03:34.0745 2812 RDPENCDD - ok
15:03:34.0755 2812 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:03:34.0785 2812 RDPREFMP - ok
15:03:34.0825 2812 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
15:03:34.0835 2812 RdpVideoMiniport - ok
15:03:34.0865 2812 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:03:34.0885 2812 RDPWD - ok
15:03:34.0915 2812 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:03:34.0925 2812 rdyboost - ok
15:03:34.0945 2812 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:03:34.0985 2812 RemoteAccess - ok
15:03:35.0015 2812 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:03:35.0055 2812 RemoteRegistry - ok
15:03:35.0075 2812 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:03:35.0125 2812 RpcEptMapper - ok
15:03:35.0135 2812 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:03:35.0165 2812 RpcLocator - ok
15:03:35.0175 2812 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:03:35.0205 2812 RpcSs - ok
15:03:35.0225 2812 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:03:35.0265 2812 rspndr - ok
15:03:35.0295 2812 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
15:03:35.0305 2812 RSUSBSTOR - ok
15:03:35.0335 2812 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
15:03:35.0375 2812 RTL8192Ce - ok
15:03:35.0385 2812 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:03:35.0395 2812 SamSs - ok
15:03:35.0405 2812 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:03:35.0425 2812 sbp2port - ok
15:03:35.0475 2812 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:03:35.0505 2812 SCardSvr - ok
15:03:35.0525 2812 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:03:35.0565 2812 scfilter - ok
15:03:35.0715 2812 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:03:35.0795 2812 Schedule - ok
15:03:35.0865 2812 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:03:35.0905 2812 SCPolicySvc - ok
15:03:35.0925 2812 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:03:35.0955 2812 SDRSVC - ok
15:03:35.0985 2812 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:03:36.0035 2812 secdrv - ok
15:03:36.0065 2812 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:03:36.0105 2812 seclogon - ok
15:03:36.0125 2812 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:03:36.0175 2812 SENS - ok
15:03:36.0195 2812 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:03:36.0235 2812 SensrSvc - ok
15:03:36.0255 2812 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
15:03:36.0275 2812 Serenum - ok
15:03:36.0305 2812 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:03:36.0325 2812 Serial - ok
15:03:36.0455 2812 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:03:36.0505 2812 sermouse - ok
15:03:36.0535 2812 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:03:36.0575 2812 SessionEnv - ok
15:03:36.0605 2812 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:03:36.0615 2812 sffdisk - ok
15:03:36.0665 2812 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:03:36.0705 2812 sffp_mmc - ok
15:03:36.0735 2812 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:03:36.0755 2812 sffp_sd - ok
15:03:36.0785 2812 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:03:36.0815 2812 sfloppy - ok
15:03:36.0895 2812 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:03:37.0005 2812 SharedAccess - ok
15:03:37.0065 2812 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:03:37.0125 2812 ShellHWDetection - ok
15:03:37.0155 2812 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:03:37.0205 2812 SiSRaid2 - ok
15:03:37.0245 2812 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:03:37.0405 2812 SiSRaid4 - ok
15:03:37.0455 2812 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:03:37.0555 2812 Smb - ok
15:03:37.0625 2812 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:03:37.0675 2812 SNMPTRAP - ok
15:03:37.0685 2812 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:03:37.0705 2812 spldr - ok
15:03:37.0725 2812 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:03:37.0755 2812 Spooler - ok
15:03:37.0805 2812 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:03:37.0875 2812 sppsvc - ok
15:03:37.0895 2812 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:03:37.0925 2812 sppuinotify - ok
15:03:37.0945 2812 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:03:38.0005 2812 srv - ok
15:03:38.0015 2812 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:03:38.0055 2812 srv2 - ok
15:03:38.0055 2812 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:03:38.0075 2812 srvnet - ok
15:03:38.0115 2812 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:03:38.0155 2812 SSDPSRV - ok
15:03:38.0175 2812 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:03:38.0205 2812 SstpSvc - ok
15:03:38.0225 2812 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:03:38.0245 2812 stexstor - ok
15:03:38.0285 2812 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:03:38.0335 2812 stisvc - ok
15:03:38.0355 2812 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:03:38.0365 2812 swenum - ok
15:03:38.0395 2812 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:03:38.0435 2812 swprv - ok
15:03:38.0475 2812 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:03:38.0525 2812 SysMain - ok
15:03:38.0545 2812 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:03:38.0565 2812 TabletInputService - ok
15:03:38.0575 2812 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:03:38.0615 2812 TapiSrv - ok
15:03:38.0635 2812 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:03:38.0675 2812 TBS - ok
15:03:38.0725 2812 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:03:38.0775 2812 Tcpip - ok
15:03:38.0805 2812 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:03:38.0835 2812 TCPIP6 - ok
15:03:38.0855 2812 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:03:38.0875 2812 tcpipreg - ok
15:03:38.0895 2812 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:03:38.0925 2812 TDPIPE - ok
15:03:38.0955 2812 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:03:38.0965 2812 TDTCP - ok
15:03:38.0975 2812 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:03:39.0015 2812 tdx - ok
15:03:39.0035 2812 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:03:39.0055 2812 TermDD - ok
15:03:39.0075 2812 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:03:39.0115 2812 TermService - ok
15:03:39.0125 2812 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:03:39.0145 2812 Themes - ok
15:03:39.0155 2812 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:03:39.0185 2812 THREADORDER - ok
15:03:39.0195 2812 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:03:39.0225 2812 TrkWks - ok
15:03:39.0255 2812 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:03:39.0285 2812 TrustedInstaller - ok
15:03:39.0315 2812 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:03:39.0355 2812 tssecsrv - ok
15:03:39.0395 2812 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:03:39.0435 2812 TsUsbFlt - ok
15:03:39.0455 2812 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:03:39.0485 2812 TsUsbGD - ok
15:03:39.0565 2812 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
15:03:39.0615 2812 TuneUp.UtilitiesSvc - ok
15:03:39.0645 2812 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
15:03:39.0665 2812 TuneUpUtilitiesDrv - ok
15:03:39.0695 2812 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:03:39.0735 2812 tunnel - ok
15:03:39.0755 2812 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:03:39.0765 2812 uagp35 - ok
15:03:39.0785 2812 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:03:39.0825 2812 udfs - ok
15:03:39.0865 2812 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
15:03:39.0875 2812 ufad-ws60 - ok
15:03:39.0895 2812 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:03:39.0915 2812 UI0Detect - ok
15:03:39.0935 2812 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:03:39.0945 2812 uliagpkx - ok
15:03:39.0965 2812 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:03:39.0995 2812 umbus - ok
15:03:40.0015 2812 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:03:40.0035 2812 UmPass - ok
15:03:40.0145 2812 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:03:40.0195 2812 UNS - ok
15:03:40.0215 2812 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:03:40.0275 2812 upnphost - ok
15:03:40.0295 2812 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:03:40.0315 2812 usbccgp - ok
15:03:40.0335 2812 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:03:40.0355 2812 usbcir - ok
15:03:40.0365 2812 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:03:40.0395 2812 usbehci - ok
15:03:40.0415 2812 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:03:40.0445 2812 usbhub - ok
15:03:40.0465 2812 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:03:40.0495 2812 usbohci - ok
15:03:40.0515 2812 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:03:40.0545 2812 usbprint - ok
15:03:40.0555 2812 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:03:40.0575 2812 usbscan - ok
15:03:40.0635 2812 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:03:40.0695 2812 USBSTOR - ok
15:03:40.0705 2812 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:03:40.0735 2812 usbuhci - ok
