| |
| |||||||
Log-Analyse und Auswertung: Browser & Antivirenprogramme stürzen ständig ab nach VirenfundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.06.2012, 19:18
| #1 |
 |  Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Hallo zusammen, auch hier ein kleines Problem ... aber der Reihe nach: Wie alles anfing:
Ähnliches habe ich in den Foren schon gelesen - aber bevor ich jetzt die diversen beschriebenen Tools selbst anwende und mir das System vollständig zerschieße ... vielleicht könnt ihr mir weiterhelfen! Danke schon jetzt! Grüße, Myspam69 -------------------- LOGFILES--------------------------------------- Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.04.27.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 FH :: FH-PC [Administrator] Schutz: Aktiviert 27.04.2012 20:32:53 mbam-log-2012-04-27 (20-32-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202624 Laufzeit: 1 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCU\SOFTWARE\JRMX9X1GML (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.06.2012 20:26:30 - Run 5 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\FH\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,61% Memory free 16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,39 Gb Total Space | 62,77 Gb Free Space | 42,88% Space Free | Partition Type: NTFS Drive D: | 687,37 Gb Total Space | 300,10 Gb Free Space | 43,66% Space Free | Partition Type: NTFS Drive Z: | 97,66 Gb Total Space | 39,94 Gb Free Space | 40,90% Space Free | Partition Type: NTFS Computer Name: FH-PC | User Name: FH | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.08 19:48:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\FH\Downloads\OTL.exe PRC - [2012.06.08 19:48:09 | 000,050,477 | ---- | M] () -- C:\Users\FH\Downloads\Defogger.exe PRC - [2012.06.06 21:15:27 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\FH\AppData\Local\Akamai\netsession_win.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011.01.10 16:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2009.04.10 10:33:16 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2012.06.08 19:48:09 | 000,050,477 | ---- | M] () -- C:\Users\FH\Downloads\Defogger.exe MOD - [2012.06.06 21:15:27 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2010.09.23 01:25:04 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.04.10 12:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:64bit: - [2011.04.20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.06.04 20:53:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai) SRV - [2012.05.09 18:42:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc) SRV - [2011.07.05 02:33:00 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service) SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService) SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.04.10 12:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC) DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.11 21:03:38 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2011.07.05 02:33:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\2DB9.tmp -- (MEMSWEEP2) DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.04.20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0) DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0) DRV:64bit: - [2010.12.14 05:54:12 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2) DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.11 08:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.06.16 22:33:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2007.06.25 05:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169) DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9F 0D 3D 98 D0 C9 01 [binary data] IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local> ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\bluejeans.com/bjnplugin: C:\Users\FH\AppData\Roaming\bluejeans\bjnplugin\1.0.0.220\npbjnplugin_1.0.0.220.dll (bluejeans) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.11.05 22:36:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 21:15:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 21:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Extensions [2012.06.03 10:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\ax7ky0ja.default\extensions [2012.05.24 20:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\i7ll0yj0.default\extensions [2012.06.06 21:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.05.28 22:03:07 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.03 10:32:27 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI [2012.06.06 21:15:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.06 21:15:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.06 21:15:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.06 21:15:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.06 21:15:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.06 21:15:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.06 21:15:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus (Beta) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\ CHR - Extension: Google-Suche = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.06.04 21:11:10 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found. O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\FH\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D71C66-535B-4CB0-A3DD-134E02477C89}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAC882A-A34A-42D2-A89A-94D5B3266E0F}: DhcpNameServer = 10.48.88.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC72F0FF-9D9B-46DF-B805-5FC6E603247A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.09.23 07:58:44 | 000,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.07 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\FH\Doctor Web [2012.06.06 21:55:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.06.06 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\bluejeans [2012.06.04 22:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis [2012.06.04 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\FH\DoctorWeb [2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2012.06.03 20:40:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.30 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.05.28 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.05.19 21:00:57 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.08 19:48:52 | 000,000,000 | ---- | M] () -- C:\Users\FH\defogger_reenable [2012.06.08 19:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.08 19:41:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000UA.job [2012.06.08 19:24:53 | 001,622,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.08 19:24:53 | 000,698,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.08 19:24:53 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.08 19:24:53 | 000,148,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.08 19:24:53 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.08 18:05:46 | 004,512,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.08 18:05:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.08 18:05:27 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys [2012.06.07 17:54:23 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.07 17:54:23 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.07 17:41:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000Core.job [2012.06.05 19:11:12 | 000,000,185 | ---- | M] () -- C:\Users\FH\Desktop\DrWeb.csv [2012.06.04 22:36:25 | 000,002,103 | ---- | M] () -- C:\Users\FH\Desktop\HijackThis.lnk [2012.06.04 21:11:10 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.06.03 20:47:23 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.06.03 20:40:41 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.30 18:30:50 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.05.30 18:26:33 | 000,002,306 | ---- | M] () -- C:\Users\FH\Desktop\Google Chrome.lnk [2012.05.29 21:47:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT [2012.05.28 21:52:02 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.05.28 21:39:47 | 001,854,885 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\Cat.DB [2012.05.17 12:04:26 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\VT20120410.035 [2012.05.13 10:55:47 | 000,093,020 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symtdiv.sys.ptx [2012.05.13 10:55:46 | 000,001,051 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnetv64.cat.ptx [2012.05.13 10:55:46 | 000,000,218 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnetv.inf.ptx [2012.05.13 10:55:45 | 000,098,554 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnets.sys.ptx [2012.05.13 10:55:44 | 000,271,008 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.sys.ptx [2012.05.13 10:55:44 | 000,002,428 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet64.cat.ptx [2012.05.13 10:55:44 | 000,000,218 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symnet.inf.ptx [2012.05.13 10:55:38 | 000,004,084 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa64.cat.ptx [2012.05.13 10:55:38 | 000,001,969 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.sys.ptx [2012.05.13 10:55:38 | 000,000,295 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\symefa.inf.ptx [2012.05.13 10:55:37 | 000,267,375 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.sys.ptx [2012.05.13 10:55:37 | 000,006,310 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.cat.ptx [2012.05.13 10:55:37 | 000,000,263 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtspx64.inf.ptx [2012.05.13 10:55:34 | 000,000,263 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.inf.ptx [2012.05.13 10:55:33 | 000,023,997 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ironx64.sys.ptx [2012.05.13 10:55:33 | 000,020,971 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.sys.ptx [2012.05.13 10:55:33 | 000,005,138 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\srtsp64.cat.ptx [2012.05.13 10:55:33 | 000,002,554 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.cat.ptx [2012.05.13 10:55:33 | 000,000,224 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\iron.inf.ptx [2012.05.13 10:55:32 | 000,002,542 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.cat.ptx [2012.05.13 10:55:32 | 000,000,268 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\ccsetx64.inf.ptx [2012.05.13 09:47:36 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1307010.005\isolate.ini [8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.08 19:48:52 | 000,000,000 | ---- | C] () -- C:\Users\FH\defogger_reenable [2012.06.08 18:05:29 | 004,512,144 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.05 19:11:12 | 000,000,185 | ---- | C] () -- C:\Users\FH\Desktop\DrWeb.csv [2012.06.04 22:36:25 | 000,002,103 | ---- | C] () -- C:\Users\FH\Desktop\HijackThis.lnk [2012.06.03 20:40:41 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.30 18:26:33 | 000,002,306 | ---- | C] () -- C:\Users\FH\Desktop\Google Chrome.lnk [2012.05.28 21:52:02 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.05.28 21:52:02 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.05.19 20:15:34 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands [2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorTable [2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Common [2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Command Line Utility [2012.04.10 19:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.11.01 21:44:04 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll [2011.09.22 18:31:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll [2011.09.03 20:44:01 | 000,002,112 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.08.26 10:21:39 | 001,648,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.29 20:27:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Halftone [2011.03.17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.12 10:49:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2010.10.24 18:22:21 | 000,001,940 | ---- | C] () -- C:\Users\FH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorSync [2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\Colors [2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2010.06.25 21:06:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2012.01.07 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AllDup [2011.01.14 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Amazon [2009.11.05 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Anthropics [2009.11.15 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AVM [2012.06.06 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\bluejeans [2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\BOM [2010.12.21 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Buhl Data Service [2010.04.27 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Canneverbe Limited [2012.05.28 10:14:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Dropbox [2010.08.17 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\DxO Labs [2010.01.14 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\FRITZ! [2011.11.15 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Garmin [2011.09.02 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\gtk-2.0 [2010.05.26 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\HDRsoft [2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\ImgBurn [2012.04.29 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\IrfanView [2010.12.10 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Leadertech [2011.10.03 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MAGIX [2009.11.05 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MiK [2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Mp3tag [2011.12.11 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MusicBee [2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nik Software [2010.08.20 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nikon [2011.05.26 20:20:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\OfficeRecovery [2010.08.17 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PACE Anti-Piracy [2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PanoramaStudio [2011.09.10 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\QuickScan [2011.07.19 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.09.12 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\STRATO [2012.05.09 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TeamViewer [2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Tracker Software [2012.01.14 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TrueCrypt [2012.02.21 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\uTorrent [2012.06.07 11:26:51 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences @Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ck9qpEKUMFdL4haXexlDj @Alternate Data Stream - 1118 bytes -> C:\Program Files (x86)\Common Files\System:nwi1Gl8XuWH80eHoCayQDbwxI6G12R @Alternate Data Stream - 1018 bytes -> C:\ProgramData\Microsoft:OimpulZPjuzt1pwO0p7Retjpbr < End of report > OTL.EXTRAS OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.06.2012 20:26:30 - Run 5
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\FH\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,61% Memory free
16,00 Gb Paging File | 13,94 Gb Available in Paging File | 87,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,77 Gb Free Space | 42,88% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 300,10 Gb Free Space | 43,66% Space Free | Partition Type: NTFS
Drive Z: | 97,66 Gb Total Space | 39,94 Gb Free Space | 40,90% Space Free | Partition Type: NTFS
Computer Name: FH-PC | User Name: FH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{925B737D-C00C-4447-9199-19426BEA6390}" = rport=25652 | protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C290E958-D54E-4BCF-B7BF-2016A955B471}" = rport=25652 | protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C52D31D4-F1A3-4D53-893F-F11B5A010041}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{DBD96B19-E067-486F-9492-8CBBAEC16AFD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107D3D17-E624-4138-A754-83B63E4294EA}" = dir=out | app=%programfiles% (x86)\nikon\capture nx 2\capture nx 2.exe |
"{115489E2-803C-4BED-B3F1-825341EADE2F}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe |
"{1606367E-E773-4835-95C6-DC51E76E3A53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{1E53C63F-C9D0-471B-9F47-CE48B6F3474B}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\temp\7zsb6fc.tmp\symnrt.exe |
"{2DB75C95-727D-4861-810D-94106551659A}" = protocol=17 | dir=in | app=c:\users\fh\appdata\roaming\dropbox\bin\dropbox.exe |
"{4CA2A7DA-EBD5-453C-9D2D-F64C95C36074}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5114D7DA-4E5C-4C76-8C12-811330526D3D}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\temp\7zsb6fc.tmp\symnrt.exe |
"{53356469-E88B-4DE4-A032-2D1440F00E0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57904181-C9C5-4F12-BE91-8EF4EFBCA946}" = dir=out | app=%programfiles% (x86)\ultraiso\drivers\isocmd.exe |
"{715C3A0B-C856-4749-8852-9F08D77D8C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{7194C49F-7EBD-4CDA-97FB-0C004A5C1C5D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7EDBA861-414E-4361-8AFF-16EA4686B83B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7F13236E-400E-460A-ACA3-B356F9957F56}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe |
"{8180C875-2799-45DB-BA41-368FC8C5CF07}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A8619E62-E98E-452C-8F12-46622FFB4314}" = dir=out | app=%programfiles% (x86)\ultraiso\ultraiso.exe |
"{B0FDAAF3-3B2D-43DF-A50D-0D2337DA228D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B20A7145-1D7C-4B1A-9AA5-D1EAAC778ADF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B3EC49B2-1A0C-4911-A9C8-062BC73A16E2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B53CFCC7-7B4E-452F-BF8B-696E830A1F3C}" = protocol=6 | dir=in | app=c:\users\fh\appdata\roaming\dropbox\bin\dropbox.exe |
"{BFD3128B-B939-4AF1-BFE4-D1303B360141}" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\temp\7zs8229.tmp\symnrt.exe |
"{C7D38809-A164-44E8-8A53-A83B605A456C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D4F3AB45-3CE8-4F02-917B-80C201E994FB}" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\temp\7zs8229.tmp\symnrt.exe |
"{D631C0D2-8162-4BD2-877A-3F951FDAB5BE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FB18C66D-3C61-4E1E-A498-4DF43DCB72B2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"TCP Query User{0DCC1362-AD05-4BB1-AF6D-EB7D11E46567}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe |
"TCP Query User{133E0C5E-9EEB-4431-9331-3D9D998E5C5C}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{2BA9E9BE-8F52-47F9-BBBE-CEB676544F6B}C:\users\fh\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A4DCF56F-4686-4DC5-BCF9-F3DEDCCD3916}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{AE0EA2BE-E730-43A3-9267-D8923BC847B0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{EA08CFF1-584E-4A88-825D-3BC8C93B9A0F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{F0C1DBC0-FD14-48ED-8615-A0B142FB574A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0F9C667E-A29B-448E-83E7-9DEFEA362B7F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{407A549D-9FDE-45D9-AAE8-AC3165EA1DBE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{7315C854-790F-4A02-935B-EE1448B2AB6F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{96B68CE4-BEBE-48A4-B26B-3836AA927692}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A29B585F-619F-4BE1-9B9D-D2AC9588B879}C:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\strato ag\strato hidrive\openvpn\openvpn.exe |
"UDP Query User{C444A7E3-DDEA-4719-8E20-37BD80D45926}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{EF75128F-BC76-41A1-848E-85CC36D604A4}C:\users\fh\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fh\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{32508A23-C9EA-4D29-83CA-97A42A13701E}" = Microsoft Sync Framework Services v1.0 (x64)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53D7A054-4598-4947-A159-E8FCC77720AB}" = Microsoft Sync Framework Runtime v1.0 (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{669A82E0-43E2-4645-8A2E-1A3DE78F8312}" = Adobe Photoshop Lightroom 4 64-bit
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"A35BD68D4A1B3E191138E3C9AA417190A9468F7E" = Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 )
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.68 (64-bit)
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3E00C574-B650-401D-A898-4581AAD6CC74}" = STRATO HiDrive
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4478067C-D35C-47C3-BF6C-1BF8F9FC6546}" = bjnplugin
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBBEDB1-14D0-4F53-8537-1EE0F39F8FF8}" = MusicBee
"{5AE1721C-A430-4886-B3A1-8D6E5E6CD2A8}" = DxO Optics Pro 6
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{659DA17C-5C44-45EB-99D7-ABC1202138E3}" = PictureMedley
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE2AE713-75EF-4CA6-82FB-3E1BBA8DD608}" = DxO Optics Pro 7
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E6FA148F-1E7D-4A42-A9A2-7DFABC2C6A2B}" = SportTracks 2.1
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Akamai" = Akamai NetSession Interface Service
"AllDup_is1" = AllDup 3.2.22
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Biet-O-Matic v2.10.1" = Biet-O-Matic v2.10.1
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Color Efex Pro 3.0 Complete NX2" = Color Efex Pro 3.0 Complete for Capture NX 2
"Color Efex Pro 4" = Color Efex Pro 4
"ExifPro 2.0" = ExifPro 2.0 Photo Viewer
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.52
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lidl-Fotos_is1" = Lidl-Fotos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mp3tag" = Mp3tag v2.49a
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenStreetMap Plugin V2_is1" = OpenStreetMap Plugin V2
"OpenStreetMap Plugin_is1" = OpenStreetMap Plugin
"PanoramaStudio" = PanoramaStudio 1.5 (uninstall)
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"Picasa 3" = Picasa 3
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"TeamViewer 7" = TeamViewer 7
"TrueCrypt" = TrueCrypt
"UltraISO_is1" = UltraISO Premium V9.36
"uTorrent" = µTorrent
"V3.2_is1" = File Scavenger 3.2
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"WinISO_is1" = WinISO 5.3
"Wubi" = Ubuntu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Application Detect
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.11.2011 15:11:54 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 02.11.2011 14:48:08 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 03.11.2011 14:06:37 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 04.11.2011 14:34:07 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 05.11.2011 05:47:41 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 05.11.2011 09:31:09 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 05.11.2011 14:48:09 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 06.11.2011 06:03:03 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 06.11.2011 15:08:11 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 07.11.2011 14:16:22 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
Error - 08.11.2011 14:06:52 | Computer Name = FH-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .
[ System Events ]
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Multimedia Class Scheduler" wurde unerwartet beendet. Dies
ist bereits 3 Mal passiert.
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
Dies ist bereits 4 Mal passiert.
Error - 07.06.2012 05:27:33 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
4 Mal passiert.
Error - 07.06.2012 05:27:38 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
Dies ist bereits 5 Mal passiert.
Error - 07.06.2012 05:27:38 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
5 Mal passiert.
Error - 07.06.2012 05:27:41 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Management Instrumentation" wurde unerwartet beendet.
Dies ist bereits 6 Mal passiert.