15:03:40.0765 2812 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:03:40.0795 2812 UxSms - ok
15:03:40.0795 2812 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:03:40.0815 2812 VaultSvc - ok
15:03:40.0835 2812 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:03:40.0845 2812 vdrvroot - ok
15:03:40.0895 2812 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:03:40.0985 2812 vds - ok
15:03:40.0995 2812 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:03:41.0005 2812 vga - ok
15:03:41.0015 2812 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:03:41.0055 2812 VgaSave - ok
15:03:41.0075 2812 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:03:41.0095 2812 vhdmp - ok
15:03:41.0095 2812 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:03:41.0105 2812 viaide - ok
15:03:41.0135 2812 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
15:03:41.0145 2812 VMAuthdService - ok
15:03:41.0165 2812 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\windows\system32\drivers\vmci.sys
15:03:41.0175 2812 vmci - ok
15:03:41.0185 2812 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\windows\system32\drivers\VMkbd.sys
15:03:41.0195 2812 vmkbd - ok
15:03:41.0205 2812 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
15:03:41.0215 2812 VMnetAdapter - ok
15:03:41.0225 2812 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
15:03:41.0235 2812 VMnetBridge - ok
15:03:41.0245 2812 VMnetDHCP - ok
15:03:41.0255 2812 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
15:03:41.0265 2812 VMnetuserif - ok
15:03:41.0285 2812 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\windows\system32\Drivers\vmusb.sys
15:03:41.0305 2812 vmusb - ok
15:03:41.0325 2812 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
15:03:41.0345 2812 VMUSBArbService - ok
15:03:41.0355 2812 VMware NAT Service - ok
15:03:41.0385 2812 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\windows\system32\drivers\vmx86.sys
15:03:41.0395 2812 vmx86 - ok
15:03:41.0415 2812 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:03:41.0425 2812 volmgr - ok
15:03:41.0435 2812 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:03:41.0455 2812 volmgrx - ok
15:03:41.0465 2812 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:03:41.0485 2812 volsnap - ok
15:03:41.0505 2812 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:03:41.0525 2812 vsmraid - ok
15:03:41.0565 2812 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:03:41.0635 2812 VSS - ok
15:03:41.0655 2812 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
15:03:41.0665 2812 vstor2-ws60 - ok
15:03:41.0685 2812 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:03:41.0715 2812 vwifibus - ok
15:03:41.0735 2812 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:03:41.0765 2812 vwififlt - ok
15:03:41.0805 2812 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:03:41.0835 2812 vwifimp - ok
15:03:41.0855 2812 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:03:41.0895 2812 W32Time - ok
15:03:41.0915 2812 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:03:41.0935 2812 WacomPen - ok
15:03:41.0965 2812 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:03:42.0015 2812 WANARP - ok
15:03:42.0015 2812 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:03:42.0045 2812 Wanarpv6 - ok
15:03:42.0095 2812 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:03:42.0145 2812 wbengine - ok
15:03:42.0165 2812 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:03:42.0185 2812 WbioSrvc - ok
15:03:42.0205 2812 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:03:42.0235 2812 wcncsvc - ok
15:03:42.0255 2812 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:03:42.0295 2812 WcsPlugInService - ok
15:03:42.0315 2812 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:03:42.0335 2812 Wd - ok
15:03:42.0365 2812 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:03:42.0395 2812 Wdf01000 - ok
15:03:42.0405 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:03:42.0475 2812 WdiServiceHost - ok
15:03:42.0475 2812 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:03:42.0495 2812 WdiSystemHost - ok
15:03:42.0525 2812 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:03:42.0545 2812 WebClient - ok
15:03:42.0565 2812 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:03:42.0605 2812 Wecsvc - ok
15:03:42.0635 2812 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:03:42.0665 2812 wercplsupport - ok
15:03:42.0685 2812 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:03:42.0735 2812 WerSvc - ok
15:03:42.0775 2812 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:03:42.0805 2812 WfpLwf - ok
15:03:42.0815 2812 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:03:42.0825 2812 WIMMount - ok
15:03:42.0835 2812 WinDefend - ok
15:03:42.0845 2812 WinHttpAutoProxySvc - ok
15:03:42.0875 2812 [ 66C365B542195C1F6E2FF4A7D8F3827C ] WinI2C-DDC C:\windows\system32\drivers\DDCDrv.sys
15:03:42.0895 2812 WinI2C-DDC - ok
15:03:42.0935 2812 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:03:42.0965 2812 Winmgmt - ok
15:03:43.0015 2812 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:03:43.0075 2812 WinRM - ok
15:03:43.0115 2812 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:03:43.0135 2812 WinUsb - ok
15:03:43.0165 2812 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:03:43.0205 2812 Wlansvc - ok
15:03:43.0295 2812 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:03:43.0345 2812 wlidsvc - ok
15:03:43.0365 2812 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
15:03:43.0385 2812 WmiAcpi - ok
15:03:43.0415 2812 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:03:43.0435 2812 wmiApSrv - ok
15:03:43.0455 2812 WMPNetworkSvc - ok
15:03:43.0485 2812 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:03:43.0525 2812 WPCSvc - ok
15:03:43.0545 2812 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:03:43.0575 2812 WPDBusEnum - ok
15:03:43.0595 2812 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:03:43.0625 2812 ws2ifsl - ok
15:03:43.0645 2812 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
15:03:43.0675 2812 wscsvc - ok
15:03:43.0685 2812 WSearch - ok
15:03:43.0725 2812 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
15:03:43.0735 2812 wsvd - ok
15:03:43.0795 2812 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:03:43.0845 2812 wuauserv - ok
15:03:43.0865 2812 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:03:43.0905 2812 WudfPf - ok
15:03:43.0915 2812 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:03:43.0945 2812 WUDFRd - ok
15:03:43.0985 2812 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:03:44.0005 2812 wudfsvc - ok
15:03:44.0035 2812 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
15:03:44.0055 2812 WwanSvc - ok
15:03:44.0095 2812 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
15:03:44.0115 2812 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:03:44.0115 2812 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:03:44.0145 2812 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
15:03:44.0185 2812 yukonw7 - ok
15:03:44.0205 2812 ================ Scan global ===============================
15:03:44.0235 2812 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:03:44.0255 2812 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:03:44.0265 2812 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
15:03:44.0285 2812 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:03:44.0305 2812 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:03:44.0315 2812 [Global] - ok
15:03:44.0315 2812 ================ Scan MBR ==================================
15:03:44.0315 2812 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:03:44.0515 2812 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - warning
15:03:44.0515 2812 \Device\Harddisk0\DR0 - detected Rootkit.Win32.BackBoot.gen (1)
15:03:44.0605 2812 ================ Scan VBR ==================================
15:03:44.0605 2812 [ E215A44EB93EC98D579AAE408B8845BF ] \Device\Harddisk0\DR0\Partition1
15:03:44.0615 2812 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
15:03:44.0615 2812 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b (0)
15:03:44.0655 2812 [ A049AB8B697D90B5B729D9BCF01CE68D ] \Device\Harddisk0\DR0\Partition2
15:03:44.0665 2812 \Device\Harddisk0\DR0\Partition2 - ok
15:03:44.0665 2812 ============================================================
15:03:44.0665 2812 Scan finished
15:03:44.0665 2812 ============================================================
15:03:44.0675 2768 Detected object count: 5
15:03:44.0675 2768 Actual detected object count: 5
15:06:26.0435 2768 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:26.0435 2768 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:26.0445 2768 JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:26.0445 2768 JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:26.0445 2768 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:06:26.0445 2768 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:06:26.0445 2768 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - skipped by user
15:06:26.0445 2768 \Device\Harddisk0\DR0 ( Rootkit.Win32.BackBoot.gen ) - User select action: Skip
15:06:26.0445 2768 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
15:06:26.0445 2768 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip

markusg 09.06.2013 18:09
hi,
konfiguriere den TDSS killer nach Anleitung.
wähle für:
BackBoot.gen
Cidox.b
cure, bzw delete.
starte neu, konfiguriere TDSS Killer nach Anleitung, poste neues log

amir121 10.06.2013 13:15
Hallo ,vielen Dank für deine Hilfe! also hier ist das neue Ergebniss aber leider bei BackBoot.gen konnte ich es nicht löschen habe es aber in Quarantine geschoben..

14:08:56.0353 1332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:08:56.0462 1332 ============================================================
14:08:56.0462 1332 Current date / time: 2013/06/10 14:08:56.0462
14:08:56.0462 1332 SystemInfo:
14:08:56.0462 1332
14:08:56.0462 1332 OS Version: 6.1.7601 ServicePack: 1.0
14:08:56.0462 1332 Product type: Workstation
14:08:56.0462 1332 ComputerName: HOTELTOURIST-PC
14:08:56.0478 1332 UserName: Hotel Tourist
14:08:56.0478 1332 Windows directory: C:\windows
14:08:56.0478 1332 System windows directory: C:\windows
14:08:56.0478 1332 Running under WOW64
14:08:56.0478 1332 Processor architecture: Intel x64
14:08:56.0478 1332 Number of processors: 4
14:08:56.0478 1332 Page size: 0x1000
14:08:56.0478 1332 Boot type: Normal boot
14:08:56.0478 1332 ============================================================
14:08:58.0584 1332 BG loaded
14:08:58.0958 1332 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:08:58.0958 1332 ============================================================
14:08:58.0958 1332 \Device\Harddisk0\DR0:
14:08:58.0958 1332 MBR partitions:
14:08:58.0958 1332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:08:58.0958 1332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
14:08:58.0958 1332 ============================================================
14:08:58.0974 1332 C: <-> \Device\Harddisk0\DR0\Partition2
14:08:58.0974 1332 ============================================================
14:08:58.0974 1332 Initialize success
14:08:58.0974 1332 ============================================================
14:10:17.0274 2148 ============================================================
14:10:17.0274 2148 Scan started
14:10:17.0274 2148 Mode: Manual; SigCheck; TDLFS;
14:10:17.0274 2148 ============================================================
14:10:18.0374 2148 ================ Scan system memory ========================
14:10:18.0374 2148 System memory - ok
14:10:18.0374 2148 ================ Scan services =============================
14:10:18.0594 2148 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
14:10:18.0804 2148 1394ohci - ok
14:10:18.0844 2148 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
14:10:18.0874 2148 ACPI - ok
14:10:18.0904 2148 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
14:10:19.0004 2148 AcpiPmi - ok
14:10:19.0074 2148 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:10:19.0104 2148 AdobeARMservice - ok
14:10:19.0304 2148 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:10:19.0344 2148 AdobeFlashPlayerUpdateSvc - ok
14:10:19.0384 2148 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:10:19.0414 2148 adp94xx - ok
14:10:19.0434 2148 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
14:10:19.0464 2148 adpahci - ok
14:10:19.0484 2148 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:10:19.0504 2148 adpu320 - ok
14:10:19.0544 2148 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:10:19.0964 2148 AeLookupSvc - ok
14:10:20.0004 2148 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
14:10:20.0074 2148 AFD - ok
14:10:20.0114 2148 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
14:10:20.0134 2148 agp440 - ok
14:10:20.0164 2148 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
14:10:20.0234 2148 ALG - ok
14:10:20.0254 2148 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
14:10:20.0284 2148 aliide - ok
14:10:20.0294 2148 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
14:10:20.0314 2148 amdide - ok
14:10:20.0334 2148 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
14:10:20.0374 2148 AmdK8 - ok
14:10:20.0394 2148 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
14:10:20.0434 2148 AmdPPM - ok
14:10:20.0464 2148 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:10:20.0494 2148 amdsata - ok
14:10:20.0514 2148 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
14:10:20.0544 2148 amdsbs - ok
14:10:20.0554 2148 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:10:20.0574 2148 amdxata - ok
14:10:20.0744 2148 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:10:20.0764 2148 AntiVirSchedulerService - ok
14:10:20.0804 2148 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:10:20.0814 2148 AntiVirService - ok
14:10:20.0854 2148 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:10:20.0874 2148 AntiVirWebService - ok
14:10:20.0924 2148 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
14:10:21.0284 2148 AppID - ok
14:10:21.0324 2148 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:10:21.0394 2148 AppIDSvc - ok
14:10:21.0434 2148 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
14:10:21.0474 2148 Appinfo - ok
14:10:21.0514 2148 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
14:10:21.0524 2148 arc - ok
14:10:21.0544 2148 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
14:10:21.0584 2148 arcsas - ok
14:10:21.0664 2148 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:10:21.0704 2148 aspnet_state - ok
14:10:21.0774 2148 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
14:10:21.0804 2148 aswKbd - ok
14:10:21.0844 2148 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:10:21.0934 2148 AsyncMac - ok
14:10:21.0944 2148 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
14:10:21.0954 2148 atapi - ok
14:10:22.0114 2148 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
14:10:22.0314 2148 atikmdag - ok
14:10:22.0354 2148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:10:22.0404 2148 AudioEndpointBuilder - ok
14:10:22.0414 2148 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
14:10:22.0444 2148 AudioSrv - ok
14:10:22.0494 2148 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
14:10:22.0514 2148 avgntflt - ok
14:10:22.0544 2148 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
14:10:22.0554 2148 avipbb - ok
14:10:22.0564 2148 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
14:10:22.0574 2148 avkmgr - ok
14:10:22.0604 2148 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
14:10:22.0674 2148 AxInstSV - ok
14:10:22.0714 2148 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
14:10:22.0764 2148 b06bdrv - ok
14:10:22.0784 2148 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
14:10:22.0814 2148 b57nd60a - ok
14:10:22.0864 2148 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
14:10:22.0904 2148 BDESVC - ok
14:10:22.0914 2148 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
14:10:22.0974 2148 Beep - ok
14:10:22.0994 2148 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
14:10:23.0054 2148 BFE - ok
14:10:23.0074 2148 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
14:10:23.0134 2148 BITS - ok
14:10:23.0164 2148 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:10:23.0184 2148 blbdrive - ok
14:10:23.0214 2148 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:10:23.0254 2148 bowser - ok
14:10:23.0274 2148 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
14:10:23.0284 2148 BPntDrv - ok
14:10:23.0304 2148 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
14:10:23.0334 2148 BrFiltLo - ok
14:10:23.0354 2148 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
14:10:23.0364 2148 BrFiltUp - ok
14:10:23.0384 2148 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
14:10:23.0424 2148 Browser - ok
14:10:23.0434 2148 [ 63A00CDBEB300522C49EC7CA77324060 ] BrSerIb C:\windows\system32\DRIVERS\BrSerIb.sys
14:10:23.0444 2148 BrSerIb - ok
14:10:23.0474 2148 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:10:23.0534 2148 Brserid - ok
14:10:23.0554 2148 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:10:23.0584 2148 BrSerWdm - ok
14:10:23.0604 2148 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:10:23.0634 2148 BrUsbMdm - ok
14:10:23.0654 2148 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:10:23.0684 2148 BrUsbSer - ok
14:10:23.0714 2148 [ BBCFD6C6EF66449F55AF1BFDB08C9B12 ] BrUsbSIb C:\windows\system32\DRIVERS\BrUsbSIb.sys
14:10:23.0724 2148 BrUsbSIb - ok
14:10:23.0754 2148 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:10:23.0774 2148 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
14:10:23.0774 2148 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
14:10:23.0784 2148 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
14:10:23.0824 2148 BTHMODEM - ok
14:10:23.0864 2148 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
14:10:23.0914 2148 bthserv - ok
14:10:23.0934 2148 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:10:23.0974 2148 cdfs - ok
14:10:24.0004 2148 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:10:24.0034 2148 cdrom - ok
14:10:24.0064 2148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
14:10:24.0104 2148 CertPropSvc - ok
14:10:24.0134 2148 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\windows\system32\drivers\cfwids.sys
14:10:24.0154 2148 cfwids - ok
14:10:24.0174 2148 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
14:10:24.0184 2148 circlass - ok
14:10:24.0214 2148 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
14:10:24.0234 2148 CLFS - ok
14:10:24.0274 2148 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:10:24.0294 2148 clr_optimization_v2.0.50727_32 - ok
14:10:24.0314 2148 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:10:24.0334 2148 clr_optimization_v2.0.50727_64 - ok
14:10:24.0394 2148 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:10:24.0474 2148 clr_optimization_v4.0.30319_32 - ok
14:10:24.0484 2148 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:10:24.0534 2148 clr_optimization_v4.0.30319_64 - ok
14:10:24.0564 2148 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
14:10:24.0594 2148 CmBatt - ok
14:10:24.0604 2148 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
14:10:24.0614 2148 cmdide - ok
14:10:24.0634 2148 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
14:10:24.0664 2148 CNG - ok