Error - 07.06.2012 05:27:41 | Computer Name = FH-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Update" wurde unerwartet beendet. Dies ist bereits
6 Mal passiert.
Error - 07.06.2012 05:29:16 | Computer Name = FH-PC | Source = DCOM | ID = 10010
Description =
Error - 07.06.2012 05:30:11 | Computer Name = FH-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 07.06.2012 16:05:16 | Computer Name = FH-PC | Source = DCOM | ID = 10010
Description =
< End of report >
[/CODE] Geändert von myspam69 (08.06.2012 um 19:36 Uhr) |
|
10.06.2012, 18:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
10.06.2012, 21:38
| #3 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Danke! Hier schon mal das ESET log:
__________________Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b04f6a1d226a2d4ebadf0119156d4e6a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-10 08:32:36
# local_time=2012-06-10 10:32:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 3533557 3533557 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 90984512 0 0
# compatibility_mode=8192 67108863 100 0 205 205 0 0
# scanned=294016
# found=1
# cleaned=0
# scan_time=5694
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I
Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.10.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 FH :: FH-PC [Administrator] Schutz: Aktiviert 10.06.2012 13:42:51 mbam-log-2012-06-10 (13-42-51).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 499683 Laufzeit: 47 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Habe die von ESET gefundene Date mit Virustotal gescannt. Hier das Ergebnis: Code:
ATTFilter ClamAV PUA.Win32.Packer.MingwGcc-2
NOD32 a variant of Win32/HotSpotShield
Geändert von myspam69 (10.06.2012 um 21:49 Uhr) |
|
11.06.2012, 09:43
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.06.2012, 14:46
| #5 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Hi Arne, Der normale Modus von Windows geht. Es fehlt auch kein Ordner bzw es sind keine leeren Ordner vorhanden. Alles scheint normal, bis ich wieder versuche ein Antibirenprogramm zu installieren. |
|
11.06.2012, 15:43
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Du sollst jetzt auch nicht irgendwelche Virenscanner installieren! V.a. schon garnicht ohne Absprache! Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Browser & Antivirenprogramme stürzen ständig ab nach Virenfund |
|
14.06.2012, 06:55
| #7 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Hier der Custom Quici-Scan mit OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.06.2012 07:41:40 - Run 6
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\FH\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,08 Gb Available Physical Memory | 76,02% Memory free
16,00 Gb Paging File | 14,28 Gb Available in Paging File | 89,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 62,28 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive D: | 687,37 Gb Total Space | 294,29 Gb Free Space | 42,81% Space Free | Partition Type: NTFS
Computer Name: FH-PC | User Name: FH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.14 07:41:21 | 001,533,976 | ---- | M] (Google Inc.) -- C:\Users\FH\AppData\Local\Temp\CR_59630.tmp\setup.exe
PRC - [2012.06.08 22:00:00 | 001,464,232 | ---- | M] () -- C:\Users\FH\AppData\Local\Google\Update\Install\{595F1A4D-1BEA-4334-B82E-C2EA8B5CE32B}\chrome_updater.exe
PRC - [2012.06.08 19:48:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\FH\Downloads\OTL.exe
PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\FH\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.01.10 16:24:20 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2009.04.10 10:33:16 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.08 22:00:00 | 001,464,232 | ---- | M] () -- C:\Users\FH\AppData\Local\Google\Update\Install\{595F1A4D-1BEA-4334-B82E-C2EA8B5CE32B}\chrome_updater.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.09.23 01:25:24 | 000,107,568 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2010.09.23 01:25:04 | 000,006,192 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-ger.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012.04.10 12:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2011.04.20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.10 10:37:42 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.04 20:53:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.22 18:30:58 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011.07.05 02:33:00 | 000,032,768 | ---- | M] (STRATO) [Auto | Running] -- C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe -- (STRATO HiDrive Service)
SRV - [2011.01.10 16:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.01.10 16:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.09.23 18:15:18 | 000,350,256 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010.09.23 01:25:28 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2010.09.23 01:24:22 | 000,265,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010.09.22 21:19:06 | 000,325,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.10 10:32:46 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.04.10 12:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.11 21:03:38 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.07.05 02:33:02 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\2DB9.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.04.20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.30 13:05:55 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) Realtek Virtual Miniport Driver for Teaming (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) Realtek Teaming Protocol Driver (NDIS 6.0)
DRV:64bit: - [2010.12.14 05:54:12 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN) Realtek Virtual Miniport Driver for VLAN (NDIS 6.2)
DRV:64bit: - [2010.12.14 05:54:12 | 000,024,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT) Realtek Vlan Protocol Driver (NDIS 6.2)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.11 08:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.09.22 21:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.06.16 22:33:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 19:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 10:47:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2007.06.25 05:37:14 | 000,108,032 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007.05.14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010.01.29 11:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9F 0D 3D 98 D0 C9 01 [binary data]
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\bluejeans.com/bjnplugin: C:\Users\FH\AppData\Roaming\bluejeans\bjnplugin\1.0.0.220\npbjnplugin_1.0.0.220.dll (bluejeans)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK64\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009.11.05 22:36:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.06 21:15:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012.05.28 21:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Extensions
[2012.06.14 07:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\ax7ky0ja.default\extensions
[2012.06.14 07:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\ax7ky0ja.default\extensions\staged
[2012.05.24 20:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FH\AppData\Roaming\mozilla\Firefox\Profiles\i7ll0yj0.default\extensions
[2012.06.06 21:15:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.28 22:03:07 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.03 10:32:27 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\FH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AX7KY0JA.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012.06.06 21:15:27 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.06 21:15:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.06 21:15:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.06 21:15:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.06 21:15:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.06 21:15:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.06 21:15:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FH\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\FH\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\FH\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google-Suche = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\FH\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012.06.04 21:11:10 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000..\Run: [Akamai NetSession Interface] C:\Users\FH\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21D71C66-535B-4CB0-A3DD-134E02477C89}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DAC882A-A34A-42D2-A89A-94D5B3266E0F}: DhcpNameServer = 10.48.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC72F0FF-9D9B-46DF-B805-5FC6E603247A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.23 07:58:44 | 000,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\PROGRA~2\WISO\STEUER~2\MSHAKT~1.EXE - ()
MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: Nikon Transfer Monitor - hkey= - key= - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5E78002A-1612-021B-5A6C-6FFD9A1C2471} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.MP42 - MPG4C32.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.10 20:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.10 12:25:44 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\vlc
[2012.06.10 12:25:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.06.10 10:40:52 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Local\Macromedia
[2012.06.07 21:08:20 | 000,000,000 | ---D | C] -- C:\Users\FH\Doctor Web
[2012.06.06 21:55:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.06.06 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\bluejeans
[2012.06.04 22:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2012.06.04 20:52:08 | 000,000,000 | ---D | C] -- C:\Users\FH\DoctorWeb
[2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.06.04 19:27:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012.06.03 20:40:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.03 20:40:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 18:26:32 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.05.28 21:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.05.19 21:00:57 | 000,000,000 | ---D | C] -- C:\Users\FH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.14 07:42:25 | 000,002,391 | ---- | M] () -- C:\Users\FH\Desktop\Google Chrome.lnk
[2012.06.14 07:42:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000UA.job
[2012.06.14 07:42:16 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 07:42:16 | 000,015,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 07:42:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 07:37:28 | 001,622,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 07:37:28 | 000,698,738 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 07:37:28 | 000,655,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 07:37:28 | 000,148,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 07:37:28 | 000,121,926 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 07:36:05 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012.06.14 07:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 07:30:09 | 2146,291,711 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.10 18:19:29 | 004,929,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.10 12:25:40 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.07 17:41:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000Core.job
[2012.06.05 19:11:12 | 000,000,185 | ---- | M] () -- C:\Users\FH\Desktop\DrWeb.csv
[2012.06.04 22:36:25 | 000,002,103 | ---- | M] () -- C:\Users\FH\Desktop\HijackThis.lnk
[2012.06.04 21:11:10 | 000,000,808 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.03 20:47:23 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.03 20:40:41 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 18:30:50 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.28 21:52:02 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.28 21:39:47 | 001,854,885 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\Cat.DB
[2012.05.17 12:04:26 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1301000.01C\VT20120410.035
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.10 12:25:40 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.06.08 18:05:29 | 004,929,456 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.05 19:11:12 | 000,000,185 | ---- | C] () -- C:\Users\FH\Desktop\DrWeb.csv
[2012.06.04 22:36:25 | 000,002,103 | ---- | C] () -- C:\Users\FH\Desktop\HijackThis.lnk
[2012.06.03 20:40:41 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.30 18:26:33 | 000,002,391 | ---- | C] () -- C:\Users\FH\Desktop\Google Chrome.lnk
[2012.05.28 21:52:02 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.05.28 21:52:02 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.19 20:15:34 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Commands
[2012.04.11 20:40:26 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorTable
[2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Common
[2012.04.11 20:39:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Command Line Utility
[2012.04.10 19:45:38 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.01 21:44:04 | 000,004,608 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC64.dll
[2011.09.22 18:31:04 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll
[2011.09.03 20:44:01 | 000,002,112 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011.08.26 10:21:39 | 001,648,266 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.29 20:27:44 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Halftone
[2011.03.17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.12 10:49:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.10.24 18:22:21 | 000,001,940 | ---- | C] () -- C:\Users\FH\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\ColorSync
[2010.08.19 18:27:36 | 000,000,268 | RH-- | C] () -- C:\Users\FH\AppData\Roaming\Colors
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010.08.19 18:27:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010.06.25 21:06:57 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2012.01.07 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AllDup
[2011.01.14 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Amazon
[2009.11.05 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Anthropics
[2009.11.15 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AVM
[2012.06.06 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\bluejeans
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\BOM
[2010.12.21 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Buhl Data Service
[2010.04.27 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Canneverbe Limited
[2012.05.28 10:14:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Dropbox
[2010.08.17 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\DxO Labs
[2010.01.14 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\FRITZ!
[2011.11.15 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Garmin
[2011.09.02 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\gtk-2.0
[2010.05.26 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\HDRsoft
[2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\ImgBurn
[2012.04.29 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\IrfanView
[2010.12.10 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Leadertech
[2011.10.03 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MAGIX
[2009.11.05 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MiK
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Mp3tag
[2011.12.11 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MusicBee
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nik Software
[2010.08.20 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nikon
[2011.05.26 20:20:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\OfficeRecovery
[2010.08.17 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PACE Anti-Piracy
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PanoramaStudio
[2011.09.10 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\QuickScan
[2011.07.19 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.09.12 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\STRATO
[2012.05.09 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TeamViewer
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Tracker Software
[2012.01.14 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TrueCrypt
[2012.02.21 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\uTorrent
[2012.06.07 11:26:51 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.04.10 20:05:17 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Adobe
[2011.07.19 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Adobe Mini Bridge CS5
[2009.08.11 21:13:30 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AdobeUM
[2012.01.07 21:15:24 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AllDup
[2011.01.14 21:46:38 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Amazon
[2009.11.05 22:40:51 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Anthropics
[2012.03.10 20:10:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Apple Computer
[2009.11.15 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\AVM
[2012.06.06 18:12:56 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\bluejeans
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\BOM
[2010.12.21 20:58:42 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Buhl Data Service
[2010.04.27 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Canneverbe Limited
[2011.04.08 08:03:05 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Download Manager
[2012.05.28 10:14:54 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Dropbox
[2011.01.15 23:37:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\dvdcss
[2010.08.17 18:07:31 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\DxO Labs
[2010.01.14 19:54:37 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\FRITZ!
[2011.11.15 23:49:25 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Garmin
[2011.09.02 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\gtk-2.0
[2010.05.26 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\HDRsoft
[2010.02.08 21:52:06 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Identities
[2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\ImgBurn
[2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\InstallShield
[2012.04.29 10:55:58 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\IrfanView
[2010.12.10 19:07:26 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Leadertech
[2009.11.05 22:40:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Macromedia
[2011.10.03 20:08:52 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MAGIX
[2012.04.27 20:31:59 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Malwarebytes
[2009.07.14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Media Center Programs
[2012.01.25 21:06:51 | 000,000,000 | --SD | M] -- C:\Users\FH\AppData\Roaming\Microsoft
[2009.11.05 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MiK
[2012.05.28 21:52:15 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Mozilla
[2012.04.29 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Mp3tag
[2011.12.11 12:02:39 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\MusicBee
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nik Software
[2010.08.20 20:14:18 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Nikon
[2011.05.26 20:20:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\OfficeRecovery
[2010.08.17 18:05:53 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PACE Anti-Piracy
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\PanoramaStudio
[2011.09.10 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\QuickScan
[2011.03.14 08:34:24 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Real
[2012.06.06 18:51:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Skype
[2010.12.13 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\skypePM
[2011.07.19 19:46:29 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.09.12 19:03:57 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\STRATO
[2012.05.09 21:39:28 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TeamViewer
[2009.11.05 22:41:02 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Tracker Software
[2012.01.14 13:48:27 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\TrueCrypt
[2012.02.21 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\uTorrent
[2012.06.10 16:11:44 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\vlc
[2012.05.28 10:02:35 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\Winamp
[2010.01.01 20:16:43 | 000,000,000 | ---D | M] -- C:\Users\FH\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2012.05.25 16:25:40 | 000,057,480 | ---- | M] () -- C:\Users\FH\AppData\Roaming\bluejeans\bjnplugin\1.0.0.220\bjnUpdatePlugin.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\FH\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\FH\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.18 20:32:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\FH\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.04.11 20:40:53 | 000,061,440 | R--- | M] (Acresso Software Inc.) -- C:\Users\FH\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
[2010.08.11 20:30:50 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\FH\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
[2011.10.08 21:05:29 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\FH\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.01.16 20:29:46 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\FH\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2009.06.10 19:07:46 | 000,449,816 | ---- | M] (Tracker Software Products Ltd.) -- C:\Users\FH\AppData\Roaming\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) MD5=F27742D576F355972C94952671658DC2 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) MD5=F27742D576F355972C94952671658DC2 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.04.10 10:23:56 | 000,409,112 | ---- | M] (Intel Corporation) MD5=F27742D576F355972C94952671658DC2 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_8f0eb682dfbca40b\iaStor.sys
[2009.04.10 10:12:34 | 000,331,288 | ---- | M] (Intel Corporation) MD5=F397C2EBF0C01ED62F2A215018FDD221 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ck9qpEKUMFdL4haXexlDj
@Alternate Data Stream - 1118 bytes -> C:\Program Files (x86)\Common Files\System:nwi1Gl8XuWH80eHoCayQDbwxI6G12R
@Alternate Data Stream - 1018 bytes -> C:\ProgramData\Microsoft:OimpulZPjuzt1pwO0p7Retjpbr
< End of report >
|
|
14.06.2012, 12:10
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2736476
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9F 0D 3D 98 D0 C9 01 [binary data]
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found.
O3 - HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.23 07:58:44 | 000,000,019 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1211 bytes -> C:\ProgramData\Microsoft:ck9qpEKUMFdL4haXexlDj
@Alternate Data Stream - 1118 bytes -> C:\Program Files (x86)\Common Files\System:nwi1Gl8XuWH80eHoCayQDbwxI6G12R
@Alternate Data Stream - 1018 bytes -> C:\ProgramData\Microsoft:OimpulZPjuzt1pwO0p7Retjpbr
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.06.2012, 19:22
| #9 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Alles wie beschrieben erledigt. Hier ist das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
HKEY_USERS\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ not found.
Registry value HKEY_USERS\S-1-5-21-3505417148-2086896735-3607467643-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
ADS C:\Windows:nlsPreferences deleted successfully.
ADS C:\ProgramData\Microsoft:ck9qpEKUMFdL4haXexlDj deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:nwi1Gl8XuWH80eHoCayQDbwxI6G12R deleted successfully.
ADS C:\ProgramData\Microsoft:OimpulZPjuzt1pwO0p7Retjpbr deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: FH
->Temp folder emptied: 155744 bytes
->Temporary Internet Files folder emptied: 2242966 bytes
->Java cache emptied: 9778066 bytes
->FireFox cache emptied: 49404275 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57206 bytes
User: FH.FH-PC
->Temp folder emptied: 54013 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2843 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 49152 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60468026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 117,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: FH
->Flash cache emptied: 0 bytes
User: FH.FH-PC
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.47.0 log created on 06142012_201542
Files\Folders moved on Reboot...
C:\Users\FH\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
15.06.2012, 12:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach VirenfundCode:
ATTFilter [2012.06.06 21:55:54 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
Dieses Tool ist KEIN Spielzeug! Man sollte niemals pauschal alle Funde mit dem Tool entfernen! POste alle Logs vom TDSS-Killer, die müssten direkt auf C: liegen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.06.2012, 10:07
| #11 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund TDSS Log: Code:
ATTFilter 21:53:44.0955 2600 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:53:45.0041 2600 ============================================================
21:53:45.0041 2600 Current date / time: 2012/06/06 21:53:45.0041
21:53:45.0041 2600 SystemInfo:
21:53:45.0041 2600
21:53:45.0041 2600 OS Version: 6.1.7601 ServicePack: 1.0
21:53:45.0041 2600 Product type: Workstation
21:53:45.0042 2600 ComputerName: FH-PC
21:53:45.0042 2600 UserName: FH
21:53:45.0042 2600 Windows directory: C:\Windows
21:53:45.0042 2600 System windows directory: C:\Windows
21:53:45.0042 2600 Running under WOW64
21:53:45.0042 2600 Processor architecture: Intel x64
21:53:45.0042 2600 Number of processors: 2
21:53:45.0042 2600 Page size: 0x1000
21:53:45.0042 2600 Boot type: Normal boot
21:53:45.0042 2600 ============================================================
21:53:45.0294 2600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:53:45.0303 2600 ============================================================
21:53:45.0303 2600 \Device\Harddisk0\DR0:
21:53:45.0304 2600 MBR partitions:
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x55EBD000
21:53:45.0328 2600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x683B5800, BlocksNum 0xC350000
21:53:45.0328 2600 ============================================================
21:53:45.0391 2600 C: <-> \Device\Harddisk0\DR0\Partition1
21:53:45.0421 2600 D: <-> \Device\Harddisk0\DR0\Partition2
21:53:45.0450 2600 Z: <-> \Device\Harddisk0\DR0\Partition3
21:53:45.0450 2600 ============================================================
21:53:45.0450 2600 Initialize success
21:53:45.0450 2600 ============================================================
21:54:06.0527 2728 ============================================================
21:54:06.0527 2728 Scan started
21:54:06.0527 2728 Mode: Manual; SigCheck; TDLFS;
21:54:06.0527 2728 ============================================================
21:54:07.0172 2728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:54:07.0227 2728 1394ohci - ok
21:54:07.0280 2728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:54:07.0298 2728 ACPI - ok
21:54:07.0329 2728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:54:07.0349 2728 AcpiPmi - ok
21:54:07.0453 2728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:54:07.0464 2728 AdobeARMservice - ok
21:54:07.0572 2728 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:54:07.0585 2728 AdobeFlashPlayerUpdateSvc - ok
21:54:07.0635 2728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:54:07.0651 2728 adp94xx - ok
21:54:07.0682 2728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:54:07.0694 2728 adpahci - ok
21:54:07.0708 2728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:54:07.0718 2728 adpu320 - ok
21:54:07.0750 2728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:54:07.0788 2728 AeLookupSvc - ok
21:54:07.0854 2728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:54:07.0888 2728 AFD - ok
21:54:07.0929 2728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:54:07.0942 2728 agp440 - ok
21:54:08.0181 2728 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
21:54:08.0181 2728 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
21:54:08.0187 2728 Akamai ( HiddenFile.Multi.Generic ) - warning
21:54:08.0188 2728 Akamai - detected HiddenFile.Multi.Generic (1)
21:54:08.0281 2728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:54:08.0309 2728 ALG - ok
21:54:08.0366 2728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:54:08.0378 2728 aliide - ok
21:54:08.0431 2728 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
21:54:08.0459 2728 AMD External Events Utility - ok
21:54:08.0472 2728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:54:08.0485 2728 amdide - ok
21:54:08.0505 2728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:54:08.0541 2728 AmdK8 - ok
21:54:08.0972 2728 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:54:09.0072 2728 amdkmdag - ok
21:54:09.0216 2728 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:54:09.0240 2728 amdkmdap - ok
21:54:09.0262 2728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:54:09.0277 2728 AmdPPM - ok
21:54:09.0297 2728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:54:09.0311 2728 amdsata - ok
21:54:09.0343 2728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:54:09.0358 2728 amdsbs - ok
21:54:09.0379 2728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:54:09.0391 2728 amdxata - ok
21:54:09.0457 2728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:54:09.0512 2728 AppID - ok
21:54:09.0536 2728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:54:09.0580 2728 AppIDSvc - ok
21:54:09.0611 2728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:54:09.0651 2728 Appinfo - ok
21:54:09.0756 2728 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:54:09.0766 2728 Apple Mobile Device - ok
21:54:09.0817 2728 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:54:09.0841 2728 AppMgmt - ok
21:54:09.0862 2728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:54:09.0876 2728 arc - ok
21:54:09.0883 2728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:54:09.0895 2728 arcsas - ok
21:54:09.0979 2728 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:54:09.0990 2728 aspnet_state - ok
21:54:10.0010 2728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:54:10.0051 2728 AsyncMac - ok
21:54:10.0077 2728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:54:10.0085 2728 atapi - ok
21:54:10.0513 2728 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:54:10.0601 2728 atikmdag - ok
21:54:10.0731 2728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:54:10.0780 2728 AudioEndpointBuilder - ok
21:54:10.0785 2728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:54:10.0815 2728 AudioSrv - ok
21:54:10.0857 2728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:54:10.0890 2728 AxInstSV - ok
21:54:10.0968 2728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:54:10.0996 2728 b06bdrv - ok
21:54:11.0039 2728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:54:11.0064 2728 b57nd60a - ok
21:54:11.0100 2728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:54:11.0121 2728 BDESVC - ok
21:54:11.0139 2728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:54:11.0185 2728 Beep - ok
21:54:11.0241 2728 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:54:11.0299 2728 BFE - ok
21:54:11.0344 2728 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:54:11.0392 2728 BITS - ok
21:54:11.0436 2728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:11.0462 2728 blbdrive - ok
21:54:11.0571 2728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:54:11.0586 2728 Bonjour Service - ok
21:54:11.0619 2728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:54:11.0628 2728 bowser - ok
21:54:11.0639 2728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:11.0662 2728 BrFiltLo - ok
21:54:11.0681 2728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:11.0701 2728 BrFiltUp - ok
21:54:11.0734 2728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:54:11.0784 2728 Browser - ok
21:54:11.0812 2728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:54:11.0834 2728 Brserid - ok
21:54:11.0862 2728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:11.0886 2728 BrSerWdm - ok
21:54:11.0897 2728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:11.0924 2728 BrUsbMdm - ok
21:54:11.0937 2728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:11.0953 2728 BrUsbSer - ok
21:54:11.0982 2728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:12.0003 2728 BTHMODEM - ok
21:54:12.0040 2728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:54:12.0066 2728 bthserv - ok
21:54:12.0084 2728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:54:12.0121 2728 cdfs - ok
21:54:12.0163 2728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:54:12.0190 2728 cdrom - ok
21:54:12.0227 2728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:54:12.0277 2728 CertPropSvc - ok
21:54:12.0300 2728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:54:12.0313 2728 circlass - ok
21:54:12.0353 2728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:54:12.0371 2728 CLFS - ok
21:54:12.0422 2728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:12.0429 2728 clr_optimization_v2.0.50727_32 - ok
21:54:12.0476 2728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:54:12.0487 2728 clr_optimization_v2.0.50727_64 - ok
21:54:12.0537 2728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:12.0548 2728 clr_optimization_v4.0.30319_32 - ok
21:54:12.0570 2728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:54:12.0582 2728 clr_optimization_v4.0.30319_64 - ok
21:54:12.0588 2728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:12.0615 2728 CmBatt - ok
21:54:12.0636 2728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:54:12.0648 2728 cmdide - ok
21:54:12.0687 2728 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:54:12.0713 2728 CNG - ok
21:54:12.0738 2728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:54:12.0746 2728 Compbatt - ok
21:54:12.0776 2728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:54:12.0788 2728 CompositeBus - ok
21:54:12.0800 2728 COMSysApp - ok
21:54:12.0810 2728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:12.0819 2728 crcdisk - ok
21:54:12.0854 2728 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:54:12.0899 2728 CryptSvc - ok
21:54:12.0943 2728 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:54:12.0969 2728 CSC - ok
21:54:13.0015 2728 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:54:13.0037 2728 CscService - ok
21:54:13.0085 2728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:54:13.0142 2728 DcomLaunch - ok
21:54:13.0178 2728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:54:13.0214 2728 defragsvc - ok
21:54:13.0265 2728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:54:13.0315 2728 DfsC - ok
21:54:13.0354 2728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:54:13.0381 2728 Dhcp - ok
21:54:13.0405 2728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:54:13.0445 2728 discache - ok
21:54:13.0471 2728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:54:13.0480 2728 Disk - ok
21:54:13.0510 2728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:54:13.0530 2728 Dnscache - ok
21:54:13.0564 2728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:54:13.0602 2728 dot3svc - ok
21:54:13.0631 2728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:54:13.0675 2728 DPS - ok
21:54:13.0708 2728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:54:13.0726 2728 drmkaud - ok
21:54:13.0795 2728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:54:13.0822 2728 DXGKrnl - ok
21:54:13.0847 2728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:54:13.0884 2728 EapHost - ok
21:54:14.0043 2728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:54:14.0092 2728 ebdrv - ok
21:54:14.0178 2728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:54:14.0206 2728 EFS - ok
21:54:14.0264 2728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:54:14.0293 2728 ehRecvr - ok
21:54:14.0324 2728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:54:14.0339 2728 ehSched - ok
21:54:14.0403 2728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:54:14.0423 2728 elxstor - ok
21:54:14.0448 2728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:54:14.0466 2728 ErrDev - ok
21:54:14.0526 2728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:54:14.0576 2728 EventSystem - ok
21:54:14.0594 2728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:54:14.0629 2728 exfat - ok
21:54:14.0648 2728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:54:14.0685 2728 fastfat - ok
21:54:14.0751 2728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:54:14.0782 2728 Fax - ok
21:54:14.0796 2728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:54:14.0823 2728 fdc - ok
21:54:14.0852 2728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:54:14.0900 2728 fdPHost - ok
21:54:14.0916 2728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:54:14.0950 2728 FDResPub - ok
21:54:14.0966 2728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:54:14.0975 2728 FileInfo - ok
21:54:14.0988 2728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:54:15.0013 2728 Filetrace - ok
21:54:15.0027 2728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:15.0036 2728 flpydisk - ok
21:54:15.0064 2728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:54:15.0075 2728 FltMgr - ok
21:54:15.0146 2728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:54:15.0174 2728 FontCache - ok
21:54:15.0246 2728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:54:15.0255 2728 FontCache3.0.0.0 - ok
21:54:15.0292 2728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:54:15.0305 2728 FsDepends - ok
21:54:15.0331 2728 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:54:15.0343 2728 Fs_Rec - ok
21:54:15.0384 2728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:54:15.0403 2728 fvevol - ok
21:54:15.0424 2728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:15.0433 2728 gagp30kx - ok
21:54:15.0462 2728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:54:15.0468 2728 GEARAspiWDM - ok
21:54:15.0532 2728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:54:15.0572 2728 gpsvc - ok
21:54:15.0602 2728 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys
21:54:15.0608 2728 grmnusb - ok
21:54:15.0666 2728 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:15.0679 2728 gusvc - ok
21:54:15.0693 2728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:54:15.0711 2728 hcw85cir - ok
21:54:15.0773 2728 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:54:15.0799 2728 HdAudAddService - ok
21:54:15.0849 2728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:54:15.0876 2728 HDAudBus - ok
21:54:15.0890 2728 hdgnlava - ok
21:54:15.0902 2728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:15.0927 2728 HidBatt - ok
21:54:15.0944 2728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:54:15.0968 2728 HidBth - ok
21:54:15.0986 2728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:54:16.0017 2728 HidIr - ok
21:54:16.0040 2728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:54:16.0088 2728 hidserv - ok
21:54:16.0115 2728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:54:16.0133 2728 HidUsb - ok
21:54:16.0155 2728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:54:16.0190 2728 hkmsvc - ok
21:54:16.0214 2728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:54:16.0225 2728 HomeGroupListener - ok
21:54:16.0250 2728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:54:16.0274 2728 HomeGroupProvider - ok
21:54:16.0365 2728 HotspotShieldService (b2afa712b3cdf8ad04d85c56546bb174) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
21:54:16.0372 2728 HotspotShieldService ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0372 2728 HotspotShieldService - detected UnsignedFile.Multi.Generic (1)
21:54:16.0411 2728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:54:16.0420 2728 HpSAMD - ok
21:54:16.0441 2728 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
21:54:16.0476 2728 HssDrv - ok
21:54:16.0537 2728 HssSrv (b8b90bb7011556691d432aaecaa0d26c) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
21:54:16.0544 2728 HssSrv ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0544 2728 HssSrv - detected UnsignedFile.Multi.Generic (1)
21:54:16.0575 2728 HssTrayService (8faab97946600e312cb3398061ad3059) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
21:54:16.0579 2728 HssTrayService ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0579 2728 HssTrayService - detected UnsignedFile.Multi.Generic (1)
21:54:16.0585 2728 HssWd - ok
21:54:16.0648 2728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:54:16.0686 2728 HTTP - ok
21:54:16.0707 2728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:54:16.0716 2728 hwpolicy - ok
21:54:16.0736 2728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:54:16.0746 2728 i8042prt - ok
21:54:16.0809 2728 IAANTMON (549275dc1004e09f92167b98b0ce63fe) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:54:16.0824 2728 IAANTMON - ok
21:54:16.0871 2728 iaStor (f27742d576f355972c94952671658dc2) C:\Windows\system32\DRIVERS\iaStor.sys
21:54:16.0886 2728 iaStor - ok
21:54:16.0917 2728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:54:16.0935 2728 iaStorV - ok
21:54:16.0974 2728 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:54:16.0987 2728 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0987 2728 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:54:17.0077 2728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:54:17.0096 2728 idsvc - ok
21:54:17.0187 2728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:54:17.0200 2728 iirsp - ok
21:54:17.0263 2728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:54:17.0321 2728 IKEEXT - ok
21:54:17.0336 2728 iktydhah - ok
21:54:17.0369 2728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:54:17.0382 2728 intelide - ok
21:54:17.0402 2728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:54:17.0426 2728 intelppm - ok
21:54:17.0483 2728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:54:17.0532 2728 IPBusEnum - ok
21:54:17.0564 2728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:17.0597 2728 IpFilterDriver - ok
21:54:17.0644 2728 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:54:17.0689 2728 iphlpsvc - ok
21:54:17.0705 2728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:54:17.0725 2728 IPMIDRV - ok
21:54:17.0747 2728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:54:17.0773 2728 IPNAT - ok
21:54:17.0897 2728 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:54:17.0920 2728 iPod Service - ok
21:54:17.0942 2728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:54:17.0963 2728 IRENUM - ok
21:54:17.0980 2728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:54:17.0989 2728 isapnp - ok
21:54:18.0010 2728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:54:18.0021 2728 iScsiPrt - ok
21:54:18.0105 2728 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:54:18.0118 2728 ISODrive - ok
21:54:18.0141 2728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:54:18.0154 2728 kbdclass - ok
21:54:18.0187 2728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:54:18.0214 2728 kbdhid - ok
21:54:18.0237 2728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:18.0251 2728 KeyIso - ok
21:54:18.0268 2728 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:54:18.0281 2728 KSecDD - ok
21:54:18.0298 2728 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:54:18.0313 2728 KSecPkg - ok
21:54:18.0341 2728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:54:18.0389 2728 ksthunk - ok
21:54:18.0426 2728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:54:18.0465 2728 KtmRm - ok
21:54:18.0513 2728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:54:18.0557 2728 LanmanServer - ok
21:54:18.0583 2728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:54:18.0618 2728 LanmanWorkstation - ok
21:54:18.0654 2728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:54:18.0701 2728 lltdio - ok
21:54:18.0725 2728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:54:18.0761 2728 lltdsvc - ok
21:54:18.0777 2728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:54:18.0802 2728 lmhosts - ok
21:54:18.0829 2728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:18.0839 2728 LSI_FC - ok
21:54:18.0847 2728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:18.0856 2728 LSI_SAS - ok
21:54:18.0866 2728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:18.0875 2728 LSI_SAS2 - ok
21:54:18.0890 2728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:18.0899 2728 LSI_SCSI - ok
21:54:18.0924 2728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:54:18.0959 2728 luafv - ok
21:54:18.0996 2728 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:54:19.0003 2728 LVPr2M64 - ok
21:54:19.0019 2728 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:54:19.0026 2728 LVPr2Mon - ok
21:54:19.0060 2728 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:54:19.0072 2728 LVRS64 - ok
21:54:19.0296 2728 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:54:19.0360 2728 LVUVC64 - ok
21:54:19.0475 2728 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:54:19.0489 2728 MBAMProtector - ok
21:54:19.0580 2728 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:54:19.0599 2728 MBAMService - ok
21:54:19.0620 2728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:54:19.0640 2728 Mcx2Svc - ok
21:54:19.0668 2728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:54:19.0676 2728 megasas - ok
21:54:19.0698 2728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:19.0709 2728 MegaSR - ok
21:54:19.0743 2728 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\2DB9.tmp
21:54:19.0755 2728 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
21:54:19.0755 2728 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
21:54:19.0829 2728 Microsoft SharePoint Workspace Audit Service - ok
21:54:19.0865 2728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:54:19.0904 2728 MMCSS - ok
21:54:19.0919 2728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:54:19.0951 2728 Modem - ok
21:54:19.0977 2728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:54:19.0998 2728 monitor - ok
21:54:20.0032 2728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:54:20.0045 2728 mouclass - ok
21:54:20.0062 2728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:54:20.0080 2728 mouhid - ok
21:54:20.0100 2728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:54:20.0109 2728 mountmgr - ok
21:54:20.0141 2728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:54:20.0151 2728 mpio - ok
21:54:20.0169 2728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:54:20.0195 2728 mpsdrv - ok
21:54:20.0263 2728 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:54:20.0325 2728 MpsSvc - ok
21:54:20.0353 2728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:54:20.0377 2728 MRxDAV - ok
21:54:20.0400 2728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:20.0425 2728 mrxsmb - ok
21:54:20.0460 2728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:20.0489 2728 mrxsmb10 - ok
21:54:20.0521 2728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:20.0535 2728 mrxsmb20 - ok
21:54:20.0547 2728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:54:20.0560 2728 msahci - ok
21:54:20.0574 2728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:54:20.0585 2728 msdsm - ok
21:54:20.0608 2728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:54:20.0627 2728 MSDTC - ok
21:54:20.0660 2728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:54:20.0685 2728 Msfs - ok
21:54:20.0694 2728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:54:20.0732 2728 mshidkmdf - ok