14:10:24.0664 2148 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
14:10:24.0684 2148 Compbatt - ok
14:10:24.0694 2148 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
14:10:24.0724 2148 CompositeBus - ok
14:10:24.0734 2148 COMSysApp - ok
14:10:24.0794 2148 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
14:10:24.0814 2148 cphs - ok
14:10:24.0834 2148 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
14:10:24.0854 2148 crcdisk - ok
14:10:24.0864 2148 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
14:10:24.0924 2148 CryptSvc - ok
14:10:24.0954 2148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
14:10:24.0994 2148 DcomLaunch - ok
14:10:25.0024 2148 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
14:10:25.0084 2148 defragsvc - ok
14:10:25.0104 2148 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:10:25.0144 2148 DfsC - ok
14:10:25.0164 2148 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
14:10:25.0214 2148 Dhcp - ok
14:10:25.0234 2148 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
14:10:25.0274 2148 discache - ok
14:10:25.0314 2148 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
14:10:25.0334 2148 Disk - ok
14:10:25.0364 2148 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:10:25.0424 2148 Dnscache - ok
14:10:25.0454 2148 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
14:10:25.0514 2148 dot3svc - ok
14:10:25.0524 2148 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
14:10:25.0564 2148 DPS - ok
14:10:25.0594 2148 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:10:25.0614 2148 drmkaud - ok
14:10:25.0644 2148 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:10:25.0674 2148 DXGKrnl - ok
14:10:25.0704 2148 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
14:10:25.0724 2148 e1cexpress - ok
14:10:25.0744 2148 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
14:10:25.0804 2148 EapHost - ok
14:10:25.0864 2148 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
14:10:25.0934 2148 ebdrv - ok
14:10:25.0954 2148 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
14:10:26.0014 2148 EFS - ok
14:10:26.0064 2148 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:10:26.0124 2148 ehRecvr - ok
14:10:26.0134 2148 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
14:10:26.0154 2148 ehSched - ok
14:10:26.0184 2148 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
14:10:26.0224 2148 elxstor - ok
14:10:26.0234 2148 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
14:10:26.0274 2148 ErrDev - ok
14:10:26.0334 2148 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
14:10:26.0394 2148 EventSystem - ok
14:10:26.0404 2148 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
14:10:26.0444 2148 exfat - ok
14:10:26.0464 2148 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
14:10:26.0524 2148 fastfat - ok
14:10:26.0564 2148 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
14:10:26.0614 2148 Fax - ok
14:10:26.0624 2148 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
14:10:26.0644 2148 fbfmon - ok
14:10:26.0654 2148 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
14:10:26.0674 2148 fdc - ok
14:10:26.0744 2148 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
14:10:26.0784 2148 fdPHost - ok
14:10:26.0784 2148 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
14:10:26.0834 2148 FDResPub - ok
14:10:26.0864 2148 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:10:26.0874 2148 FileInfo - ok
14:10:26.0894 2148 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:10:26.0954 2148 Filetrace - ok
14:10:26.0964 2148 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
14:10:26.0984 2148 flpydisk - ok
14:10:27.0014 2148 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:10:27.0024 2148 FltMgr - ok
14:10:27.0064 2148 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
14:10:27.0104 2148 FontCache - ok
14:10:27.0144 2148 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:10:27.0154 2148 FontCache3.0.0.0 - ok
14:10:27.0184 2148 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:10:27.0204 2148 FsDepends - ok
14:10:27.0234 2148 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:10:27.0254 2148 Fs_Rec - ok
14:10:27.0274 2148 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:10:27.0294 2148 fvevol - ok
14:10:27.0314 2148 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:10:27.0324 2148 gagp30kx - ok
14:10:27.0354 2148 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
14:10:27.0394 2148 gpsvc - ok
14:10:27.0414 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:10:27.0424 2148 gupdate - ok
14:10:27.0444 2148 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:10:27.0464 2148 gupdatem - ok
14:10:27.0484 2148 [ 8CDAD7B707DDD77D45588F74D59C9AFF ] hcmon C:\windows\system32\drivers\hcmon.sys
14:10:27.0504 2148 hcmon - ok
14:10:27.0524 2148 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:10:27.0584 2148 hcw85cir - ok
14:10:27.0604 2148 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:10:27.0644 2148 HdAudAddService - ok
14:10:27.0704 2148 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:10:27.0744 2148 HDAudBus - ok
14:10:27.0754 2148 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
14:10:27.0784 2148 HidBatt - ok
14:10:27.0804 2148 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
14:10:27.0914 2148 HidBth - ok
14:10:27.0924 2148 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
14:10:27.0964 2148 HidIr - ok
14:10:27.0984 2148 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
14:10:28.0034 2148 hidserv - ok
14:10:28.0064 2148 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
14:10:28.0084 2148 HidUsb - ok
14:10:28.0124 2148 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
14:10:28.0174 2148 hkmsvc - ok
14:10:28.0194 2148 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:10:28.0254 2148 HomeGroupListener - ok
14:10:28.0274 2148 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:10:28.0304 2148 HomeGroupProvider - ok
14:10:28.0324 2148 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:10:28.0354 2148 HpSAMD - ok
14:10:28.0384 2148 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:10:28.0444 2148 HTTP - ok
14:10:28.0454 2148 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:10:28.0464 2148 hwpolicy - ok
14:10:28.0484 2148 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:10:28.0494 2148 i8042prt - ok
14:10:28.0554 2148 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:10:28.0584 2148 iaStorV - ok
14:10:28.0634 2148 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:10:28.0684 2148 idsvc - ok
14:10:28.0794 2148 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
14:10:28.0894 2148 igfx - ok
14:10:28.0924 2148 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:10:28.0944 2148 iirsp - ok
14:10:28.0974 2148 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
14:10:29.0034 2148 IKEEXT - ok
14:10:29.0154 2148 [ 62C93ABEC0F8A9A235BF7A86B9FC3A0C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:10:29.0194 2148 IntcAzAudAddService - ok
14:10:29.0244 2148 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
14:10:29.0274 2148 IntcDAud - ok
14:10:29.0314 2148 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
14:10:29.0324 2148 intelide - ok
14:10:29.0344 2148 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:10:29.0374 2148 intelppm - ok
14:10:29.0414 2148 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:10:29.0464 2148 IPBusEnum - ok
14:10:29.0484 2148 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:10:29.0514 2148 IpFilterDriver - ok
14:10:29.0544 2148 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:10:29.0594 2148 iphlpsvc - ok
14:10:29.0614 2148 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
14:10:29.0644 2148 IPMIDRV - ok
14:10:29.0684 2148 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:10:29.0734 2148 IPNAT - ok
14:10:29.0754 2148 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
14:10:29.0774 2148 IRENUM - ok
14:10:29.0784 2148 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:10:29.0804 2148 isapnp - ok
14:10:29.0824 2148 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
14:10:29.0884 2148 iScsiPrt - ok
14:10:29.0904 2148 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe
14:10:29.0934 2148 JME Keyboard ( UnsignedFile.Multi.Generic ) - warning
14:10:29.0934 2148 JME Keyboard - detected UnsignedFile.Multi.Generic (1)
14:10:29.0974 2148 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:10:29.0984 2148 kbdclass - ok
14:10:30.0004 2148 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
14:10:30.0034 2148 kbdhid - ok
14:10:30.0054 2148 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
14:10:30.0064 2148 KeyIso - ok
14:10:30.0104 2148 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:10:30.0134 2148 KSecDD - ok
14:10:30.0174 2148 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:10:30.0184 2148 KSecPkg - ok
14:10:30.0204 2148 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:10:30.0244 2148 ksthunk - ok
14:10:30.0284 2148 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
14:10:30.0324 2148 KtmRm - ok
14:10:30.0354 2148 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
14:10:30.0404 2148 LanmanServer - ok
14:10:30.0444 2148 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:10:30.0504 2148 LanmanWorkstation - ok
14:10:30.0534 2148 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:10:30.0574 2148 lltdio - ok
14:10:30.0594 2148 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
14:10:30.0644 2148 lltdsvc - ok
14:10:30.0664 2148 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
14:10:30.0704 2148 lmhosts - ok
14:10:30.0754 2148 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:10:30.0784 2148 LMS - ok
14:10:30.0794 2148 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
14:10:30.0814 2148 LSI_FC - ok
14:10:30.0824 2148 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:10:30.0844 2148 LSI_SAS - ok
14:10:30.0854 2148 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
14:10:30.0864 2148 LSI_SAS2 - ok
14:10:30.0874 2148 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:10:30.0894 2148 LSI_SCSI - ok
14:10:30.0894 2148 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