21:54:20.0742 2728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:54:20.0751 2728 msisadrv - ok
21:54:20.0789 2728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:54:20.0843 2728 MSiSCSI - ok
21:54:20.0845 2728 msiserver - ok
21:54:20.0863 2728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:54:20.0901 2728 MSKSSRV - ok
21:54:20.0916 2728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:20.0956 2728 MSPCLOCK - ok
21:54:20.0959 2728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:54:21.0000 2728 MSPQM - ok
21:54:21.0032 2728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:54:21.0044 2728 MsRPC - ok
21:54:21.0058 2728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:54:21.0067 2728 mssmbios - ok
21:54:21.0082 2728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:54:21.0108 2728 MSTEE - ok
21:54:21.0123 2728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:21.0141 2728 MTConfig - ok
21:54:21.0164 2728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:54:21.0173 2728 Mup - ok
21:54:21.0219 2728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:54:21.0248 2728 napagent - ok
21:54:21.0284 2728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:54:21.0309 2728 NativeWifiP - ok
21:54:21.0370 2728 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:54:21.0397 2728 NDIS - ok
21:54:21.0422 2728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:21.0456 2728 NdisCap - ok
21:54:21.0480 2728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:21.0515 2728 NdisTapi - ok
21:54:21.0555 2728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:21.0583 2728 Ndisuio - ok
21:54:21.0620 2728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:21.0657 2728 NdisWan - ok
21:54:21.0682 2728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:54:21.0715 2728 NDProxy - ok
21:54:21.0726 2728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:54:21.0752 2728 NetBIOS - ok
21:54:21.0788 2728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:54:21.0827 2728 NetBT - ok
21:54:21.0851 2728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:21.0861 2728 Netlogon - ok
21:54:21.0908 2728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:54:21.0948 2728 Netman - ok
21:54:22.0050 2728 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0061 2728 NetMsmqActivator - ok
21:54:22.0064 2728 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0075 2728 NetPipeActivator - ok
21:54:22.0111 2728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:54:22.0154 2728 netprofm - ok
21:54:22.0159 2728 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0167 2728 NetTcpActivator - ok
21:54:22.0169 2728 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0177 2728 NetTcpPortSharing - ok
21:54:22.0220 2728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:22.0233 2728 nfrd960 - ok
21:54:22.0274 2728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:54:22.0313 2728 NlaSvc - ok
21:54:22.0410 2728 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
21:54:22.0419 2728 nlsX86cc - ok
21:54:22.0492 2728 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
21:54:22.0502 2728 NMSAccessU - ok
21:54:22.0510 2728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:54:22.0542 2728 Npfs - ok
21:54:22.0553 2728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:54:22.0589 2728 nsi - ok
21:54:22.0603 2728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:54:22.0638 2728 nsiproxy - ok
21:54:22.0735 2728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:54:22.0769 2728 Ntfs - ok
21:54:22.0872 2728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:54:22.0909 2728 Null - ok
21:54:22.0940 2728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:54:22.0950 2728 nvraid - ok
21:54:22.0977 2728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:54:22.0987 2728 nvstor - ok
21:54:23.0013 2728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:54:23.0023 2728 nv_agp - ok
21:54:23.0037 2728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:54:23.0056 2728 ohci1394 - ok
21:54:23.0111 2728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:23.0122 2728 ose - ok
21:54:23.0411 2728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:54:23.0475 2728 osppsvc - ok
21:54:23.0564 2728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:54:23.0594 2728 p2pimsvc - ok
21:54:23.0629 2728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:54:23.0648 2728 p2psvc - ok
21:54:23.0707 2728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:54:23.0738 2728 Parport - ok
21:54:23.0764 2728 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:54:23.0777 2728 partmgr - ok
21:54:23.0794 2728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:54:23.0828 2728 PcaSvc - ok
21:54:23.0861 2728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:54:23.0876 2728 pci - ok
21:54:23.0891 2728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:54:23.0903 2728 pciide - ok
21:54:23.0921 2728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:23.0936 2728 pcmcia - ok
21:54:23.0947 2728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:54:23.0956 2728 pcw - ok
21:54:23.0994 2728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:54:24.0032 2728 PEAUTH - ok
21:54:24.0116 2728 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:54:24.0161 2728 PeerDistSvc - ok
21:54:24.0239 2728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:54:24.0262 2728 PerfHost - ok
21:54:24.0395 2728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:54:24.0446 2728 pla - ok
21:54:24.0486 2728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:54:24.0511 2728 PlugPlay - ok
21:54:24.0528 2728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:54:24.0552 2728 PNRPAutoReg - ok
21:54:24.0580 2728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:54:24.0592 2728 PNRPsvc - ok
21:54:24.0653 2728 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
21:54:24.0663 2728 Point64 - ok
21:54:24.0711 2728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:54:24.0763 2728 PolicyAgent - ok
21:54:24.0789 2728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:54:24.0826 2728 Power - ok
21:54:24.0868 2728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:54:24.0920 2728 PptpMiniport - ok
21:54:24.0944 2728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:54:24.0960 2728 Processor - ok
21:54:24.0995 2728 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:54:25.0034 2728 ProfSvc - ok
21:54:25.0055 2728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:25.0064 2728 ProtectedStorage - ok
21:54:25.0088 2728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:54:25.0114 2728 Psched - ok
21:54:25.0163 2728 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
21:54:25.0172 2728 PSI - ok
21:54:25.0201 2728 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:54:25.0212 2728 PxHlpa64 - ok
21:54:25.0287 2728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:54:25.0320 2728 ql2300 - ok
21:54:25.0422 2728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:25.0432 2728 ql40xx - ok
21:54:25.0467 2728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:54:25.0481 2728 QWAVE - ok
21:54:25.0518 2728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:54:25.0544 2728 QWAVEdrv - ok
21:54:25.0554 2728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:54:25.0595 2728 RasAcd - ok
21:54:25.0629 2728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:25.0655 2728 RasAgileVpn - ok
21:54:25.0671 2728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:54:25.0698 2728 RasAuto - ok
21:54:25.0717 2728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:25.0749 2728 Rasl2tp - ok
21:54:25.0793 2728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:54:25.0830 2728 RasMan - ok
21:54:25.0848 2728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:25.0889 2728 RasPppoe - ok
21:54:25.0904 2728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:54:25.0945 2728 RasSstp - ok
21:54:25.0980 2728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:54:26.0020 2728 rdbss - ok
21:54:26.0030 2728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:26.0049 2728 rdpbus - ok
21:54:26.0062 2728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:26.0088 2728 RDPCDD - ok
21:54:26.0115 2728 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:54:26.0125 2728 RDPDR - ok
21:54:26.0143 2728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:54:26.0182 2728 RDPENCDD - ok
21:54:26.0200 2728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:54:26.0226 2728 RDPREFMP - ok
21:54:26.0249 2728 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:54:26.0265 2728 RdpVideoMiniport - ok
21:54:26.0301 2728 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:54:26.0323 2728 RDPWD - ok
21:54:26.0353 2728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:54:26.0363 2728 rdyboost - ok
21:54:26.0391 2728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:54:26.0426 2728 RemoteAccess - ok
21:54:26.0457 2728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:54:26.0497 2728 RemoteRegistry - ok
21:54:26.0511 2728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:54:26.0544 2728 RpcEptMapper - ok
21:54:26.0559 2728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:54:26.0584 2728 RpcLocator - ok
21:54:26.0635 2728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:54:26.0664 2728 RpcSs - ok
21:54:26.0699 2728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:54:26.0725 2728 rspndr - ok
21:54:26.0784 2728 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:54:26.0794 2728 RTL8167 - ok
21:54:26.0828 2728 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:54:26.0854 2728 RTL8169 - ok
21:54:26.0890 2728 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:54:26.0904 2728 RtNdPt60 - ok
21:54:26.0932 2728 RTTEAMPT (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:54:26.0939 2728 RTTEAMPT - ok
21:54:26.0948 2728 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:54:26.0969 2728 RTVLANPT - ok
21:54:26.0986 2728 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:54:27.0004 2728 s3cap - ok
21:54:27.0025 2728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:27.0034 2728 SamSs - ok
21:54:27.0116 2728 SbieDrv (0fe05dd9bbf0782e2bbf0977f2034616) C:\Program Files\Sandboxie\SbieDrv.sys
21:54:27.0126 2728 SbieDrv - ok
21:54:27.0164 2728 SbieSvc (c970c7b2fd2e811525d4578d50b535f5) C:\Program Files\Sandboxie\SbieSvc.exe
21:54:27.0172 2728 SbieSvc - ok
21:54:27.0183 2728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:54:27.0193 2728 sbp2port - ok
21:54:27.0222 2728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:54:27.0250 2728 SCardSvr - ok
21:54:27.0271 2728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:54:27.0320 2728 scfilter - ok
21:54:27.0395 2728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:54:27.0449 2728 Schedule - ok
21:54:27.0478 2728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:54:27.0503 2728 SCPolicySvc - ok
21:54:27.0536 2728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:54:27.0553 2728 SDRSVC - ok
21:54:27.0620 2728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:54:27.0645 2728 secdrv - ok
21:54:27.0659 2728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:54:27.0694 2728 seclogon - ok
21:54:27.0794 2728 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:54:27.0810 2728 Secunia PSI Agent - ok
21:54:27.0846 2728 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe
21:54:27.0856 2728 Secunia Update Agent - ok
21:54:27.0936 2728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:54:27.0976 2728 SENS - ok
21:54:27.0993 2728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:54:28.0003 2728 SensrSvc - ok
21:54:28.0031 2728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:54:28.0048 2728 Serenum - ok
21:54:28.0067 2728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:54:28.0084 2728 Serial - ok
21:54:28.0124 2728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:54:28.0142 2728 sermouse - ok
21:54:28.0174 2728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:54:28.0210 2728 SessionEnv - ok
21:54:28.0235 2728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:54:28.0263 2728 sffdisk - ok
21:54:28.0279 2728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:54:28.0305 2728 sffp_mmc - ok
21:54:28.0322 2728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:54:28.0353 2728 sffp_sd - ok
21:54:28.0366 2728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:54:28.0377 2728 sfloppy - ok
21:54:28.0414 2728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:54:28.0442 2728 SharedAccess - ok
21:54:28.0482 2728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:54:28.0510 2728 ShellHWDetection - ok
21:54:28.0529 2728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:54:28.0538 2728 SiSRaid2 - ok
21:54:28.0551 2728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:54:28.0560 2728 SiSRaid4 - ok
21:54:28.0631 2728 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:54:28.0642 2728 SkypeUpdate - ok
21:54:28.0661 2728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:54:28.0700 2728 Smb - ok
21:54:28.0733 2728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:54:28.0744 2728 SNMPTRAP - ok
21:54:28.0755 2728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:54:28.0764 2728 spldr - ok
21:54:28.0816 2728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:54:28.0859 2728 Spooler - ok
21:54:29.0043 2728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:54:29.0120 2728 sppsvc - ok
21:54:29.0184 2728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:54:29.0235 2728 sppuinotify - ok
21:54:29.0329 2728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:54:29.0360 2728 srv - ok
21:54:29.0408 2728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:54:29.0439 2728 srv2 - ok
21:54:29.0462 2728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:54:29.0484 2728 srvnet - ok
21:54:29.0520 2728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:54:29.0570 2728 SSDPSRV - ok
21:54:29.0588 2728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:54:29.0615 2728 SstpSvc - ok
21:54:29.0647 2728 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:54:29.0659 2728 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:29.0659 2728 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:29.0685 2728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:54:29.0693 2728 stexstor - ok
21:54:29.0757 2728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:54:29.0790 2728 stisvc - ok
21:54:29.0818 2728 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:54:29.0827 2728 storflt - ok
21:54:29.0833 2728 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:54:29.0842 2728 storvsc - ok
21:54:29.0921 2728 STRATO HiDrive Service (a4533f6ee3dca68be5671c0571384e3a) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
21:54:29.0924 2728 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning
21:54:29.0924 2728 STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1)
21:54:29.0944 2728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:54:29.0957 2728 swenum - ok
21:54:30.0042 2728 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:54:30.0069 2728 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:54:30.0069 2728 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:54:30.0119 2728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:54:30.0161 2728 swprv - ok
21:54:30.0164 2728 Synth3dVsc - ok
21:54:30.0262 2728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:54:30.0314 2728 SysMain - ok
21:54:30.0413 2728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:54:30.0433 2728 TabletInputService - ok
21:54:30.0467 2728 tap0901 (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
21:54:30.0486 2728 tap0901 - ok
21:54:30.0518 2728 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:54:30.0525 2728 taphss - ok
21:54:30.0566 2728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:54:30.0603 2728 TapiSrv - ok
21:54:30.0627 2728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:54:30.0654 2728 TBS - ok
21:54:30.0761 2728 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:54:30.0803 2728 Tcpip - ok
21:54:30.0940 2728 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:54:30.0972 2728 TCPIP6 - ok
21:54:31.0023 2728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:54:31.0067 2728 tcpipreg - ok
21:54:31.0086 2728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:54:31.0106 2728 TDPIPE - ok
21:54:31.0134 2728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:54:31.0143 2728 TDTCP - ok
21:54:31.0181 2728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:54:31.0206 2728 tdx - ok
21:54:31.0242 2728 TEAM (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:54:31.0249 2728 TEAM - ok
21:54:31.0448 2728 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:54:31.0489 2728 TeamViewer7 - ok
21:54:31.0553 2728 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:54:31.0562 2728 teamviewervpn - ok
21:54:31.0585 2728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:54:31.0599 2728 TermDD - ok
21:54:31.0647 2728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:54:31.0700 2728 TermService - ok
21:54:31.0738 2728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:54:31.0760 2728 Themes - ok
21:54:31.0785 2728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:54:31.0811 2728 THREADORDER - ok
21:54:31.0846 2728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:54:31.0886 2728 TrkWks - ok
21:54:31.0942 2728 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
21:54:31.0956 2728 truecrypt - ok
21:54:32.0011 2728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:54:32.0043 2728 TrustedInstaller - ok
21:54:32.0068 2728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:32.0093 2728 tssecsrv - ok
21:54:32.0117 2728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:54:32.0134 2728 TsUsbFlt - ok
21:54:32.0138 2728 tsusbhub - ok
21:54:32.0187 2728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:54:32.0232 2728 tunnel - ok
21:54:32.0253 2728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:54:32.0262 2728 uagp35 - ok
21:54:32.0306 2728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:54:32.0357 2728 udfs - ok
21:54:32.0379 2728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:54:32.0390 2728 UI0Detect - ok
21:54:32.0410 2728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:54:32.0419 2728 uliagpkx - ok
21:54:32.0453 2728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:54:32.0476 2728 umbus - ok
21:54:32.0498 2728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:54:32.0519 2728 UmPass - ok
21:54:32.0554 2728 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:54:32.0582 2728 UmRdpService - ok
21:54:32.0694 2728 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:54:32.0711 2728 UMVPFSrv - ok
21:54:32.0736 2728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:54:32.0765 2728 upnphost - ok
21:54:32.0784 2728 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:54:32.0804 2728 USBAAPL64 - ok
21:54:32.0844 2728 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:54:32.0864 2728 usbaudio - ok
21:54:32.0885 2728 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:32.0895 2728 usbccgp - ok
21:54:32.0920 2728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:54:32.0931 2728 usbcir - ok
21:54:32.0951 2728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:54:32.0960 2728 usbehci - ok
21:54:32.0985 2728 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:54:33.0009 2728 usbhub - ok
21:54:33.0026 2728 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:54:33.0036 2728 usbohci - ok
21:54:33.0048 2728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:33.0069 2728 usbprint - ok
21:54:33.0084 2728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:33.0108 2728 USBSTOR - ok
21:54:33.0124 2728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:33.0145 2728 usbuhci - ok
21:54:33.0173 2728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:54:33.0212 2728 UxSms - ok
21:54:33.0232 2728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:33.0242 2728 VaultSvc - ok
21:54:33.0255 2728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:54:33.0264 2728 vdrvroot - ok
21:54:33.0311 2728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:54:33.0350 2728 vds - ok
21:54:33.0362 2728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:33.0373 2728 vga - ok
21:54:33.0385 2728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:54:33.0420 2728 VgaSave - ok
21:54:33.0433 2728 VGPU - ok
21:54:33.0473 2728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:54:33.0484 2728 vhdmp - ok
21:54:33.0493 2728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:54:33.0503 2728 viaide - ok
21:54:33.0562 2728 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:54:33.0569 2728 VLAN - ok
21:54:33.0605 2728 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:54:33.0616 2728 vmbus - ok
21:54:33.0626 2728 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:54:33.0643 2728 VMBusHID - ok
21:54:33.0661 2728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:54:33.0670 2728 volmgr - ok
21:54:33.0705 2728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:54:33.0717 2728 volmgrx - ok
21:54:33.0743 2728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:54:33.0754 2728 volsnap - ok
21:54:33.0775 2728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:33.0785 2728 vsmraid - ok
21:54:33.0896 2728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:54:33.0946 2728 VSS - ok
21:54:34.0039 2728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:54:34.0065 2728 vwifibus - ok
21:54:34.0101 2728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:54:34.0130 2728 W32Time - ok
21:54:34.0141 2728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:54:34.0151 2728 WacomPen - ok
21:54:34.0193 2728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:34.0225 2728 WANARP - ok
21:54:34.0234 2728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:34.0258 2728 Wanarpv6 - ok
21:54:34.0344 2728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:34.0377 2728 WatAdminSvc - ok
21:54:34.0465 2728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:54:34.0498 2728 wbengine - ok
21:54:34.0579 2728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:54:34.0600 2728 WbioSrvc - ok
21:54:34.0634 2728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:54:34.0660 2728 wcncsvc - ok
21:54:34.0679 2728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:54:34.0699 2728 WcsPlugInService - ok
21:54:34.0734 2728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:54:34.0743 2728 Wd - ok
21:54:34.0782 2728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:54:34.0797 2728 Wdf01000 - ok
21:54:34.0813 2728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:54:34.0837 2728 WdiServiceHost - ok
21:54:34.0839 2728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:54:34.0853 2728 WdiSystemHost - ok
21:54:34.0886 2728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:54:34.0912 2728 WebClient - ok
21:54:34.0934 2728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:54:34.0977 2728 Wecsvc - ok
21:54:34.0991 2728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:54:35.0026 2728 wercplsupport - ok
21:54:35.0047 2728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:54:35.0074 2728 WerSvc - ok
21:54:35.0101 2728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:35.0127 2728 WfpLwf - ok
21:54:35.0135 2728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:54:35.0144 2728 WIMMount - ok
21:54:35.0193 2728 WinDefend - ok
21:54:35.0201 2728 WinHttpAutoProxySvc - ok
21:54:35.0262 2728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:54:35.0301 2728 Winmgmt - ok
21:54:35.0408 2728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:54:35.0459 2728 WinRM - ok
21:54:35.0580 2728 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:35.0608 2728 WinUsb - ok
21:54:35.0669 2728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:54:35.0708 2728 Wlansvc - ok
21:54:35.0728 2728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:54:35.0738 2728 WmiAcpi - ok
21:54:35.0803 2728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:54:35.0831 2728 wmiApSrv - ok
21:54:35.0901 2728 WMPNetworkSvc - ok
21:54:35.0918 2728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:54:35.0932 2728 WPCSvc - ok
21:54:35.0962 2728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:54:35.0979 2728 WPDBusEnum - ok
21:54:36.0002 2728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:36.0053 2728 ws2ifsl - ok
21:54:36.0065 2728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:54:36.0092 2728 wscsvc - ok
21:54:36.0094 2728 WSearch - ok
21:54:36.0223 2728 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:54:36.0284 2728 wuauserv - ok
21:54:36.0386 2728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:54:36.0428 2728 WudfPf - ok
21:54:36.0465 2728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:54:36.0503 2728 wudfsvc - ok
21:54:36.0541 2728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:54:36.0556 2728 WwanSvc - ok
21:54:36.0576 2728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:54:36.0940 2728 \Device\Harddisk0\DR0 - ok
21:54:36.0942 2728 Boot (0x1200) (0bad36234d44da07ecd9352cabff905d) \Device\Harddisk0\DR0\Partition0
21:54:36.0944 2728 \Device\Harddisk0\DR0\Partition0 - ok
21:54:36.0968 2728 Boot (0x1200) (777b13c19d7df68449108280f2a13010) \Device\Harddisk0\DR0\Partition1
21:54:36.0969 2728 \Device\Harddisk0\DR0\Partition1 - ok
21:54:36.0983 2728 Boot (0x1200) (2bb9fa725471a7211fc6a271a3451b14) \Device\Harddisk0\DR0\Partition2
21:54:36.0984 2728 \Device\Harddisk0\DR0\Partition2 - ok
21:54:37.0012 2728 Boot (0x1200) (886e4e72fb1c452c861462f8cfa669af) \Device\Harddisk0\DR0\Partition3
21:54:37.0012 2728 \Device\Harddisk0\DR0\Partition3 - ok
21:54:37.0013 2728 ============================================================
21:54:37.0013 2728 Scan finished
21:54:37.0013 2728 ============================================================
21:54:37.0022 1088 Detected object count: 9
21:54:37.0022 1088 Actual detected object count: 9
21:55:21.0260 1088 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:55:21.0260 1088 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:55:21.0260 1088 HotspotShieldService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0260 1088 HotspotShieldService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0262 1088 HssSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0262 1088 HssSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0263 1088 HssTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0263 1088 HssTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0264 1088 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0264 1088 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0265 1088 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0265 1088 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0266 1088 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0266 1088 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0268 1088 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0268 1088 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0269 1088 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0269 1088 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:29.0035 3192 ============================================================
21:55:29.0035 3192 Scan started
21:55:29.0035 3192 Mode: Manual;
21:55:29.0035 3192 ============================================================
21:55:29.0525 3192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:55:29.0526 3192 1394ohci - ok
21:55:29.0563 3192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:55:29.0564 3192 ACPI - ok
21:55:29.0591 3192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:55:29.0591 3192 AcpiPmi - ok
21:55:29.0683 3192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:55:29.0684 3192 AdobeARMservice - ok
21:55:29.0779 3192 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:29.0780 3192 AdobeFlashPlayerUpdateSvc - ok
21:55:29.0824 3192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:55:29.0827 3192 adp94xx - ok
21:55:29.0855 3192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:55:29.0857 3192 adpahci - ok
21:55:29.0872 3192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:55:29.0873 3192 adpu320 - ok
21:55:29.0898 3192 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:55:29.0899 3192 AeLookupSvc - ok
21:55:29.0947 3192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:55:29.0950 3192 AFD - ok
21:55:29.0961 3192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:55:29.0961 3192 agp440 - ok
21:55:30.0185 3192 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
21:55:30.0185 3192 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
21:55:30.0191 3192 Akamai ( HiddenFile.Multi.Generic ) - warning
21:55:30.0191 3192 Akamai - detected HiddenFile.Multi.Generic (1)
21:55:30.0280 3192 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:55:30.0281 3192 ALG - ok
21:55:30.0298 3192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:55:30.0298 3192 aliide - ok
21:55:30.0329 3192 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
21:55:30.0330 3192 AMD External Events Utility - ok
21:55:30.0338 3192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:55:30.0338 3192 amdide - ok
21:55:30.0362 3192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:55:30.0363 3192 AmdK8 - ok
21:55:30.0832 3192 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:30.0872 3192 amdkmdag - ok
21:55:30.0933 3192 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:55:30.0935 3192 amdkmdap - ok
21:55:30.0953 3192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:55:30.0953 3192 AmdPPM - ok
21:55:30.0971 3192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:55:30.0972 3192 amdsata - ok
21:55:30.0992 3192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:55:30.0993 3192 amdsbs - ok
21:55:31.0012 3192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:55:31.0012 3192 amdxata - ok
21:55:31.0040 3192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:55:31.0040 3192 AppID - ok
21:55:31.0060 3192 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:55:31.0061 3192 AppIDSvc - ok
21:55:31.0086 3192 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:55:31.0086 3192 Appinfo - ok
21:55:31.0182 3192 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:31.0183 3192 Apple Mobile Device - ok
21:55:31.0218 3192 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:55:31.0220 3192 AppMgmt - ok
21:55:31.0236 3192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:55:31.0237 3192 arc - ok
21:55:31.0248 3192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:55:31.0249 3192 arcsas - ok
21:55:31.0332 3192 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:55:31.0332 3192 aspnet_state - ok
21:55:31.0346 3192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:31.0346 3192 AsyncMac - ok
21:55:31.0371 3192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:55:31.0371 3192 atapi - ok
21:55:31.0778 3192 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:31.0817 3192 atikmdag - ok
21:55:31.0934 3192 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:55:31.0938 3192 AudioEndpointBuilder - ok
21:55:31.0945 3192 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:55:31.0949 3192 AudioSrv - ok
21:55:31.0973 3192 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:55:31.0974 3192 AxInstSV - ok
21:55:32.0031 3192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:55:32.0034 3192 b06bdrv - ok
21:55:32.0059 3192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:32.0061 3192 b57nd60a - ok
21:55:32.0087 3192 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:55:32.0088 3192 BDESVC - ok
21:55:32.0094 3192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:55:32.0094 3192 Beep - ok
21:55:32.0145 3192 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:55:32.0149 3192 BFE - ok
21:55:32.0194 3192 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:55:32.0200 3192 BITS - ok
21:55:32.0217 3192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:32.0217 3192 blbdrive - ok
21:55:32.0287 3192 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:55:32.0290 3192 Bonjour Service - ok
21:55:32.0310 3192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:55:32.0311 3192 bowser - ok
21:55:32.0323 3192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:55:32.0324 3192 BrFiltLo - ok
21:55:32.0332 3192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:55:32.0332 3192 BrFiltUp - ok
21:55:32.0368 3192 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:55:32.0369 3192 Browser - ok
21:55:32.0390 3192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:55:32.0392 3192 Brserid - ok
21:55:32.0406 3192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:32.0407 3192 BrSerWdm - ok
21:55:32.0417 3192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:32.0417 3192 BrUsbMdm - ok
21:55:32.0423 3192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:32.0424 3192 BrUsbSer - ok
21:55:32.0436 3192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:55:32.0436 3192 BTHMODEM - ok
21:55:32.0468 3192 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:55:32.0469 3192 bthserv - ok
21:55:32.0487 3192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:32.0488 3192 cdfs - ok
21:55:32.0517 3192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:55:32.0518 3192 cdrom - ok
21:55:32.0547 3192 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:55:32.0548 3192 CertPropSvc - ok
21:55:32.0563 3192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:55:32.0563 3192 circlass - ok
21:55:32.0587 3192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:55:32.0589 3192 CLFS - ok
21:55:32.0644 3192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:32.0645 3192 clr_optimization_v2.0.50727_32 - ok
21:55:32.0703 3192 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:55:32.0704 3192 clr_optimization_v2.0.50727_64 - ok
21:55:32.0760 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:32.0761 3192 clr_optimization_v4.0.30319_32 - ok
21:55:32.0785 3192 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:55:32.0786 3192 clr_optimization_v4.0.30319_64 - ok
21:55:32.0794 3192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:32.0794 3192 CmBatt - ok
21:55:32.0817 3192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:55:32.0817 3192 cmdide - ok
21:55:32.0859 3192 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:55:32.0861 3192 CNG - ok
21:55:32.0885 3192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:32.0886 3192 Compbatt - ok
21:55:32.0908 3192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:55:32.0908 3192 CompositeBus - ok
21:55:32.0911 3192 COMSysApp - ok
21:55:32.0925 3192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:55:32.0925 3192 crcdisk - ok
21:55:32.0949 3192 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:55:32.0951 3192 CryptSvc - ok
21:55:32.0983 3192 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:55:32.0986 3192 CSC - ok
21:55:33.0028 3192 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:55:33.0032 3192 CscService - ok
21:55:33.0068 3192 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:55:33.0072 3192 DcomLaunch - ok
21:55:33.0112 3192 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:55:33.0114 3192 defragsvc - ok
21:55:33.0167 3192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:55:33.0168 3192 DfsC - ok
21:55:33.0187 3192 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:55:33.0190 3192 Dhcp - ok
21:55:33.0200 3192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:55:33.0201 3192 discache - ok
21:55:33.0216 3192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:55:33.0216 3192 Disk - ok
21:55:33.0240 3192 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:55:33.0241 3192 Dnscache - ok
21:55:33.0277 3192 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:55:33.0279 3192 dot3svc - ok
21:55:33.0326 3192 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:55:33.0328 3192 DPS - ok
21:55:33.0354 3192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:55:33.0355 3192 drmkaud - ok
21:55:33.0404 3192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:33.0410 3192 DXGKrnl - ok
21:55:33.0445 3192 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:55:33.0446 3192 EapHost - ok
21:55:33.0594 3192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:55:33.0613 3192 ebdrv - ok
21:55:33.0698 3192 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:55:33.0700 3192 EFS - ok
21:55:33.0760 3192 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:55:33.0764 3192 ehRecvr - ok
21:55:33.0795 3192 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:55:33.0795 3192 ehSched - ok
21:55:33.0845 3192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:55:33.0848 3192 elxstor - ok
21:55:33.0869 3192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:55:33.0869 3192 ErrDev - ok
21:55:33.0909 3192 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:55:33.0912 3192 EventSystem - ok
21:55:33.0931 3192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:55:33.0933 3192 exfat - ok
21:55:33.0952 3192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:55:33.0954 3192 fastfat - ok
21:55:34.0006 3192 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:55:34.0010 3192 Fax - ok
21:55:34.0027 3192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:55:34.0027 3192 fdc - ok
21:55:34.0034 3192 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:55:34.0035 3192 fdPHost - ok
21:55:34.0048 3192 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:55:34.0049 3192 FDResPub - ok
21:55:34.0057 3192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:55:34.0057 3192 FileInfo - ok
21:55:34.0070 3192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:55:34.0070 3192 Filetrace - ok
21:55:34.0084 3192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:34.0084 3192 flpydisk - ok
21:55:34.0121 3192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:55:34.0123 3192 FltMgr - ok
21:55:34.0192 3192 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:55:34.0199 3192 FontCache - ok
21:55:34.0280 3192 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:55:34.0281 3192 FontCache3.0.0.0 - ok
21:55:34.0318 3192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:55:34.0318 3192 FsDepends - ok
21:55:34.0341 3192 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:34.0341 3192 Fs_Rec - ok
21:55:34.0377 3192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:55:34.0378 3192 fvevol - ok
21:55:34.0392 3192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:55:34.0393 3192 gagp30kx - ok
21:55:34.0414 3192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:55:34.0415 3192 GEARAspiWDM - ok
21:55:34.0468 3192 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:55:34.0473 3192 gpsvc - ok
21:55:34.0497 3192 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys
21:55:34.0497 3192 grmnusb - ok
21:55:34.0552 3192 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:34.0553 3192 gusvc - ok
21:55:34.0563 3192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:55:34.0563 3192 hcw85cir - ok
21:55:34.0601 3192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:55:34.0603 3192 HdAudAddService - ok
21:55:34.0636 3192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:55:34.0640 3192 HDAudBus - ok
21:55:34.0643 3192 hdgnlava - ok
21:55:34.0657 3192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:55:34.0657 3192 HidBatt - ok
21:55:34.0674 3192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:55:34.0674 3192 HidBth - ok
21:55:34.0682 3192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:55:34.0683 3192 HidIr - ok
21:55:34.0711 3192 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:55:34.0712 3192 hidserv - ok
21:55:34.0721 3192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:55:34.0722 3192 HidUsb - ok
21:55:34.0745 3192 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:55:34.0746 3192 hkmsvc - ok
21:55:34.0779 3192 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:55:34.0781 3192 HomeGroupListener - ok
21:55:34.0798 3192 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:55:34.0801 3192 HomeGroupProvider - ok
21:55:34.0854 3192 HotspotShieldService (b2afa712b3cdf8ad04d85c56546bb174) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
21:55:34.0855 3192 HotspotShieldService - ok
21:55:34.0885 3192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:55:34.0886 3192 HpSAMD - ok
21:55:34.0906 3192 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
21:55:34.0907 3192 HssDrv - ok
21:55:34.0961 3192 HssSrv (b8b90bb7011556691d432aaecaa0d26c) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
21:55:34.0963 3192 HssSrv - ok
21:55:34.0990 3192 HssTrayService (8faab97946600e312cb3398061ad3059) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
21:55:34.0991 3192 HssTrayService - ok
21:55:34.0993 3192 HssWd - ok
21:55:35.0047 3192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:55:35.0051 3192 HTTP - ok
21:55:35.0073 3192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:55:35.0073 3192 hwpolicy - ok
21:55:35.0085 3192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:55:35.0086 3192 i8042prt - ok
21:55:35.0148 3192 IAANTMON (549275dc1004e09f92167b98b0ce63fe) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:55:35.0150 3192 IAANTMON - ok
21:55:35.0188 3192 iaStor (f27742d576f355972c94952671658dc2) C:\Windows\system32\DRIVERS\iaStor.sys
21:55:35.0191 3192 iaStor - ok
21:55:35.0224 3192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:55:35.0227 3192 iaStorV - ok
21:55:35.0266 3192 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:55:35.0267 3192 IDriverT - ok
21:55:35.0369 3192 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:55:35.0374 3192 idsvc - ok
21:55:35.0464 3192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:55:35.0465 3192 iirsp - ok
21:55:35.0524 3192 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:55:35.0529 3192 IKEEXT - ok
21:55:35.0532 3192 iktydhah - ok
21:55:35.0563 3192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:55:35.0564 3192 intelide - ok
21:55:35.0571 3192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:35.0572 3192 intelppm - ok
21:55:35.0594 3192 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:55:35.0596 3192 IPBusEnum - ok
21:55:35.0618 3192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:35.0619 3192 IpFilterDriver - ok
21:55:35.0663 3192 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:55:35.0667 3192 iphlpsvc - ok
21:55:35.0676 3192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:55:35.0677 3192 IPMIDRV - ok
21:55:35.0694 3192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:55:35.0694 3192 IPNAT - ok
21:55:35.0781 3192 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:55:35.0786 3192 iPod Service - ok
21:55:35.0798 3192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:55:35.0799 3192 IRENUM - ok
21:55:35.0811 3192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:55:35.0811 3192 isapnp - ok
21:55:35.0832 3192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:55:35.0833 3192 iScsiPrt - ok
21:55:35.0894 3192 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:55:35.0895 3192 ISODrive - ok
21:55:35.0905 3192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:55:35.0905 3192 kbdclass - ok
21:55:35.0926 3192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:55:35.0927 3192 kbdhid - ok
21:55:35.0943 3192 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:35.0944 3192 KeyIso - ok
21:55:35.0957 3192 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:55:35.0958 3192 KSecDD - ok
21:55:35.0971 3192 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:55:35.0972 3192 KSecPkg - ok
21:55:35.0981 3192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:55:35.0981 3192 ksthunk - ok
21:55:36.0018 3192 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:55:36.0021 3192 KtmRm - ok
21:55:36.0055 3192 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:55:36.0058 3192 LanmanServer - ok
21:55:36.0085 3192 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:55:36.0088 3192 LanmanWorkstation - ok
21:55:36.0108 3192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:36.0108 3192 lltdio - ok
21:55:36.0130 3192 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:55:36.0133 3192 lltdsvc - ok
21:55:36.0148 3192 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:55:36.0150 3192 lmhosts - ok
21:55:36.0169 3192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:55:36.0170 3192 LSI_FC - ok
21:55:36.0182 3192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:55:36.0182 3192 LSI_SAS - ok
21:55:36.0196 3192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:55:36.0197 3192 LSI_SAS2 - ok
21:55:36.0212 3192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:55:36.0213 3192 LSI_SCSI - ok
21:55:36.0229 3192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:55:36.0230 3192 luafv - ok
21:55:36.0252 3192 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:55:36.0252 3192 LVPr2M64 - ok
21:55:36.0254 3192 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:55:36.0255 3192 LVPr2Mon - ok
21:55:36.0292 3192 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:55:36.0294 3192 LVRS64 - ok
21:55:36.0516 3192 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:55:36.0542 3192 LVUVC64 - ok
21:55:36.0658 3192 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:55:36.0658 3192 MBAMProtector - ok
21:55:36.0713 3192 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:55:36.0717 3192 MBAMService - ok
21:55:36.0738 3192 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:55:36.0740 3192 Mcx2Svc - ok
21:55:36.0769 3192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:55:36.0770 3192 megasas - ok
21:55:36.0791 3192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:55:36.0793 3192 MegaSR - ok
21:55:36.0811 3192 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\2DB9.tmp
21:55:36.0812 3192 MEMSWEEP2 - ok
21:55:36.0871 3192 Microsoft SharePoint Workspace Audit Service - ok
21:55:36.0892 3192 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:55:36.0894 3192 MMCSS - ok
21:55:36.0905 3192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:55:36.0905 3192 Modem - ok
21:55:36.0930 3192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:55:36.0931 3192 monitor - ok
21:55:36.0951 3192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:55:36.0952 3192 mouclass - ok