14:10:30.0944 2148 luafv - ok
14:10:30.0984 2148 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
14:10:31.0004 2148 MBAMProtector - ok
14:10:31.0044 2148 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:10:31.0064 2148 MBAMScheduler - ok
14:10:31.0084 2148 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:10:31.0104 2148 MBAMService - ok
14:10:31.0194 2148 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:10:31.0224 2148 McNASvc - ok
14:10:31.0254 2148 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:10:31.0274 2148 McShield - ok
14:10:31.0294 2148 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:10:31.0324 2148 Mcx2Svc - ok
14:10:31.0344 2148 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
14:10:31.0364 2148 megasas - ok
14:10:31.0384 2148 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
14:10:31.0404 2148 MegaSR - ok
14:10:31.0434 2148 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
14:10:31.0444 2148 MEIx64 - ok
14:10:31.0464 2148 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
14:10:31.0484 2148 mfeapfk - ok
14:10:31.0494 2148 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
14:10:31.0514 2148 mfeavfk - ok
14:10:31.0534 2148 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:10:31.0554 2148 mfefire - ok
14:10:31.0554 2148 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
14:10:31.0574 2148 mfefirek - ok
14:10:31.0584 2148 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\windows\system32\drivers\mfehidk.sys
14:10:31.0614 2148 mfehidk - ok
14:10:31.0644 2148 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\windows\system32\DRIVERS\mfenlfk.sys
14:10:31.0654 2148 mfenlfk - ok
14:10:31.0674 2148 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\windows\system32\drivers\mferkdet.sys
14:10:31.0694 2148 mferkdet - ok
14:10:31.0734 2148 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
14:10:31.0744 2148 mfevtp - ok
14:10:31.0754 2148 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
14:10:31.0774 2148 mfewfpk - ok
14:10:31.0804 2148 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:10:31.0824 2148 Microsoft Office Groove Audit Service - ok
14:10:31.0844 2148 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
14:10:31.0884 2148 MMCSS - ok
14:10:31.0894 2148 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
14:10:31.0924 2148 Modem - ok
14:10:31.0944 2148 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:10:31.0974 2148 monitor - ok
14:10:32.0004 2148 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:10:32.0014 2148 mouclass - ok
14:10:32.0044 2148 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:10:32.0064 2148 mouhid - ok
14:10:32.0084 2148 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:10:32.0094 2148 mountmgr - ok
14:10:32.0154 2148 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:10:32.0184 2148 MozillaMaintenance - ok
14:10:32.0194 2148 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
14:10:32.0224 2148 mpio - ok
14:10:32.0234 2148 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:10:32.0274 2148 mpsdrv - ok
14:10:32.0304 2148 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
14:10:32.0354 2148 MpsSvc - ok
14:10:32.0374 2148 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:10:32.0404 2148 MRxDAV - ok
14:10:32.0434 2148 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:10:32.0484 2148 mrxsmb - ok
14:10:32.0494 2148 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:10:32.0504 2148 mrxsmb10 - ok
14:10:32.0534 2148 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:10:32.0554 2148 mrxsmb20 - ok
14:10:32.0574 2148 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
14:10:32.0584 2148 msahci - ok
14:10:32.0604 2148 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
14:10:32.0624 2148 msdsm - ok
14:10:32.0644 2148 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
14:10:32.0674 2148 MSDTC - ok
14:10:32.0704 2148 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:10:32.0734 2148 Msfs - ok
14:10:32.0794 2148 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:10:32.0834 2148 mshidkmdf - ok
14:10:32.0844 2148 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:10:32.0864 2148 msisadrv - ok
14:10:32.0884 2148 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:10:32.0934 2148 MSiSCSI - ok
14:10:32.0944 2148 msiserver - ok
14:10:32.0974 2148 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:10:33.0004 2148 MSKSSRV - ok
14:10:33.0034 2148 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:10:33.0084 2148 MSPCLOCK - ok
14:10:33.0084 2148 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:10:33.0124 2148 MSPQM - ok
14:10:33.0144 2148 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:10:33.0174 2148 MsRPC - ok
14:10:33.0194 2148 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:10:33.0214 2148 mssmbios - ok
14:10:33.0224 2148 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:10:33.0264 2148 MSTEE - ok
14:10:33.0304 2148 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
14:10:33.0314 2148 MTConfig - ok
14:10:33.0324 2148 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
14:10:33.0334 2148 Mup - ok
14:10:33.0354 2148 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
14:10:33.0404 2148 napagent - ok
14:10:33.0444 2148 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:10:33.0474 2148 NativeWifiP - ok
14:10:33.0504 2148 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
14:10:33.0544 2148 NDIS - ok
14:10:33.0554 2148 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:10:33.0584 2148 NdisCap - ok
14:10:33.0604 2148 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:10:33.0634 2148 NdisTapi - ok
14:10:33.0674 2148 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:10:33.0714 2148 Ndisuio - ok
14:10:33.0714 2148 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:10:33.0754 2148 NdisWan - ok
14:10:33.0764 2148 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:10:33.0794 2148 NDProxy - ok
14:10:33.0794 2148 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:10:33.0854 2148 NetBIOS - ok
14:10:33.0864 2148 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:10:33.0934 2148 NetBT - ok
14:10:33.0944 2148 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
14:10:33.0954 2148 Netlogon - ok
14:10:34.0034 2148 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
14:10:34.0074 2148 Netman - ok
14:10:34.0134 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:34.0194 2148 NetMsmqActivator - ok
14:10:34.0214 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:34.0224 2148 NetPipeActivator - ok
14:10:34.0244 2148 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
14:10:34.0304 2148 netprofm - ok
14:10:34.0314 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:34.0324 2148 NetTcpActivator - ok
14:10:34.0324 2148 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:10:34.0344 2148 NetTcpPortSharing - ok
14:10:34.0354 2148 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:10:34.0374 2148 nfrd960 - ok
14:10:34.0404 2148 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
14:10:34.0424 2148 NlaSvc - ok
14:10:34.0434 2148 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:10:34.0464 2148 Npfs - ok
14:10:34.0484 2148 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
14:10:34.0534 2148 nsi - ok
14:10:34.0544 2148 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:10:34.0574 2148 nsiproxy - ok
14:10:34.0604 2148 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:10:34.0654 2148 Ntfs - ok
14:10:34.0654 2148 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
14:10:34.0684 2148 Null - ok
14:10:34.0714 2148 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
14:10:34.0724 2148 nvraid - ok
14:10:34.0744 2148 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
14:10:34.0764 2148 nvstor - ok
14:10:34.0784 2148 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:10:34.0794 2148 nv_agp - ok
14:10:34.0834 2148 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:10:34.0864 2148 odserv - ok
14:10:34.0884 2148 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
14:10:34.0894 2148 ohci1394 - ok
14:10:34.0924 2148 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:10:34.0944 2148 ose - ok
14:10:34.0964 2148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:10:35.0014 2148 p2pimsvc - ok
14:10:35.0034 2148 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
14:10:35.0054 2148 p2psvc - ok
14:10:35.0074 2148 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
14:10:35.0104 2148 Parport - ok
14:10:35.0124 2148 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
14:10:35.0144 2148 partmgr - ok
14:10:35.0154 2148 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
14:10:35.0174 2148 PcaSvc - ok
14:10:35.0184 2148 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
14:10:35.0204 2148 pci - ok
14:10:35.0214 2148 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
14:10:35.0224 2148 pciide - ok
14:10:35.0234 2148 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:10:35.0254 2148 pcmcia - ok
14:10:35.0264 2148 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
14:10:35.0294 2148 pcw - ok
14:10:35.0384 2148 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:10:35.0404 2148 PDFProFiltSrvPP - ok
14:10:35.0434 2148 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:10:35.0484 2148 PEAUTH - ok
14:10:35.0554 2148 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
14:10:35.0584 2148 PerfHost - ok
14:10:35.0624 2148 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
14:10:35.0704 2148 pla - ok
14:10:35.0734 2148 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:10:35.0784 2148 PlugPlay - ok
14:10:35.0804 2148 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:10:35.0834 2148 PNRPAutoReg - ok
14:10:35.0844 2148 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:10:35.0864 2148 PNRPsvc - ok
14:10:35.0884 2148 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:10:35.0924 2148 PolicyAgent - ok
14:10:35.0944 2148 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
14:10:35.0984 2148 Power - ok
14:10:36.0004 2148 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:10:36.0044 2148 PptpMiniport - ok