21:55:36.0959 3192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:36.0959 3192 mouhid - ok
21:55:36.0997 3192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:55:36.0998 3192 mountmgr - ok
21:55:37.0030 3192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:55:37.0031 3192 mpio - ok
21:55:37.0049 3192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:55:37.0050 3192 mpsdrv - ok
21:55:37.0114 3192 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:55:37.0120 3192 MpsSvc - ok
21:55:37.0160 3192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:55:37.0161 3192 MRxDAV - ok
21:55:37.0189 3192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:37.0190 3192 mrxsmb - ok
21:55:37.0227 3192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:37.0229 3192 mrxsmb10 - ok
21:55:37.0262 3192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:37.0263 3192 mrxsmb20 - ok
21:55:37.0272 3192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:55:37.0272 3192 msahci - ok
21:55:37.0289 3192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:55:37.0291 3192 msdsm - ok
21:55:37.0317 3192 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:55:37.0319 3192 MSDTC - ok
21:55:37.0335 3192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:55:37.0335 3192 Msfs - ok
21:55:37.0344 3192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:55:37.0345 3192 mshidkmdf - ok
21:55:37.0368 3192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:55:37.0368 3192 msisadrv - ok
21:55:37.0398 3192 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:55:37.0400 3192 MSiSCSI - ok
21:55:37.0403 3192 msiserver - ok
21:55:37.0414 3192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:37.0415 3192 MSKSSRV - ok
21:55:37.0427 3192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:37.0427 3192 MSPCLOCK - ok
21:55:37.0431 3192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:55:37.0431 3192 MSPQM - ok
21:55:37.0467 3192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:55:37.0470 3192 MsRPC - ok
21:55:37.0485 3192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:55:37.0486 3192 mssmbios - ok
21:55:37.0501 3192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:55:37.0502 3192 MSTEE - ok
21:55:37.0509 3192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:55:37.0510 3192 MTConfig - ok
21:55:37.0524 3192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:55:37.0525 3192 Mup - ok
21:55:37.0556 3192 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:55:37.0560 3192 napagent - ok
21:55:37.0587 3192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:37.0589 3192 NativeWifiP - ok
21:55:37.0669 3192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:55:37.0674 3192 NDIS - ok
21:55:37.0693 3192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:37.0694 3192 NdisCap - ok
21:55:37.0702 3192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:37.0703 3192 NdisTapi - ok
21:55:37.0728 3192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:37.0729 3192 Ndisuio - ok
21:55:37.0764 3192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:37.0766 3192 NdisWan - ok
21:55:37.0788 3192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:55:37.0789 3192 NDProxy - ok
21:55:37.0799 3192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:55:37.0799 3192 NetBIOS - ok
21:55:37.0820 3192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:55:37.0821 3192 NetBT - ok
21:55:37.0841 3192 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:37.0842 3192 Netlogon - ok
21:55:37.0892 3192 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:55:37.0894 3192 Netman - ok
21:55:37.0981 3192 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:37.0982 3192 NetMsmqActivator - ok
21:55:37.0985 3192 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:37.0986 3192 NetPipeActivator - ok
21:55:38.0017 3192 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:55:38.0021 3192 netprofm - ok
21:55:38.0024 3192 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:38.0025 3192 NetTcpActivator - ok
21:55:38.0028 3192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:38.0029 3192 NetTcpPortSharing - ok
21:55:38.0073 3192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:55:38.0073 3192 nfrd960 - ok
21:55:38.0096 3192 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:55:38.0099 3192 NlaSvc - ok
21:55:38.0162 3192 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
21:55:38.0163 3192 nlsX86cc - ok
21:55:38.0234 3192 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
21:55:38.0235 3192 NMSAccessU - ok
21:55:38.0245 3192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:55:38.0245 3192 Npfs - ok
21:55:38.0255 3192 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:55:38.0257 3192 nsi - ok
21:55:38.0272 3192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:55:38.0273 3192 nsiproxy - ok
21:55:38.0366 3192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:55:38.0376 3192 Ntfs - ok
21:55:38.0442 3192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:55:38.0442 3192 Null - ok
21:55:38.0468 3192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:55:38.0469 3192 nvraid - ok
21:55:38.0496 3192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:55:38.0497 3192 nvstor - ok
21:55:38.0524 3192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:55:38.0525 3192 nv_agp - ok
21:55:38.0540 3192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:55:38.0541 3192 ohci1394 - ok
21:55:38.0574 3192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:38.0574 3192 ose - ok
21:55:38.0857 3192 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:55:38.0879 3192 osppsvc - ok
21:55:38.0946 3192 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:55:38.0949 3192 p2pimsvc - ok
21:55:38.0991 3192 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:55:38.0995 3192 p2psvc - ok
21:55:39.0039 3192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:55:39.0040 3192 Parport - ok
21:55:39.0071 3192 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:55:39.0071 3192 partmgr - ok
21:55:39.0092 3192 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:55:39.0095 3192 PcaSvc - ok
21:55:39.0127 3192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:55:39.0128 3192 pci - ok
21:55:39.0140 3192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:55:39.0140 3192 pciide - ok
21:55:39.0161 3192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:55:39.0163 3192 pcmcia - ok
21:55:39.0172 3192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:55:39.0173 3192 pcw - ok
21:55:39.0212 3192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:55:39.0216 3192 PEAUTH - ok
21:55:39.0296 3192 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:55:39.0305 3192 PeerDistSvc - ok
21:55:39.0365 3192 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:55:39.0366 3192 PerfHost - ok
21:55:39.0488 3192 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:55:39.0497 3192 pla - ok
21:55:39.0532 3192 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:55:39.0536 3192 PlugPlay - ok
21:55:39.0554 3192 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:55:39.0556 3192 PNRPAutoReg - ok
21:55:39.0582 3192 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:55:39.0585 3192 PNRPsvc - ok
21:55:39.0621 3192 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
21:55:39.0622 3192 Point64 - ok
21:55:39.0671 3192 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:55:39.0675 3192 PolicyAgent - ok
21:55:39.0699 3192 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:55:39.0702 3192 Power - ok
21:55:39.0730 3192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:39.0730 3192 PptpMiniport - ok
21:55:39.0757 3192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:55:39.0757 3192 Processor - ok
21:55:39.0775 3192 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:55:39.0778 3192 ProfSvc - ok
21:55:39.0802 3192 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:39.0803 3192 ProtectedStorage - ok
21:55:39.0827 3192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:55:39.0828 3192 Psched - ok
21:55:39.0852 3192 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
21:55:39.0852 3192 PSI - ok
21:55:39.0883 3192 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:55:39.0883 3192 PxHlpa64 - ok
21:55:39.0962 3192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:55:39.0968 3192 ql2300 - ok
21:55:40.0045 3192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:55:40.0046 3192 ql40xx - ok
21:55:40.0082 3192 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:55:40.0085 3192 QWAVE - ok
21:55:40.0098 3192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:55:40.0098 3192 QWAVEdrv - ok
21:55:40.0111 3192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:40.0111 3192 RasAcd - ok
21:55:40.0136 3192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:40.0137 3192 RasAgileVpn - ok
21:55:40.0151 3192 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:55:40.0153 3192 RasAuto - ok
21:55:40.0175 3192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:40.0176 3192 Rasl2tp - ok
21:55:40.0212 3192 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:55:40.0216 3192 RasMan - ok
21:55:40.0233 3192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:40.0234 3192 RasPppoe - ok
21:55:40.0248 3192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:40.0248 3192 RasSstp - ok
21:55:40.0291 3192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:40.0293 3192 rdbss - ok
21:55:40.0307 3192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:55:40.0307 3192 rdpbus - ok
21:55:40.0314 3192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:40.0315 3192 RDPCDD - ok
21:55:40.0342 3192 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:55:40.0343 3192 RDPDR - ok
21:55:40.0354 3192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:55:40.0354 3192 RDPENCDD - ok
21:55:40.0361 3192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:55:40.0361 3192 RDPREFMP - ok
21:55:40.0385 3192 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:55:40.0385 3192 RdpVideoMiniport - ok
21:55:40.0420 3192 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:55:40.0422 3192 RDPWD - ok
21:55:40.0455 3192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:55:40.0457 3192 rdyboost - ok
21:55:40.0485 3192 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:55:40.0487 3192 RemoteAccess - ok
21:55:40.0502 3192 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:55:40.0504 3192 RemoteRegistry - ok
21:55:40.0523 3192 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:55:40.0525 3192 RpcEptMapper - ok
21:55:40.0537 3192 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:55:40.0539 3192 RpcLocator - ok
21:55:40.0586 3192 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:55:40.0590 3192 RpcSs - ok
21:55:40.0603 3192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:40.0604 3192 rspndr - ok
21:55:40.0647 3192 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:55:40.0649 3192 RTL8167 - ok
21:55:40.0682 3192 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:55:40.0682 3192 RTL8169 - ok
21:55:40.0702 3192 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:55:40.0703 3192 RtNdPt60 - ok
21:55:40.0711 3192 RTTEAMPT (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:55:40.0712 3192 RTTEAMPT - ok
21:55:40.0727 3192 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:55:40.0728 3192 RTVLANPT - ok
21:55:40.0749 3192 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:55:40.0750 3192 s3cap - ok
21:55:40.0771 3192 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:40.0772 3192 SamSs - ok
21:55:40.0845 3192 SbieDrv (0fe05dd9bbf0782e2bbf0977f2034616) C:\Program Files\Sandboxie\SbieDrv.sys
21:55:40.0846 3192 SbieDrv - ok
21:55:40.0869 3192 SbieSvc (c970c7b2fd2e811525d4578d50b535f5) C:\Program Files\Sandboxie\SbieSvc.exe
21:55:40.0870 3192 SbieSvc - ok
21:55:40.0888 3192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:55:40.0889 3192 sbp2port - ok
21:55:40.0919 3192 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:55:40.0921 3192 SCardSvr - ok
21:55:40.0942 3192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:55:40.0942 3192 scfilter - ok
21:55:41.0012 3192 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:55:41.0020 3192 Schedule - ok
21:55:41.0051 3192 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:55:41.0052 3192 SCPolicySvc - ok
21:55:41.0079 3192 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:55:41.0082 3192 SDRSVC - ok
21:55:41.0134 3192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:55:41.0134 3192 secdrv - ok
21:55:41.0151 3192 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:55:41.0153 3192 seclogon - ok
21:55:41.0244 3192 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:55:41.0250 3192 Secunia PSI Agent - ok
21:55:41.0281 3192 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe
21:55:41.0283 3192 Secunia Update Agent - ok
21:55:41.0362 3192 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:55:41.0364 3192 SENS - ok
21:55:41.0377 3192 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:55:41.0379 3192 SensrSvc - ok
21:55:41.0390 3192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:55:41.0391 3192 Serenum - ok
21:55:41.0409 3192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:55:41.0410 3192 Serial - ok
21:55:41.0433 3192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:55:41.0434 3192 sermouse - ok
21:55:41.0468 3192 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:55:41.0470 3192 SessionEnv - ok
21:55:41.0495 3192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:55:41.0496 3192 sffdisk - ok
21:55:41.0507 3192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:41.0507 3192 sffp_mmc - ok
21:55:41.0511 3192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:55:41.0511 3192 sffp_sd - ok
21:55:41.0529 3192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:55:41.0530 3192 sfloppy - ok
21:55:41.0570 3192 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:55:41.0573 3192 SharedAccess - ok
21:55:41.0604 3192 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:55:41.0608 3192 ShellHWDetection - ok
21:55:41.0618 3192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:55:41.0619 3192 SiSRaid2 - ok
21:55:41.0631 3192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:55:41.0632 3192 SiSRaid4 - ok
21:55:41.0695 3192 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:41.0696 3192 SkypeUpdate - ok
21:55:41.0717 3192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:55:41.0718 3192 Smb - ok
21:55:41.0739 3192 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:55:41.0741 3192 SNMPTRAP - ok
21:55:41.0752 3192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:55:41.0753 3192 spldr - ok
21:55:41.0789 3192 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:55:41.0794 3192 Spooler - ok
21:55:41.0978 3192 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:55:41.0998 3192 sppsvc - ok
21:55:42.0067 3192 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:55:42.0069 3192 sppuinotify - ok
21:55:42.0132 3192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:55:42.0134 3192 srv - ok
21:55:42.0171 3192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:55:42.0173 3192 srv2 - ok
21:55:42.0189 3192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:42.0190 3192 srvnet - ok
21:55:42.0212 3192 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:55:42.0214 3192 SSDPSRV - ok
21:55:42.0224 3192 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:55:42.0227 3192 SstpSvc - ok
21:55:42.0242 3192 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:55:42.0242 3192 StarOpen - ok
21:55:42.0271 3192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:55:42.0272 3192 stexstor - ok
21:55:42.0324 3192 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:55:42.0329 3192 stisvc - ok
21:55:42.0356 3192 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:55:42.0356 3192 storflt - ok
21:55:42.0364 3192 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:55:42.0365 3192 storvsc - ok
21:55:42.0419 3192 STRATO HiDrive Service (a4533f6ee3dca68be5671c0571384e3a) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
21:55:42.0420 3192 STRATO HiDrive Service - ok
21:55:42.0443 3192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:55:42.0443 3192 swenum - ok
21:55:42.0514 3192 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:55:42.0518 3192 SwitchBoard - ok
21:55:42.0554 3192 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:55:42.0559 3192 swprv - ok
21:55:42.0564 3192 Synth3dVsc - ok
21:55:42.0666 3192 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:55:42.0677 3192 SysMain - ok
21:55:42.0755 3192 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:55:42.0757 3192 TabletInputService - ok
21:55:42.0793 3192 tap0901 (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
21:55:42.0794 3192 tap0901 - ok
21:55:42.0820 3192 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:55:42.0820 3192 taphss - ok
21:55:42.0862 3192 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:55:42.0865 3192 TapiSrv - ok
21:55:42.0888 3192 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:55:42.0891 3192 TBS - ok
21:55:43.0007 3192 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:55:43.0018 3192 Tcpip - ok
21:55:43.0119 3192 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:43.0130 3192 TCPIP6 - ok
21:55:43.0187 3192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:55:43.0188 3192 tcpipreg - ok
21:55:43.0209 3192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:55:43.0209 3192 TDPIPE - ok
21:55:43.0232 3192 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:55:43.0232 3192 TDTCP - ok
21:55:43.0262 3192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:55:43.0263 3192 tdx - ok
21:55:43.0290 3192 TEAM (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:55:43.0290 3192 TEAM - ok
21:55:43.0489 3192 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:55:43.0506 3192 TeamViewer7 - ok
21:55:43.0551 3192 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:55:43.0551 3192 teamviewervpn - ok
21:55:43.0576 3192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:55:43.0576 3192 TermDD - ok
21:55:43.0634 3192 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:55:43.0639 3192 TermService - ok
21:55:43.0661 3192 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:55:43.0663 3192 Themes - ok
21:55:43.0692 3192 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:55:43.0693 3192 THREADORDER - ok
21:55:43.0711 3192 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:55:43.0713 3192 TrkWks - ok
21:55:43.0746 3192 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
21:55:43.0748 3192 truecrypt - ok
21:55:43.0805 3192 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:55:43.0806 3192 TrustedInstaller - ok
21:55:43.0829 3192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:43.0830 3192 tssecsrv - ok
21:55:43.0853 3192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:55:43.0854 3192 TsUsbFlt - ok
21:55:43.0857 3192 tsusbhub - ok
21:55:43.0888 3192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:43.0889 3192 tunnel - ok
21:55:43.0916 3192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:55:43.0917 3192 uagp35 - ok
21:55:43.0955 3192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:55:43.0957 3192 udfs - ok
21:55:43.0977 3192 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:55:43.0979 3192 UI0Detect - ok
21:55:43.0991 3192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:55:43.0992 3192 uliagpkx - ok
21:55:44.0017 3192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:55:44.0018 3192 umbus - ok
21:55:44.0030 3192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:55:44.0030 3192 UmPass - ok
21:55:44.0069 3192 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:55:44.0071 3192 UmRdpService - ok
21:55:44.0166 3192 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:55:44.0168 3192 UMVPFSrv - ok
21:55:44.0193 3192 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:55:44.0196 3192 upnphost - ok
21:55:44.0208 3192 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:55:44.0208 3192 USBAAPL64 - ok
21:55:44.0231 3192 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:55:44.0232 3192 usbaudio - ok
21:55:44.0251 3192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:44.0252 3192 usbccgp - ok
21:55:44.0277 3192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:55:44.0278 3192 usbcir - ok
21:55:44.0301 3192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:55:44.0301 3192 usbehci - ok
21:55:44.0325 3192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:44.0327 3192 usbhub - ok
21:55:44.0343 3192 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:55:44.0343 3192 usbohci - ok
21:55:44.0348 3192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:55:44.0348 3192 usbprint - ok
21:55:44.0367 3192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:44.0368 3192 USBSTOR - ok
21:55:44.0382 3192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:55:44.0382 3192 usbuhci - ok
21:55:44.0407 3192 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:55:44.0408 3192 UxSms - ok
21:55:44.0424 3192 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:44.0425 3192 VaultSvc - ok
21:55:44.0431 3192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:55:44.0431 3192 vdrvroot - ok
21:55:44.0478 3192 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:55:44.0481 3192 vds - ok
21:55:44.0496 3192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:44.0496 3192 vga - ok
21:55:44.0510 3192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:55:44.0511 3192 VgaSave - ok
21:55:44.0513 3192 VGPU - ok
21:55:44.0536 3192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:55:44.0537 3192 vhdmp - ok
21:55:44.0544 3192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:55:44.0544 3192 viaide - ok
21:55:44.0572 3192 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:55:44.0572 3192 VLAN - ok
21:55:44.0590 3192 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:55:44.0591 3192 vmbus - ok
21:55:44.0603 3192 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:55:44.0603 3192 VMBusHID - ok
21:55:44.0612 3192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:55:44.0613 3192 volmgr - ok
21:55:44.0648 3192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:55:44.0650 3192 volmgrx - ok
21:55:44.0676 3192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:55:44.0677 3192 volsnap - ok
21:55:44.0692 3192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:55:44.0693 3192 vsmraid - ok
21:55:44.0772 3192 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:55:44.0780 3192 VSS - ok
21:55:44.0876 3192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:55:44.0876 3192 vwifibus - ok
21:55:44.0924 3192 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:55:44.0926 3192 W32Time - ok
21:55:44.0936 3192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:55:44.0936 3192 WacomPen - ok
21:55:44.0954 3192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:44.0955 3192 WANARP - ok
21:55:44.0957 3192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:44.0957 3192 Wanarpv6 - ok
21:55:45.0034 3192 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:55:45.0039 3192 WatAdminSvc - ok
21:55:45.0120 3192 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:55:45.0128 3192 wbengine - ok
21:55:45.0183 3192 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:55:45.0185 3192 WbioSrvc - ok
21:55:45.0223 3192 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:55:45.0226 3192 wcncsvc - ok
21:55:45.0235 3192 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:55:45.0237 3192 WcsPlugInService - ok
21:55:45.0257 3192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:55:45.0258 3192 Wd - ok
21:55:45.0297 3192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:55:45.0299 3192 Wdf01000 - ok
21:55:45.0312 3192 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:55:45.0314 3192 WdiServiceHost - ok
21:55:45.0315 3192 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:55:45.0317 3192 WdiSystemHost - ok
21:55:45.0351 3192 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:55:45.0353 3192 WebClient - ok
21:55:45.0374 3192 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:55:45.0377 3192 Wecsvc - ok
21:55:45.0389 3192 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:55:45.0391 3192 wercplsupport - ok
21:55:45.0405 3192 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:55:45.0407 3192 WerSvc - ok
21:55:45.0417 3192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:45.0418 3192 WfpLwf - ok
21:55:45.0432 3192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:55:45.0432 3192 WIMMount - ok
21:55:45.0477 3192 WinDefend - ok
21:55:45.0482 3192 WinHttpAutoProxySvc - ok
21:55:45.0537 3192 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:55:45.0538 3192 Winmgmt - ok
21:55:45.0660 3192 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:55:45.0669 3192 WinRM - ok
21:55:45.0754 3192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:45.0755 3192 WinUsb - ok
21:55:45.0824 3192 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:55:45.0830 3192 Wlansvc - ok
21:55:45.0852 3192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:55:45.0852 3192 WmiAcpi - ok
21:55:45.0877 3192 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:55:45.0879 3192 wmiApSrv - ok
21:55:45.0925 3192 WMPNetworkSvc - ok
21:55:45.0942 3192 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:55:45.0945 3192 WPCSvc - ok
21:55:45.0978 3192 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:55:45.0981 3192 WPDBusEnum - ok
21:55:46.0002 3192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:46.0002 3192 ws2ifsl - ok
21:55:46.0020 3192 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:55:46.0023 3192 wscsvc - ok
21:55:46.0026 3192 WSearch - ok
21:55:46.0153 3192 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:55:46.0164 3192 wuauserv - ok
21:55:46.0253 3192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:55:46.0254 3192 WudfPf - ok
21:55:46.0274 3192 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:55:46.0276 3192 wudfsvc - ok
21:55:46.0301 3192 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:55:46.0304 3192 WwanSvc - ok
21:55:46.0328 3192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:55:46.0628 3192 \Device\Harddisk0\DR0 - ok
21:55:46.0630 3192 Boot (0x1200) (0bad36234d44da07ecd9352cabff905d) \Device\Harddisk0\DR0\Partition0
21:55:46.0635 3192 \Device\Harddisk0\DR0\Partition0 - ok
21:55:46.0647 3192 Boot (0x1200) (777b13c19d7df68449108280f2a13010) \Device\Harddisk0\DR0\Partition1
21:55:46.0648 3192 \Device\Harddisk0\DR0\Partition1 - ok
21:55:46.0662 3192 Boot (0x1200) (2bb9fa725471a7211fc6a271a3451b14) \Device\Harddisk0\DR0\Partition2
21:55:46.0663 3192 \Device\Harddisk0\DR0\Partition2 - ok
21:55:46.0691 3192 Boot (0x1200) (886e4e72fb1c452c861462f8cfa669af) \Device\Harddisk0\DR0\Partition3
21:55:46.0692 3192 \Device\Harddisk0\DR0\Partition3 - ok
21:55:46.0692 3192 ============================================================
21:55:46.0692 3192 Scan finished
21:55:46.0692 3192 ============================================================
21:55:46.0700 5008 Detected object count: 1
21:55:46.0700 5008 Actual detected object count: 1
21:55:54.0884 5008 c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll - copied to quarantine
21:55:54.0885 5008 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine
21:56:27.0397 3308 Deinitialize success
|
|
16.06.2012, 22:08
| #12 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund TDSS Killer-Log: Code:
ATTFilter 21:53:44.0955 2600 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:53:45.0041 2600 ============================================================
21:53:45.0041 2600 Current date / time: 2012/06/06 21:53:45.0041
21:53:45.0041 2600 SystemInfo:
21:53:45.0041 2600
21:53:45.0041 2600 OS Version: 6.1.7601 ServicePack: 1.0
21:53:45.0041 2600 Product type: Workstation
21:53:45.0042 2600 ComputerName: FH-PC
21:53:45.0042 2600 UserName: FH
21:53:45.0042 2600 Windows directory: C:\Windows
21:53:45.0042 2600 System windows directory: C:\Windows
21:53:45.0042 2600 Running under WOW64
21:53:45.0042 2600 Processor architecture: Intel x64
21:53:45.0042 2600 Number of processors: 2
21:53:45.0042 2600 Page size: 0x1000
21:53:45.0042 2600 Boot type: Normal boot
21:53:45.0042 2600 ============================================================
21:53:45.0294 2600 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
21:53:45.0303 2600 ============================================================
21:53:45.0303 2600 \Device\Harddisk0\DR0:
21:53:45.0304 2600 MBR partitions:
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
21:53:45.0304 2600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x55EBD000
21:53:45.0328 2600 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x683B5800, BlocksNum 0xC350000
21:53:45.0328 2600 ============================================================
21:53:45.0391 2600 C: <-> \Device\Harddisk0\DR0\Partition1
21:53:45.0421 2600 D: <-> \Device\Harddisk0\DR0\Partition2
21:53:45.0450 2600 Z: <-> \Device\Harddisk0\DR0\Partition3
21:53:45.0450 2600 ============================================================
21:53:45.0450 2600 Initialize success
21:53:45.0450 2600 ============================================================
21:54:06.0527 2728 ============================================================
21:54:06.0527 2728 Scan started
21:54:06.0527 2728 Mode: Manual; SigCheck; TDLFS;
21:54:06.0527 2728 ============================================================
21:54:07.0172 2728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:54:07.0227 2728 1394ohci - ok
21:54:07.0280 2728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:54:07.0298 2728 ACPI - ok
21:54:07.0329 2728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:54:07.0349 2728 AcpiPmi - ok
21:54:07.0453 2728 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:54:07.0464 2728 AdobeARMservice - ok
21:54:07.0572 2728 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:54:07.0585 2728 AdobeFlashPlayerUpdateSvc - ok
21:54:07.0635 2728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:54:07.0651 2728 adp94xx - ok
21:54:07.0682 2728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:54:07.0694 2728 adpahci - ok
21:54:07.0708 2728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:54:07.0718 2728 adpu320 - ok
21:54:07.0750 2728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:54:07.0788 2728 AeLookupSvc - ok
21:54:07.0854 2728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:54:07.0888 2728 AFD - ok
21:54:07.0929 2728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:54:07.0942 2728 agp440 - ok
21:54:08.0181 2728 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
21:54:08.0181 2728 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
21:54:08.0187 2728 Akamai ( HiddenFile.Multi.Generic ) - warning
21:54:08.0188 2728 Akamai - detected HiddenFile.Multi.Generic (1)
21:54:08.0281 2728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:54:08.0309 2728 ALG - ok
21:54:08.0366 2728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:54:08.0378 2728 aliide - ok
21:54:08.0431 2728 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
21:54:08.0459 2728 AMD External Events Utility - ok
21:54:08.0472 2728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:54:08.0485 2728 amdide - ok
21:54:08.0505 2728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:54:08.0541 2728 AmdK8 - ok
21:54:08.0972 2728 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:54:09.0072 2728 amdkmdag - ok
21:54:09.0216 2728 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:54:09.0240 2728 amdkmdap - ok
21:54:09.0262 2728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:54:09.0277 2728 AmdPPM - ok
21:54:09.0297 2728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:54:09.0311 2728 amdsata - ok
21:54:09.0343 2728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:54:09.0358 2728 amdsbs - ok
21:54:09.0379 2728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:54:09.0391 2728 amdxata - ok
21:54:09.0457 2728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:54:09.0512 2728 AppID - ok
21:54:09.0536 2728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:54:09.0580 2728 AppIDSvc - ok
21:54:09.0611 2728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:54:09.0651 2728 Appinfo - ok
21:54:09.0756 2728 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:54:09.0766 2728 Apple Mobile Device - ok
21:54:09.0817 2728 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:54:09.0841 2728 AppMgmt - ok
21:54:09.0862 2728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:54:09.0876 2728 arc - ok
21:54:09.0883 2728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:54:09.0895 2728 arcsas - ok
21:54:09.0979 2728 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:54:09.0990 2728 aspnet_state - ok
21:54:10.0010 2728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:54:10.0051 2728 AsyncMac - ok
21:54:10.0077 2728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:54:10.0085 2728 atapi - ok
21:54:10.0513 2728 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:54:10.0601 2728 atikmdag - ok
21:54:10.0731 2728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:54:10.0780 2728 AudioEndpointBuilder - ok
21:54:10.0785 2728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:54:10.0815 2728 AudioSrv - ok
21:54:10.0857 2728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:54:10.0890 2728 AxInstSV - ok
21:54:10.0968 2728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:54:10.0996 2728 b06bdrv - ok
21:54:11.0039 2728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:54:11.0064 2728 b57nd60a - ok
21:54:11.0100 2728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:54:11.0121 2728 BDESVC - ok
21:54:11.0139 2728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:54:11.0185 2728 Beep - ok
21:54:11.0241 2728 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:54:11.0299 2728 BFE - ok
21:54:11.0344 2728 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:54:11.0392 2728 BITS - ok
21:54:11.0436 2728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:54:11.0462 2728 blbdrive - ok
21:54:11.0571 2728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:54:11.0586 2728 Bonjour Service - ok
21:54:11.0619 2728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:54:11.0628 2728 bowser - ok
21:54:11.0639 2728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:54:11.0662 2728 BrFiltLo - ok
21:54:11.0681 2728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:54:11.0701 2728 BrFiltUp - ok
21:54:11.0734 2728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:54:11.0784 2728 Browser - ok
21:54:11.0812 2728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:54:11.0834 2728 Brserid - ok
21:54:11.0862 2728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:54:11.0886 2728 BrSerWdm - ok
21:54:11.0897 2728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:54:11.0924 2728 BrUsbMdm - ok
21:54:11.0937 2728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:54:11.0953 2728 BrUsbSer - ok
21:54:11.0982 2728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:54:12.0003 2728 BTHMODEM - ok
21:54:12.0040 2728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:54:12.0066 2728 bthserv - ok
21:54:12.0084 2728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:54:12.0121 2728 cdfs - ok
21:54:12.0163 2728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:54:12.0190 2728 cdrom - ok
21:54:12.0227 2728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:54:12.0277 2728 CertPropSvc - ok
21:54:12.0300 2728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:54:12.0313 2728 circlass - ok
21:54:12.0353 2728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:54:12.0371 2728 CLFS - ok
21:54:12.0422 2728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:54:12.0429 2728 clr_optimization_v2.0.50727_32 - ok
21:54:12.0476 2728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:54:12.0487 2728 clr_optimization_v2.0.50727_64 - ok
21:54:12.0537 2728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:54:12.0548 2728 clr_optimization_v4.0.30319_32 - ok
21:54:12.0570 2728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:54:12.0582 2728 clr_optimization_v4.0.30319_64 - ok
21:54:12.0588 2728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:54:12.0615 2728 CmBatt - ok
21:54:12.0636 2728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:54:12.0648 2728 cmdide - ok
21:54:12.0687 2728 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:54:12.0713 2728 CNG - ok
21:54:12.0738 2728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:54:12.0746 2728 Compbatt - ok
21:54:12.0776 2728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:54:12.0788 2728 CompositeBus - ok
21:54:12.0800 2728 COMSysApp - ok
21:54:12.0810 2728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:54:12.0819 2728 crcdisk - ok
21:54:12.0854 2728 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:54:12.0899 2728 CryptSvc - ok
21:54:12.0943 2728 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:54:12.0969 2728 CSC - ok
21:54:13.0015 2728 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:54:13.0037 2728 CscService - ok
21:54:13.0085 2728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:54:13.0142 2728 DcomLaunch - ok
21:54:13.0178 2728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:54:13.0214 2728 defragsvc - ok
21:54:13.0265 2728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:54:13.0315 2728 DfsC - ok
21:54:13.0354 2728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:54:13.0381 2728 Dhcp - ok
21:54:13.0405 2728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:54:13.0445 2728 discache - ok
21:54:13.0471 2728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:54:13.0480 2728 Disk - ok
21:54:13.0510 2728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:54:13.0530 2728 Dnscache - ok
21:54:13.0564 2728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:54:13.0602 2728 dot3svc - ok
21:54:13.0631 2728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:54:13.0675 2728 DPS - ok
21:54:13.0708 2728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:54:13.0726 2728 drmkaud - ok
21:54:13.0795 2728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:54:13.0822 2728 DXGKrnl - ok
21:54:13.0847 2728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:54:13.0884 2728 EapHost - ok
21:54:14.0043 2728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:54:14.0092 2728 ebdrv - ok
21:54:14.0178 2728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:54:14.0206 2728 EFS - ok
21:54:14.0264 2728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:54:14.0293 2728 ehRecvr - ok
21:54:14.0324 2728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:54:14.0339 2728 ehSched - ok
21:54:14.0403 2728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:54:14.0423 2728 elxstor - ok
21:54:14.0448 2728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:54:14.0466 2728 ErrDev - ok
21:54:14.0526 2728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:54:14.0576 2728 EventSystem - ok
21:54:14.0594 2728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:54:14.0629 2728 exfat - ok
21:54:14.0648 2728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:54:14.0685 2728 fastfat - ok
21:54:14.0751 2728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:54:14.0782 2728 Fax - ok
21:54:14.0796 2728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:54:14.0823 2728 fdc - ok
21:54:14.0852 2728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:54:14.0900 2728 fdPHost - ok
21:54:14.0916 2728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:54:14.0950 2728 FDResPub - ok
21:54:14.0966 2728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:54:14.0975 2728 FileInfo - ok
21:54:14.0988 2728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:54:15.0013 2728 Filetrace - ok
21:54:15.0027 2728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:54:15.0036 2728 flpydisk - ok
21:54:15.0064 2728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:54:15.0075 2728 FltMgr - ok
21:54:15.0146 2728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:54:15.0174 2728 FontCache - ok
21:54:15.0246 2728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:54:15.0255 2728 FontCache3.0.0.0 - ok
21:54:15.0292 2728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:54:15.0305 2728 FsDepends - ok
21:54:15.0331 2728 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:54:15.0343 2728 Fs_Rec - ok
21:54:15.0384 2728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:54:15.0403 2728 fvevol - ok
21:54:15.0424 2728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:54:15.0433 2728 gagp30kx - ok
21:54:15.0462 2728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:54:15.0468 2728 GEARAspiWDM - ok
21:54:15.0532 2728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:54:15.0572 2728 gpsvc - ok
21:54:15.0602 2728 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys
21:54:15.0608 2728 grmnusb - ok
21:54:15.0666 2728 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:54:15.0679 2728 gusvc - ok
21:54:15.0693 2728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:54:15.0711 2728 hcw85cir - ok
21:54:15.0773 2728 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:54:15.0799 2728 HdAudAddService - ok
21:54:15.0849 2728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:54:15.0876 2728 HDAudBus - ok
21:54:15.0890 2728 hdgnlava - ok
21:54:15.0902 2728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:54:15.0927 2728 HidBatt - ok
21:54:15.0944 2728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:54:15.0968 2728 HidBth - ok
21:54:15.0986 2728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:54:16.0017 2728 HidIr - ok
21:54:16.0040 2728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:54:16.0088 2728 hidserv - ok
21:54:16.0115 2728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:54:16.0133 2728 HidUsb - ok
21:54:16.0155 2728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:54:16.0190 2728 hkmsvc - ok
21:54:16.0214 2728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:54:16.0225 2728 HomeGroupListener - ok
21:54:16.0250 2728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:54:16.0274 2728 HomeGroupProvider - ok
21:54:16.0365 2728 HotspotShieldService (b2afa712b3cdf8ad04d85c56546bb174) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
21:54:16.0372 2728 HotspotShieldService ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0372 2728 HotspotShieldService - detected UnsignedFile.Multi.Generic (1)
21:54:16.0411 2728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:54:16.0420 2728 HpSAMD - ok
21:54:16.0441 2728 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
21:54:16.0476 2728 HssDrv - ok
21:54:16.0537 2728 HssSrv (b8b90bb7011556691d432aaecaa0d26c) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
21:54:16.0544 2728 HssSrv ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0544 2728 HssSrv - detected UnsignedFile.Multi.Generic (1)
21:54:16.0575 2728 HssTrayService (8faab97946600e312cb3398061ad3059) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
21:54:16.0579 2728 HssTrayService ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0579 2728 HssTrayService - detected UnsignedFile.Multi.Generic (1)
21:54:16.0585 2728 HssWd - ok
21:54:16.0648 2728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:54:16.0686 2728 HTTP - ok
21:54:16.0707 2728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:54:16.0716 2728 hwpolicy - ok
21:54:16.0736 2728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:54:16.0746 2728 i8042prt - ok
21:54:16.0809 2728 IAANTMON (549275dc1004e09f92167b98b0ce63fe) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:54:16.0824 2728 IAANTMON - ok
21:54:16.0871 2728 iaStor (f27742d576f355972c94952671658dc2) C:\Windows\system32\DRIVERS\iaStor.sys
21:54:16.0886 2728 iaStor - ok
21:54:16.0917 2728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:54:16.0935 2728 iaStorV - ok
21:54:16.0974 2728 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:54:16.0987 2728 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:54:16.0987 2728 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:54:17.0077 2728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:54:17.0096 2728 idsvc - ok
21:54:17.0187 2728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:54:17.0200 2728 iirsp - ok
21:54:17.0263 2728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:54:17.0321 2728 IKEEXT - ok
21:54:17.0336 2728 iktydhah - ok
21:54:17.0369 2728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:54:17.0382 2728 intelide - ok
21:54:17.0402 2728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:54:17.0426 2728 intelppm - ok
21:54:17.0483 2728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:54:17.0532 2728 IPBusEnum - ok
21:54:17.0564 2728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:54:17.0597 2728 IpFilterDriver - ok
21:54:17.0644 2728 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:54:17.0689 2728 iphlpsvc - ok
21:54:17.0705 2728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:54:17.0725 2728 IPMIDRV - ok
21:54:17.0747 2728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:54:17.0773 2728 IPNAT - ok
21:54:17.0897 2728 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:54:17.0920 2728 iPod Service - ok
21:54:17.0942 2728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:54:17.0963 2728 IRENUM - ok
21:54:17.0980 2728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:54:17.0989 2728 isapnp - ok
21:54:18.0010 2728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:54:18.0021 2728 iScsiPrt - ok
21:54:18.0105 2728 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:54:18.0118 2728 ISODrive - ok
21:54:18.0141 2728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:54:18.0154 2728 kbdclass - ok
21:54:18.0187 2728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:54:18.0214 2728 kbdhid - ok
21:54:18.0237 2728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:18.0251 2728 KeyIso - ok
21:54:18.0268 2728 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:54:18.0281 2728 KSecDD - ok
21:54:18.0298 2728 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:54:18.0313 2728 KSecPkg - ok
21:54:18.0341 2728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:54:18.0389 2728 ksthunk - ok
21:54:18.0426 2728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:54:18.0465 2728 KtmRm - ok
21:54:18.0513 2728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:54:18.0557 2728 LanmanServer - ok