14:10:36.0054 2148 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
14:10:36.0084 2148 Processor - ok
14:10:36.0104 2148 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
14:10:36.0134 2148 ProfSvc - ok
14:10:36.0144 2148 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
14:10:36.0154 2148 ProtectedStorage - ok
14:10:36.0174 2148 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:10:36.0224 2148 Psched - ok
14:10:36.0284 2148 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
14:10:36.0334 2148 ql2300 - ok
14:10:36.0344 2148 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
14:10:36.0364 2148 ql40xx - ok
14:10:36.0384 2148 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
14:10:36.0414 2148 QWAVE - ok
14:10:36.0414 2148 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:10:36.0454 2148 QWAVEdrv - ok
14:10:36.0464 2148 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:10:36.0494 2148 RasAcd - ok
14:10:36.0524 2148 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:10:36.0554 2148 RasAgileVpn - ok
14:10:36.0574 2148 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
14:10:36.0614 2148 RasAuto - ok
14:10:36.0624 2148 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:10:36.0654 2148 Rasl2tp - ok
14:10:36.0684 2148 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
14:10:36.0724 2148 RasMan - ok
14:10:36.0724 2148 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:10:36.0764 2148 RasPppoe - ok
14:10:36.0774 2148 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:10:36.0814 2148 RasSstp - ok
14:10:36.0824 2148 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:10:36.0864 2148 rdbss - ok
14:10:36.0874 2148 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
14:10:36.0914 2148 rdpbus - ok
14:10:36.0914 2148 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:10:36.0944 2148 RDPCDD - ok
14:10:36.0954 2148 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:10:37.0004 2148 RDPENCDD - ok
14:10:37.0004 2148 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:10:37.0034 2148 RDPREFMP - ok
14:10:37.0074 2148 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
14:10:37.0124 2148 RdpVideoMiniport - ok
14:10:37.0144 2148 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:10:37.0174 2148 RDPWD - ok
14:10:37.0194 2148 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:10:37.0214 2148 rdyboost - ok
14:10:37.0254 2148 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
14:10:37.0314 2148 RemoteAccess - ok
14:10:37.0334 2148 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:10:37.0384 2148 RemoteRegistry - ok
14:10:37.0404 2148 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:10:37.0444 2148 RpcEptMapper - ok
14:10:37.0454 2148 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
14:10:37.0484 2148 RpcLocator - ok
14:10:37.0514 2148 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
14:10:37.0554 2148 RpcSs - ok
14:10:37.0574 2148 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:10:37.0624 2148 rspndr - ok
14:10:37.0644 2148 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
14:10:37.0664 2148 RSUSBSTOR - ok
14:10:37.0694 2148 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
14:10:37.0724 2148 RTL8192Ce - ok
14:10:37.0734 2148 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
14:10:37.0744 2148 SamSs - ok
14:10:37.0764 2148 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:10:37.0774 2148 sbp2port - ok
14:10:37.0794 2148 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
14:10:37.0834 2148 SCardSvr - ok
14:10:37.0864 2148 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:10:37.0904 2148 scfilter - ok
14:10:37.0934 2148 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
14:10:37.0994 2148 Schedule - ok
14:10:38.0014 2148 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
14:10:38.0044 2148 SCPolicySvc - ok
14:10:38.0074 2148 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:10:38.0114 2148 SDRSVC - ok
14:10:38.0154 2148 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:10:38.0194 2148 secdrv - ok
14:10:38.0204 2148 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
14:10:38.0244 2148 seclogon - ok
14:10:38.0254 2148 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
14:10:38.0304 2148 SENS - ok
14:10:38.0334 2148 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
14:10:38.0364 2148 SensrSvc - ok
14:10:38.0384 2148 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
14:10:38.0414 2148 Serenum - ok
14:10:38.0444 2148 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
14:10:38.0454 2148 Serial - ok
14:10:38.0474 2148 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
14:10:38.0504 2148 sermouse - ok
14:10:38.0524 2148 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
14:10:38.0574 2148 SessionEnv - ok
14:10:38.0594 2148 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
14:10:38.0614 2148 sffdisk - ok
14:10:38.0634 2148 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
14:10:38.0654 2148 sffp_mmc - ok
14:10:38.0674 2148 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
14:10:38.0684 2148 sffp_sd - ok
14:10:38.0694 2148 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
14:10:38.0714 2148 sfloppy - ok
14:10:38.0744 2148 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
14:10:38.0784 2148 SharedAccess - ok
14:10:38.0804 2148 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:10:38.0844 2148 ShellHWDetection - ok
14:10:38.0864 2148 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
14:10:38.0884 2148 SiSRaid2 - ok
14:10:38.0894 2148 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:10:38.0914 2148 SiSRaid4 - ok
14:10:38.0944 2148 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:10:38.0974 2148 Smb - ok
14:10:39.0004 2148 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:10:39.0034 2148 SNMPTRAP - ok
14:10:39.0044 2148 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
14:10:39.0064 2148 spldr - ok
14:10:39.0074 2148 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
14:10:39.0114 2148 Spooler - ok
14:10:39.0174 2148 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
14:10:39.0234 2148 sppsvc - ok
14:10:39.0254 2148 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:10:39.0284 2148 sppuinotify - ok
14:10:39.0324 2148 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
14:10:39.0394 2148 srv - ok
14:10:39.0404 2148 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:10:39.0444 2148 srv2 - ok
14:10:39.0444 2148 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:10:39.0464 2148 srvnet - ok
14:10:39.0494 2148 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:10:39.0554 2148 SSDPSRV - ok
14:10:39.0564 2148 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
14:10:39.0604 2148 SstpSvc - ok
14:10:39.0624 2148 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
14:10:39.0644 2148 stexstor - ok
14:10:39.0694 2148 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
14:10:39.0744 2148 stisvc - ok
14:10:39.0754 2148 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:10:39.0764 2148 swenum - ok
14:10:39.0794 2148 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
14:10:39.0854 2148 swprv - ok
14:10:39.0914 2148 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
14:10:39.0954 2148 SysMain - ok
14:10:39.0974 2148 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
14:10:39.0994 2148 TabletInputService - ok
14:10:40.0014 2148 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
14:10:40.0054 2148 TapiSrv - ok
14:10:40.0074 2148 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
14:10:40.0124 2148 TBS - ok
14:10:40.0174 2148 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:10:40.0234 2148 Tcpip - ok
14:10:40.0264 2148 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:10:40.0294 2148 TCPIP6 - ok
14:10:40.0334 2148 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:10:40.0354 2148 tcpipreg - ok
14:10:40.0364 2148 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:10:40.0404 2148 TDPIPE - ok
14:10:40.0444 2148 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:10:40.0454 2148 TDTCP - ok
14:10:40.0474 2148 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:10:40.0524 2148 tdx - ok
14:10:40.0534 2148 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:10:40.0554 2148 TermDD - ok
14:10:40.0574 2148 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
14:10:40.0624 2148 TermService - ok
14:10:40.0634 2148 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
14:10:40.0654 2148 Themes - ok
14:10:40.0674 2148 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
14:10:40.0704 2148 THREADORDER - ok
14:10:40.0714 2148 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
14:10:40.0744 2148 TrkWks - ok
14:10:40.0774 2148 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:10:40.0804 2148 TrustedInstaller - ok
14:10:40.0824 2148 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:10:40.0864 2148 tssecsrv - ok
14:10:40.0884 2148 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:10:40.0924 2148 TsUsbFlt - ok
14:10:40.0944 2148 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
14:10:40.0964 2148 TsUsbGD - ok
14:10:41.0044 2148 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
14:10:41.0094 2148 TuneUp.UtilitiesSvc - ok
14:10:41.0124 2148 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
14:10:41.0134 2148 TuneUpUtilitiesDrv - ok
14:10:41.0164 2148 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:10:41.0204 2148 tunnel - ok
14:10:41.0224 2148 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:10:41.0234 2148 uagp35 - ok
14:10:41.0254 2148 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:10:41.0304 2148 udfs - ok
14:10:41.0344 2148 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
14:10:41.0364 2148 ufad-ws60 - ok
14:10:41.0394 2148 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:10:41.0404 2148 UI0Detect - ok
14:10:41.0414 2148 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:10:41.0434 2148 uliagpkx - ok
14:10:41.0454 2148 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:10:41.0484 2148 umbus - ok
14:10:41.0504 2148 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
14:10:41.0524 2148 UmPass - ok
14:10:41.0614 2148 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:10:41.0664 2148 UNS - ok
14:10:41.0684 2148 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
14:10:41.0734 2148 upnphost - ok
14:10:41.0764 2148 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:10:41.0784 2148 usbccgp - ok
14:10:41.0804 2148 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
14:10:41.0844 2148 usbcir - ok
14:10:41.0864 2148 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
14:10:41.0884 2148 usbehci - ok
14:10:41.0904 2148 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:10:41.0954 2148 usbhub - ok
14:10:41.0994 2148 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
14:10:42.0034 2148 usbohci - ok
14:10:42.0054 2148 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:10:42.0094 2148 usbprint - ok
14:10:42.0104 2148 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:10:42.0124 2148 usbscan - ok
14:10:42.0144 2148 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:10:42.0184 2148 USBSTOR - ok
14:10:42.0194 2148 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:10:42.0224 2148 usbuhci - ok
14:10:42.0244 2148 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
14:10:42.0284 2148 UxSms - ok
14:10:42.0284 2148 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
14:10:42.0294 2148 VaultSvc - ok
14:10:42.0314 2148 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:10:42.0334 2148 vdrvroot - ok
14:10:42.0344 2148 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
14:10:42.0404 2148 vds - ok
14:10:42.0424 2148 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:10:42.0434 2148 vga - ok
14:10:42.0444 2148 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
14:10:42.0484 2148 VgaSave - ok
14:10:42.0504 2148 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
14:10:42.0524 2148 vhdmp - ok
14:10:42.0534 2148 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
14:10:42.0544 2148 viaide - ok
14:10:42.0564 2148 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
14:10:42.0574 2148 VMAuthdService - ok
14:10:42.0594 2148 [ CDAA992C18F3F3612444C818A478CF57 ] vmci C:\windows\system32\drivers\vmci.sys
14:10:42.0604 2148 vmci - ok
14:10:42.0614 2148 [ EA9C266CD4B4BB7C7D818C1C27461959 ] vmkbd C:\windows\system32\drivers\VMkbd.sys
14:10:42.0624 2148 vmkbd - ok
14:10:42.0644 2148 [ 9D54F1339E78C95BF3D9939EBCB66378 ] VMnetAdapter C:\windows\system32\DRIVERS\vmnetadapter.sys
14:10:42.0654 2148 VMnetAdapter - ok
14:10:42.0654 2148 [ FB54EF3AA613D2832FD3812E7CB2FC75 ] VMnetBridge C:\windows\system32\DRIVERS\vmnetbridge.sys
14:10:42.0674 2148 VMnetBridge - ok
14:10:42.0684 2148 VMnetDHCP - ok
14:10:42.0694 2148 [ 479948EB42E189C076B45EBAF2D12BBC ] VMnetuserif C:\windows\system32\drivers\vmnetuserif.sys
14:10:42.0704 2148 VMnetuserif - ok
14:10:42.0714 2148 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\windows\system32\Drivers\vmusb.sys
14:10:42.0724 2148 vmusb - ok
14:10:42.0764 2148 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
14:10:42.0784 2148 VMUSBArbService - ok
14:10:42.0794 2148 VMware NAT Service - ok
14:10:42.0814 2148 [ 05645D6651CA7A02298AAE475BBCAD6E ] vmx86 C:\windows\system32\drivers\vmx86.sys
14:10:42.0824 2148 vmx86 - ok
14:10:42.0844 2148 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:10:42.0854 2148 volmgr - ok
14:10:42.0864 2148 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:10:42.0884 2148 volmgrx - ok
14:10:42.0894 2148 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
14:10:42.0914 2148 volsnap - ok
14:10:42.0934 2148 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:10:42.0954 2148 vsmraid - ok
14:10:42.0984 2148 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
14:10:43.0054 2148 VSS - ok
14:10:43.0074 2148 [ 69F57E89E6EBC5012D210527AF005A70 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
14:10:43.0084 2148 vstor2-ws60 - ok
14:10:43.0104 2148 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:10:43.0144 2148 vwifibus - ok
14:10:43.0164 2148 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:10:43.0194 2148 vwififlt - ok
14:10:43.0234 2148 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:10:43.0254 2148 vwifimp - ok
14:10:43.0274 2148 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
14:10:43.0314 2148 W32Time - ok
14:10:43.0334 2148 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
14:10:43.0344 2148 WacomPen - ok
14:10:43.0354 2148 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:10:43.0404 2148 WANARP - ok
14:10:43.0424 2148 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:10:43.0444 2148 Wanarpv6 - ok
14:10:43.0474 2148 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
14:10:43.0544 2148 wbengine - ok
14:10:43.0564 2148 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:10:43.0584 2148 WbioSrvc - ok
14:10:43.0594 2148 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
14:10:43.0634 2148 wcncsvc - ok
14:10:43.0644 2148 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:10:43.0694 2148 WcsPlugInService - ok
14:10:43.0714 2148 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
14:10:43.0724 2148 Wd - ok
14:10:43.0754 2148 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:10:43.0794 2148 Wdf01000 - ok
14:10:43.0794 2148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
14:10:43.0914 2148 WdiServiceHost - ok
14:10:43.0914 2148 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
14:10:43.0934 2148 WdiSystemHost - ok
14:10:43.0974 2148 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
14:10:44.0024 2148 WebClient - ok
14:10:44.0054 2148 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
14:10:44.0094 2148 Wecsvc - ok
14:10:44.0104 2148 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:10:44.0134 2148 wercplsupport - ok
14:10:44.0154 2148 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
14:10:44.0204 2148 WerSvc - ok
14:10:44.0244 2148 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:10:44.0274 2148 WfpLwf - ok
14:10:44.0284 2148 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:10:44.0294 2148 WIMMount - ok
14:10:44.0304 2148 WinDefend - ok
14:10:44.0314 2148 WinHttpAutoProxySvc - ok
14:10:44.0334 2148 [ 66C365B542195C1F6E2FF4A7D8F3827C ] WinI2C-DDC C:\windows\system32\drivers\DDCDrv.sys
14:10:44.0354 2148 WinI2C-DDC - ok
14:10:44.0394 2148 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:10:44.0434 2148 Winmgmt - ok
14:10:44.0474 2148 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
14:10:44.0534 2148 WinRM - ok
14:10:44.0564 2148 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:10:44.0584 2148 WinUsb - ok
14:10:44.0604 2148 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
14:10:44.0644 2148 Wlansvc - ok
14:10:44.0724 2148 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:10:44.0774 2148 wlidsvc - ok
14:10:44.0804 2148 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
14:10:44.0824 2148 WmiAcpi - ok
14:10:44.0844 2148 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:10:44.0884 2148 wmiApSrv - ok
14:10:44.0904 2148 WMPNetworkSvc - ok
14:10:44.0924 2148 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
14:10:44.0964 2148 WPCSvc - ok
14:10:44.0984 2148 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:10:45.0014 2148 WPDBusEnum - ok
14:10:45.0024 2148 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:10:45.0054 2148 ws2ifsl - ok
14:10:45.0064 2148 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
14:10:45.0094 2148 wscsvc - ok
14:10:45.0104 2148 WSearch - ok
14:10:45.0144 2148 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
14:10:45.0164 2148 wsvd - ok
14:10:45.0204 2148 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
14:10:45.0254 2148 wuauserv - ok
14:10:45.0274 2148 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:10:45.0304 2148 WudfPf - ok
14:10:45.0324 2148 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
14:10:45.0354 2148 WUDFRd - ok
14:10:45.0384 2148 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:10:45.0414 2148 wudfsvc - ok
14:10:45.0444 2148 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
14:10:45.0474 2148 WwanSvc - ok
14:10:45.0504 2148 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
14:10:45.0534 2148 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
14:10:45.0534 2148 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
14:10:45.0564 2148 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
14:10:45.0604 2148 yukonw7 - ok
14:10:45.0624 2148 ================ Scan global ===============================
14:10:45.0654 2148 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
14:10:45.0674 2148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
14:10:45.0684 2148 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
14:10:45.0704 2148 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
14:10:45.0724 2148 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
14:10:45.0734 2148 [Global] - ok
14:10:45.0734 2148 ================ Scan MBR ==================================
14:10:45.0734 2148 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:45.0984 2148 \Device\Harddisk0\DR0 - ok
14:10:45.0984 2148 ================ Scan VBR ==================================
14:10:46.0014 2148 [ 97CC909410A7487DA7F63FFEC4B14A4E ] \Device\Harddisk0\DR0\Partition1
14:10:46.0014 2148 \Device\Harddisk0\DR0\Partition1 - ok
14:10:46.0024 2148 [ A049AB8B697D90B5B729D9BCF01CE68D ] \Device\Harddisk0\DR0\Partition2
14:10:46.0024 2148 \Device\Harddisk0\DR0\Partition2 - ok
14:10:46.0024 2148 ============================================================
14:10:46.0024 2148 Scan finished
14:10:46.0024 2148 ============================================================
14:10:46.0034 3224 Detected object count: 3
14:10:46.0034 3224 Actual detected object count: 3
14:10:51.0774 3224 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:51.0774 3224 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:51.0774 3224 JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:51.0774 3224 JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:51.0774 3224 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
14:10:51.0774 3224 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:10:54.0684 3020 Deinitialize success

markusg 10.06.2013 15:28
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

amir121 10.06.2013 17:10
Hi, hier ist die Log-Datai:
Combofix Logfile:
Code:
ComboFix 13-06-08.02 - Hotel Tourist 10.06.2013  18:01:53.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4008.2437 [GMT 2:00]
ausgeführt von:: c:\users\Hotel Tourist\Desktop\amir\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Recent\httpq-ec.bstatic.comimageshotelmax3002322329576.jpg.URL
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-10 bis 2013-06-10  ))))))))))))))))))))))))))))))
.
.
2013-06-10 16:05 . 2013-06-10 16:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-10 12:07 . 2013-06-10 12:07        --------        d-----w-        C:\TDSSKiller_Quarantine
2013-06-09 15:17 . 2013-06-09 15:17        --------        d-----w-        c:\users\Hotel Tourist\AppData\Local\DoNotTrackPlus
2013-06-09 15:17 . 2013-06-09 15:17        --------        d-----w-        c:\users\Hotel Tourist\AppData\Local\AskToolbar
2013-06-09 11:50 . 2013-06-09 11:50        --------        d-----w-        c:\users\Hotel Tourist\AppData\Roaming\Avira
2013-06-09 11:45 . 2013-06-09 11:45        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-06-09 11:44 . 2013-06-09 11:45        --------        d-----w-        c:\program files (x86)\Ask.com
2013-06-09 11:44 . 2013-06-09 11:44        --------        d-----w-        c:\users\Hotel Tourist\AppData\Local\APN
2013-06-09 11:44 . 2013-03-06 14:13        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-06-09 11:44 . 2013-02-26 14:56        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-06-09 11:44 . 2013-02-26 14:56        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-06-09 11:44 . 2013-06-09 11:44        --------        d-----w-        c:\programdata\Avira
2013-06-09 11:44 . 2013-06-09 11:44        --------        d-----w-        c:\program files (x86)\Avira
2013-06-09 11:32 . 2013-06-09 11:32        --------        d-----w-        c:\users\Hotel Tourist\AppData\Roaming\Malwarebytes
2013-06-09 11:32 . 2013-06-09 11:32        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-09 11:32 . 2013-06-09 11:32        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-09 11:32 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-09 11:32 . 2013-06-09 11:32        --------        d-----w-        c:\users\Hotel Tourist\AppData\Local\Programs
2013-06-07 16:29 . 2013-06-07 16:29        --------        d-----w-        c:\users\Hotel Tourist\.jinit
2013-06-07 15:23 . 2013-06-07 15:23        --------        d-----w-        C:\Intel
2013-06-07 15:16 . 2013-06-09 11:27        --------        d-----w-        C:\avast! sandbox
2013-06-07 14:54 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{31D265DE-4ECD-4650-A6DB-CAA598F0C51F}\mpengine.dll
2013-06-06 19:04 . 2013-06-06 19:05        --------        d-----w-        c:\programdata\2544a4
2013-05-23 22:53 . 2013-05-23 22:53        262552        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-19 10:50 . 2013-04-14 03:11        74136        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-05-19 10:50 . 2013-04-14 03:11        263064        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2013-05-19 10:50 . 2013-04-14 03:11        19352        ----a-w-        c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-05-15 22:00 . 2013-04-05 06:50        19231232        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-15 22:00 . 2013-04-05 06:50        15404032        ----a-w-        c:\windows\system32\ieframe.dll
2013-05-15 12:52 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:52 . 2013-04-10 06:01        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:52 . 2011-02-03 11:25        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-05-15 12:51 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-05-15 12:51 . 2013-02-27 05:48        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-05-15 12:51 . 2013-02-27 05:52        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-05-15 12:51 . 2013-02-27 06:02        111448        ----a-w-        c:\windows\system32\consent.exe
2013-05-15 12:51 . 2013-02-27 05:47        70144        ----a-w-        c:\windows\system32\appinfo.dll
2013-05-15 12:51 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-05-15 12:51 . 2013-03-19 05:53        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-05-15 12:51 . 2013-03-19 05:53        230400        ----a-w-        c:\windows\system32\wwansvc.dll
2013-05-15 12:51 . 2013-04-10 03:30        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-05-13 13:25 . 2013-05-13 13:25        --------        d-----w-        c:\program files\DomaIQ Uninstaller
2013-05-13 13:24 . 2013-05-13 13:24        --------        d-----w-        c:\program files (x86)\Tuguu SL
2013-05-13 13:18 . 2013-06-10 12:09        --------        d-----w-        c:\users\Hotel Tourist\AppData\Roaming\Yontoo
2013-05-13 13:18 . 2013-05-13 13:18        --------        d-----w-        c:\program files (x86)\Yontoo
2013-05-13 13:18 . 2013-05-13 13:18        --------        d-----w-        c:\users\Hotel Tourist\AppData\Roaming\Babylon
2013-05-13 13:18 . 2013-05-13 13:18        --------        d-----w-        c:\programdata\Babylon
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 22:04 . 2011-10-19 18:13        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 08:37 . 2012-04-05 15:07        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 08:37 . 2011-10-16 22:24        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-09 08:58 . 2011-10-22 02:30        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-25 14:35 . 2013-04-25 14:35        773968        ----a-w-        c:\windows\SysWow64\msvcr100.dll
2013-04-25 14:35 . 2013-04-25 14:35        421200        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2013-04-13 05:49 . 2013-05-15 12:52        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:52        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:52        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:52        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:52        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:52        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:17        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-03-22 23:02 . 2013-03-22 23:02        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-03-22 23:02 . 2013-03-22 23:02        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-03-22 23:02 . 2013-03-22 23:02        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-22 23:02 . 2013-03-22 23:02        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-22 23:02 . 2013-03-22 23:02        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-03-22 23:02 . 2013-03-22 23:02        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-22 23:02 . 2013-03-22 23:02        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-22 23:02 . 2013-03-22 23:02        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-22 23:02 . 2013-03-22 23:02        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-03-22 23:02 . 2013-03-22 23:02        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-22 23:02 . 2013-03-22 23:02        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-03-22 23:02 . 2013-03-22 23:02        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-22 23:02 . 2013-03-22 23:02        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-03-22 23:02 . 2013-03-22 23:02        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-03-22 23:02 . 2013-03-22 23:02        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-22 23:02 . 2013-03-22 23:02        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-03-22 23:02 . 2013-03-22 23:02        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-22 23:02 . 2013-03-22 23:02        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-22 23:02 . 2013-03-22 23:02        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-22 23:02 . 2013-03-22 23:02        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-22 23:02 . 2013-03-22 23:02        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-22 23:02 . 2013-03-22 23:02        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-22 23:02 . 2013-03-22 23:02        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-22 23:02 . 2013-03-22 23:02        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-22 23:02 . 2013-03-22 23:02        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-22 23:02 . 2013-03-22 23:02        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-22 23:02 . 2013-03-22 23:02        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-22 23:02 . 2013-03-22 23:02        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-22 23:02 . 2013-03-22 23:02        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-22 23:02 . 2013-03-22 23:02        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-22 23:02 . 2013-03-22 23:02        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-03-22 23:02 . 2013-03-22 23:02        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-03-22 23:02 . 2013-03-22 23:02        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-22 23:02 . 2013-03-22 23:02        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-22 23:02 . 2013-03-22 23:02        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-22 23:02 . 2013-03-22 23:02        149504        ----a-w-        c:\windows\system32\occache.dll
2013-03-22 23:02 . 2013-03-22 23:02        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-03-22 23:02 . 2013-03-22 23:02        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-22 23:02 . 2013-03-22 23:02        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-22 23:02 . 2013-03-22 23:02        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-22 23:02 . 2013-03-22 23:02        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-03-22 23:02 . 2013-03-22 23:02        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-22 23:02 . 2013-03-22 23:02        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-03-22 23:02 . 2013-03-22 23:02        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-03-22 23:02 . 2013-03-22 23:02        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-22 23:02 . 2013-03-22 23:02        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-03-22 23:02 . 2013-03-22 23:02        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-22 23:02 . 2013-03-22 23:02        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-22 23:02 . 2013-03-22 23:02        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-03-19 06:04 . 2013-04-10 21:29        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:29        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:29        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:29        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:29        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:29        112640        ----a-w-        c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02        1521800        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jaureg.exe" [2012-01-17 232328]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
c:\users\Hotel Tourist\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FAXRX.lnk - c:\program files (x86)\Brother\Brmfl10f\FAXRX.exe [2012-7-26 544768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Lenovo Dynamic Brightness System"=c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
"jmekey"=c:\windows\jmesoft\hotkey.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "c:\program files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
"jmesoft"=c:\windows\jmesoft\ServiceLoader.exe
"Lenovo Eye Distance System"=c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe;c:\windows\jmesoft\Service.exe [x]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys;c:\windows\SYSNATIVE\drivers\fbfmon.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys;c:\windows\SYSNATIVE\drivers\DDCDrv.sys [x]
S1 aswKbd;aswKbd; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys;c:\windows\SYSNATIVE\drivers\BPntDrv.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe;c:\program files (x86)\Yontoo\Y2Desktop.Updater.exe [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 40020225
*NewlyCreated* - 90719796
*Deregistered* - 40020225
*Deregistered* - 90719796
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 03:31        1165776        ----a-w-        c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:37]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 09:35]
.
2013-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-22 09:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://192.168.2.150:888/DVRemoteAx.cab
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
DPF: {CAFECAFE-0013-0001-0025-ABCDEFABCDEF}
FF - ProfilePath - c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.hrs.de/web3/showSessionTimeout.do;jsessionid=C9EBD03F212CE69E2CA97CEF01F35DCD.50-2?activity=showSessionError&branch=30205010&cid=50-2&clientId=ZGVfX05FWFQ-|https://www.google.de/
FF - ExtSQL: 2013-05-13 15:18; plugin@yontoo.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\plugin@yontoo.com
FF - ExtSQL: 2013-06-09 13:45; toolbar@ask.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Firefox\Profiles\ky3l92go.default\extensions\toolbar@ask.com
FF - ExtSQL: !HIDDEN! 2013-04-09 04:17; speedanalysis@SpeedAnalysis.com; c:\users\Hotel Tourist\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.id - 746c09fe000000000000ac8112880041
FF - user.js: extensions.BabylonToolbar_i.hardId - 746c09fe000000000000ac8112880041
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15381
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:41
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=107763
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 746c09fe0000000000004437e64cba98
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15838
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1615:18
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-40020225.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-10  18:07:29
ComboFix-quarantined-files.txt  2013-06-10 16:07
.
Vor Suchlauf: 15 Verzeichnis(se), 863.144.513.536 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 862.654.214.144 Bytes frei
.
- - End Of File - - E0DF9C14EE48BAABECD10810D4D1895D
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31

markusg 10.06.2013 19:10
poste alle bisherigen Malwarebytes logs mit funden.
http://www.trojaner-board.de/125889-...en-posten.html

amir121 10.06.2013 19:37
Hi, schon erledigt und hier ist die Logdateien:
mbam-log-2013-06-09 (13-34-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213665
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 3
C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe (Trojan.Zbot.FV) -> 2580 -> Löschen bei Neustart.
C:\Users\Hotel Tourist\cirdeaqarycr.exe (Backdoor.Bot) -> 3004 -> Löschen bei Neustart.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 1556 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Mocab (Trojan.Zbot.FV) -> Daten: "C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cirdeaqarycr (Backdoor.Bot) -> Daten: C:\Users\Hotel Tourist\cirdeaqarycr.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\windows\system32\regedit.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Löschen bei Neustart.

Infizierte Dateien: 9
C:\Users\Hotel Tourist\AppData\Roaming\Evoz\mocab.exe (Trojan.Zbot.FV) -> Löschen bei Neustart.
C:\Users\Hotel Tourist\cirdeaqarycr.exe (Backdoor.Bot) -> Löschen bei Neustart.
C:\Users\Hotel Tourist\AppData\Roaming\ntuser.dat (Misused.Legit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\AppData\Roaming\Unexin\opedyj.exe (Trojan.FavLock.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Downloads\avira-premium-security-suite_V.170755026b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Downloads\avira-premium-security-suite_V.170757114b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Löschen bei Neustart.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Löschen bei Neustart.

(Ende)

Hi Markus,da der betroffene Computer nicht bei mir ist, würde dich bitte,wenn es geht,mir die schritte ,die man zusammen machen kann, auf einmal zu sagen,dass ich möglichst viele schritte auf einmal mache und nicht jedes Mal hinfahren muss.. Ich meine wenn es geht,wenn nicht dann ist alles ok und bin dir auf jeden Fall sehr dankbar :daumenhoc

markusg 10.06.2013 21:51
malwarebytes updaten, vollständiger scan bitte

amir121 10.06.2013 23:26
Hi, habe Das Programm erstmal aktualisieren lassen,also das war schon auf neusten Stand(Datenbank Version: v2013.06.09.01) aber vollständiger Scan werde ich auf jeden Fall Morgen hingehen und machen,soll ich noch irgendwas am Computer tun?
Gute Nacht ;)

markusg 10.06.2013 23:36
ja den vollständigen scan erst mal.

amir121 11.06.2013 15:05
Hi, hier ist die Log-Datei:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Hotel Tourist :: HOTELTOURIST-PC [Administrator]

Schutz: Deaktiviert

11.06.2013 14:07:02
mbam-log-2013-06-11 (14-07-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373541
Laufzeit: 43 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 9
C:\Program Files (x86)\Opera\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE.rar (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\Alte Datein\Ali\Kamyab\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE.rar (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\CORE10k.EXE (PUP.Keygen.Intro) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\TuneUp.Utilities.2012.v12.0.Keymaker-CORE\keygen.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hotel Tourist\Desktop\RECHNUNHG\Desktop\Alte Datein\Ali\Kamyab\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 11.06.2013 17:47
C:\Program Files (x86)\Opera\Winrar 4.10 Beta 1\Winrar4.10.b\Keygen.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
http://www.trojaner-board.de/95393-c...-software.html
deswegen gibts hier nur Hilfe beim neu aufsetzen.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

amir121 11.06.2013 18:44
Hi,wie man einfach sehen kann,der Computer liegt in einem Hotel ,wo viele Leute es benutzen können,und wenn jemand was runtergeladen hat,muss ich jetzt nicht dafür gerade stehen,ich bitte dich mir dabei weiter zu helfen dass ich den Computer in Ordnung kriege und werde dann darauf aufpassen,dass keine was illegales runterladen kann... Vielen Dank


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:07 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131