21:54:18.0583 2728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:54:18.0618 2728 LanmanWorkstation - ok
21:54:18.0654 2728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:54:18.0701 2728 lltdio - ok
21:54:18.0725 2728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:54:18.0761 2728 lltdsvc - ok
21:54:18.0777 2728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:54:18.0802 2728 lmhosts - ok
21:54:18.0829 2728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:54:18.0839 2728 LSI_FC - ok
21:54:18.0847 2728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:54:18.0856 2728 LSI_SAS - ok
21:54:18.0866 2728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:54:18.0875 2728 LSI_SAS2 - ok
21:54:18.0890 2728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:54:18.0899 2728 LSI_SCSI - ok
21:54:18.0924 2728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:54:18.0959 2728 luafv - ok
21:54:18.0996 2728 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:54:19.0003 2728 LVPr2M64 - ok
21:54:19.0019 2728 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:54:19.0026 2728 LVPr2Mon - ok
21:54:19.0060 2728 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:54:19.0072 2728 LVRS64 - ok
21:54:19.0296 2728 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:54:19.0360 2728 LVUVC64 - ok
21:54:19.0475 2728 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:54:19.0489 2728 MBAMProtector - ok
21:54:19.0580 2728 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:54:19.0599 2728 MBAMService - ok
21:54:19.0620 2728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:54:19.0640 2728 Mcx2Svc - ok
21:54:19.0668 2728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:54:19.0676 2728 megasas - ok
21:54:19.0698 2728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:54:19.0709 2728 MegaSR - ok
21:54:19.0743 2728 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\2DB9.tmp
21:54:19.0755 2728 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - warning
21:54:19.0755 2728 MEMSWEEP2 - detected UnsignedFile.Multi.Generic (1)
21:54:19.0829 2728 Microsoft SharePoint Workspace Audit Service - ok
21:54:19.0865 2728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:54:19.0904 2728 MMCSS - ok
21:54:19.0919 2728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:54:19.0951 2728 Modem - ok
21:54:19.0977 2728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:54:19.0998 2728 monitor - ok
21:54:20.0032 2728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:54:20.0045 2728 mouclass - ok
21:54:20.0062 2728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:54:20.0080 2728 mouhid - ok
21:54:20.0100 2728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:54:20.0109 2728 mountmgr - ok
21:54:20.0141 2728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:54:20.0151 2728 mpio - ok
21:54:20.0169 2728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:54:20.0195 2728 mpsdrv - ok
21:54:20.0263 2728 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:54:20.0325 2728 MpsSvc - ok
21:54:20.0353 2728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:54:20.0377 2728 MRxDAV - ok
21:54:20.0400 2728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:54:20.0425 2728 mrxsmb - ok
21:54:20.0460 2728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:54:20.0489 2728 mrxsmb10 - ok
21:54:20.0521 2728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:54:20.0535 2728 mrxsmb20 - ok
21:54:20.0547 2728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:54:20.0560 2728 msahci - ok
21:54:20.0574 2728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:54:20.0585 2728 msdsm - ok
21:54:20.0608 2728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:54:20.0627 2728 MSDTC - ok
21:54:20.0660 2728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:54:20.0685 2728 Msfs - ok
21:54:20.0694 2728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:54:20.0732 2728 mshidkmdf - ok
21:54:20.0742 2728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:54:20.0751 2728 msisadrv - ok
21:54:20.0789 2728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:54:20.0843 2728 MSiSCSI - ok
21:54:20.0845 2728 msiserver - ok
21:54:20.0863 2728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:54:20.0901 2728 MSKSSRV - ok
21:54:20.0916 2728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:54:20.0956 2728 MSPCLOCK - ok
21:54:20.0959 2728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:54:21.0000 2728 MSPQM - ok
21:54:21.0032 2728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:54:21.0044 2728 MsRPC - ok
21:54:21.0058 2728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:54:21.0067 2728 mssmbios - ok
21:54:21.0082 2728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:54:21.0108 2728 MSTEE - ok
21:54:21.0123 2728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:54:21.0141 2728 MTConfig - ok
21:54:21.0164 2728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:54:21.0173 2728 Mup - ok
21:54:21.0219 2728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:54:21.0248 2728 napagent - ok
21:54:21.0284 2728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:54:21.0309 2728 NativeWifiP - ok
21:54:21.0370 2728 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:54:21.0397 2728 NDIS - ok
21:54:21.0422 2728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:54:21.0456 2728 NdisCap - ok
21:54:21.0480 2728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:54:21.0515 2728 NdisTapi - ok
21:54:21.0555 2728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:54:21.0583 2728 Ndisuio - ok
21:54:21.0620 2728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:54:21.0657 2728 NdisWan - ok
21:54:21.0682 2728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:54:21.0715 2728 NDProxy - ok
21:54:21.0726 2728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:54:21.0752 2728 NetBIOS - ok
21:54:21.0788 2728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:54:21.0827 2728 NetBT - ok
21:54:21.0851 2728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:21.0861 2728 Netlogon - ok
21:54:21.0908 2728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:54:21.0948 2728 Netman - ok
21:54:22.0050 2728 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0061 2728 NetMsmqActivator - ok
21:54:22.0064 2728 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0075 2728 NetPipeActivator - ok
21:54:22.0111 2728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:54:22.0154 2728 netprofm - ok
21:54:22.0159 2728 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0167 2728 NetTcpActivator - ok
21:54:22.0169 2728 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:54:22.0177 2728 NetTcpPortSharing - ok
21:54:22.0220 2728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:54:22.0233 2728 nfrd960 - ok
21:54:22.0274 2728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:54:22.0313 2728 NlaSvc - ok
21:54:22.0410 2728 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
21:54:22.0419 2728 nlsX86cc - ok
21:54:22.0492 2728 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
21:54:22.0502 2728 NMSAccessU - ok
21:54:22.0510 2728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:54:22.0542 2728 Npfs - ok
21:54:22.0553 2728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:54:22.0589 2728 nsi - ok
21:54:22.0603 2728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:54:22.0638 2728 nsiproxy - ok
21:54:22.0735 2728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:54:22.0769 2728 Ntfs - ok
21:54:22.0872 2728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:54:22.0909 2728 Null - ok
21:54:22.0940 2728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:54:22.0950 2728 nvraid - ok
21:54:22.0977 2728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:54:22.0987 2728 nvstor - ok
21:54:23.0013 2728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:54:23.0023 2728 nv_agp - ok
21:54:23.0037 2728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:54:23.0056 2728 ohci1394 - ok
21:54:23.0111 2728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:54:23.0122 2728 ose - ok
21:54:23.0411 2728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:54:23.0475 2728 osppsvc - ok
21:54:23.0564 2728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:54:23.0594 2728 p2pimsvc - ok
21:54:23.0629 2728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:54:23.0648 2728 p2psvc - ok
21:54:23.0707 2728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:54:23.0738 2728 Parport - ok
21:54:23.0764 2728 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:54:23.0777 2728 partmgr - ok
21:54:23.0794 2728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:54:23.0828 2728 PcaSvc - ok
21:54:23.0861 2728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:54:23.0876 2728 pci - ok
21:54:23.0891 2728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:54:23.0903 2728 pciide - ok
21:54:23.0921 2728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:54:23.0936 2728 pcmcia - ok
21:54:23.0947 2728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:54:23.0956 2728 pcw - ok
21:54:23.0994 2728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:54:24.0032 2728 PEAUTH - ok
21:54:24.0116 2728 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:54:24.0161 2728 PeerDistSvc - ok
21:54:24.0239 2728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:54:24.0262 2728 PerfHost - ok
21:54:24.0395 2728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:54:24.0446 2728 pla - ok
21:54:24.0486 2728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:54:24.0511 2728 PlugPlay - ok
21:54:24.0528 2728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:54:24.0552 2728 PNRPAutoReg - ok
21:54:24.0580 2728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:54:24.0592 2728 PNRPsvc - ok
21:54:24.0653 2728 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
21:54:24.0663 2728 Point64 - ok
21:54:24.0711 2728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:54:24.0763 2728 PolicyAgent - ok
21:54:24.0789 2728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:54:24.0826 2728 Power - ok
21:54:24.0868 2728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:54:24.0920 2728 PptpMiniport - ok
21:54:24.0944 2728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:54:24.0960 2728 Processor - ok
21:54:24.0995 2728 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:54:25.0034 2728 ProfSvc - ok
21:54:25.0055 2728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:25.0064 2728 ProtectedStorage - ok
21:54:25.0088 2728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:54:25.0114 2728 Psched - ok
21:54:25.0163 2728 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
21:54:25.0172 2728 PSI - ok
21:54:25.0201 2728 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:54:25.0212 2728 PxHlpa64 - ok
21:54:25.0287 2728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:54:25.0320 2728 ql2300 - ok
21:54:25.0422 2728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:54:25.0432 2728 ql40xx - ok
21:54:25.0467 2728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:54:25.0481 2728 QWAVE - ok
21:54:25.0518 2728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:54:25.0544 2728 QWAVEdrv - ok
21:54:25.0554 2728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:54:25.0595 2728 RasAcd - ok
21:54:25.0629 2728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:54:25.0655 2728 RasAgileVpn - ok
21:54:25.0671 2728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:54:25.0698 2728 RasAuto - ok
21:54:25.0717 2728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:54:25.0749 2728 Rasl2tp - ok
21:54:25.0793 2728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:54:25.0830 2728 RasMan - ok
21:54:25.0848 2728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:54:25.0889 2728 RasPppoe - ok
21:54:25.0904 2728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:54:25.0945 2728 RasSstp - ok
21:54:25.0980 2728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:54:26.0020 2728 rdbss - ok
21:54:26.0030 2728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:54:26.0049 2728 rdpbus - ok
21:54:26.0062 2728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:54:26.0088 2728 RDPCDD - ok
21:54:26.0115 2728 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:54:26.0125 2728 RDPDR - ok
21:54:26.0143 2728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:54:26.0182 2728 RDPENCDD - ok
21:54:26.0200 2728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:54:26.0226 2728 RDPREFMP - ok
21:54:26.0249 2728 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:54:26.0265 2728 RdpVideoMiniport - ok
21:54:26.0301 2728 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:54:26.0323 2728 RDPWD - ok
21:54:26.0353 2728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:54:26.0363 2728 rdyboost - ok
21:54:26.0391 2728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:54:26.0426 2728 RemoteAccess - ok
21:54:26.0457 2728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:54:26.0497 2728 RemoteRegistry - ok
21:54:26.0511 2728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:54:26.0544 2728 RpcEptMapper - ok
21:54:26.0559 2728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:54:26.0584 2728 RpcLocator - ok
21:54:26.0635 2728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:54:26.0664 2728 RpcSs - ok
21:54:26.0699 2728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:54:26.0725 2728 rspndr - ok
21:54:26.0784 2728 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:54:26.0794 2728 RTL8167 - ok
21:54:26.0828 2728 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:54:26.0854 2728 RTL8169 - ok
21:54:26.0890 2728 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:54:26.0904 2728 RtNdPt60 - ok
21:54:26.0932 2728 RTTEAMPT (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:54:26.0939 2728 RTTEAMPT - ok
21:54:26.0948 2728 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:54:26.0969 2728 RTVLANPT - ok
21:54:26.0986 2728 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:54:27.0004 2728 s3cap - ok
21:54:27.0025 2728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:27.0034 2728 SamSs - ok
21:54:27.0116 2728 SbieDrv (0fe05dd9bbf0782e2bbf0977f2034616) C:\Program Files\Sandboxie\SbieDrv.sys
21:54:27.0126 2728 SbieDrv - ok
21:54:27.0164 2728 SbieSvc (c970c7b2fd2e811525d4578d50b535f5) C:\Program Files\Sandboxie\SbieSvc.exe
21:54:27.0172 2728 SbieSvc - ok
21:54:27.0183 2728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:54:27.0193 2728 sbp2port - ok
21:54:27.0222 2728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:54:27.0250 2728 SCardSvr - ok
21:54:27.0271 2728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:54:27.0320 2728 scfilter - ok
21:54:27.0395 2728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:54:27.0449 2728 Schedule - ok
21:54:27.0478 2728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:54:27.0503 2728 SCPolicySvc - ok
21:54:27.0536 2728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:54:27.0553 2728 SDRSVC - ok
21:54:27.0620 2728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:54:27.0645 2728 secdrv - ok
21:54:27.0659 2728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:54:27.0694 2728 seclogon - ok
21:54:27.0794 2728 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:54:27.0810 2728 Secunia PSI Agent - ok
21:54:27.0846 2728 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe
21:54:27.0856 2728 Secunia Update Agent - ok
21:54:27.0936 2728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:54:27.0976 2728 SENS - ok
21:54:27.0993 2728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:54:28.0003 2728 SensrSvc - ok
21:54:28.0031 2728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:54:28.0048 2728 Serenum - ok
21:54:28.0067 2728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:54:28.0084 2728 Serial - ok
21:54:28.0124 2728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:54:28.0142 2728 sermouse - ok
21:54:28.0174 2728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:54:28.0210 2728 SessionEnv - ok
21:54:28.0235 2728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:54:28.0263 2728 sffdisk - ok
21:54:28.0279 2728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:54:28.0305 2728 sffp_mmc - ok
21:54:28.0322 2728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:54:28.0353 2728 sffp_sd - ok
21:54:28.0366 2728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:54:28.0377 2728 sfloppy - ok
21:54:28.0414 2728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:54:28.0442 2728 SharedAccess - ok
21:54:28.0482 2728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:54:28.0510 2728 ShellHWDetection - ok
21:54:28.0529 2728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:54:28.0538 2728 SiSRaid2 - ok
21:54:28.0551 2728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:54:28.0560 2728 SiSRaid4 - ok
21:54:28.0631 2728 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:54:28.0642 2728 SkypeUpdate - ok
21:54:28.0661 2728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:54:28.0700 2728 Smb - ok
21:54:28.0733 2728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:54:28.0744 2728 SNMPTRAP - ok
21:54:28.0755 2728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:54:28.0764 2728 spldr - ok
21:54:28.0816 2728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:54:28.0859 2728 Spooler - ok
21:54:29.0043 2728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:54:29.0120 2728 sppsvc - ok
21:54:29.0184 2728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:54:29.0235 2728 sppuinotify - ok
21:54:29.0329 2728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:54:29.0360 2728 srv - ok
21:54:29.0408 2728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:54:29.0439 2728 srv2 - ok
21:54:29.0462 2728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:54:29.0484 2728 srvnet - ok
21:54:29.0520 2728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:54:29.0570 2728 SSDPSRV - ok
21:54:29.0588 2728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:54:29.0615 2728 SstpSvc - ok
21:54:29.0647 2728 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:54:29.0659 2728 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:29.0659 2728 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:29.0685 2728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:54:29.0693 2728 stexstor - ok
21:54:29.0757 2728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:54:29.0790 2728 stisvc - ok
21:54:29.0818 2728 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:54:29.0827 2728 storflt - ok
21:54:29.0833 2728 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:54:29.0842 2728 storvsc - ok
21:54:29.0921 2728 STRATO HiDrive Service (a4533f6ee3dca68be5671c0571384e3a) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
21:54:29.0924 2728 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - warning
21:54:29.0924 2728 STRATO HiDrive Service - detected UnsignedFile.Multi.Generic (1)
21:54:29.0944 2728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:54:29.0957 2728 swenum - ok
21:54:30.0042 2728 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:54:30.0069 2728 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
21:54:30.0069 2728 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
21:54:30.0119 2728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:54:30.0161 2728 swprv - ok
21:54:30.0164 2728 Synth3dVsc - ok
21:54:30.0262 2728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:54:30.0314 2728 SysMain - ok
21:54:30.0413 2728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:54:30.0433 2728 TabletInputService - ok
21:54:30.0467 2728 tap0901 (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
21:54:30.0486 2728 tap0901 - ok
21:54:30.0518 2728 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:54:30.0525 2728 taphss - ok
21:54:30.0566 2728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:54:30.0603 2728 TapiSrv - ok
21:54:30.0627 2728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:54:30.0654 2728 TBS - ok
21:54:30.0761 2728 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:54:30.0803 2728 Tcpip - ok
21:54:30.0940 2728 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:54:30.0972 2728 TCPIP6 - ok
21:54:31.0023 2728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:54:31.0067 2728 tcpipreg - ok
21:54:31.0086 2728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:54:31.0106 2728 TDPIPE - ok
21:54:31.0134 2728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:54:31.0143 2728 TDTCP - ok
21:54:31.0181 2728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:54:31.0206 2728 tdx - ok
21:54:31.0242 2728 TEAM (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:54:31.0249 2728 TEAM - ok
21:54:31.0448 2728 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:54:31.0489 2728 TeamViewer7 - ok
21:54:31.0553 2728 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:54:31.0562 2728 teamviewervpn - ok
21:54:31.0585 2728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:54:31.0599 2728 TermDD - ok
21:54:31.0647 2728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:54:31.0700 2728 TermService - ok
21:54:31.0738 2728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:54:31.0760 2728 Themes - ok
21:54:31.0785 2728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:54:31.0811 2728 THREADORDER - ok
21:54:31.0846 2728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:54:31.0886 2728 TrkWks - ok
21:54:31.0942 2728 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
21:54:31.0956 2728 truecrypt - ok
21:54:32.0011 2728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:54:32.0043 2728 TrustedInstaller - ok
21:54:32.0068 2728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:32.0093 2728 tssecsrv - ok
21:54:32.0117 2728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:54:32.0134 2728 TsUsbFlt - ok
21:54:32.0138 2728 tsusbhub - ok
21:54:32.0187 2728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:54:32.0232 2728 tunnel - ok
21:54:32.0253 2728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:54:32.0262 2728 uagp35 - ok
21:54:32.0306 2728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:54:32.0357 2728 udfs - ok
21:54:32.0379 2728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:54:32.0390 2728 UI0Detect - ok
21:54:32.0410 2728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:54:32.0419 2728 uliagpkx - ok
21:54:32.0453 2728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:54:32.0476 2728 umbus - ok
21:54:32.0498 2728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:54:32.0519 2728 UmPass - ok
21:54:32.0554 2728 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:54:32.0582 2728 UmRdpService - ok
21:54:32.0694 2728 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:54:32.0711 2728 UMVPFSrv - ok
21:54:32.0736 2728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:54:32.0765 2728 upnphost - ok
21:54:32.0784 2728 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:54:32.0804 2728 USBAAPL64 - ok
21:54:32.0844 2728 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:54:32.0864 2728 usbaudio - ok
21:54:32.0885 2728 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:32.0895 2728 usbccgp - ok
21:54:32.0920 2728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:54:32.0931 2728 usbcir - ok
21:54:32.0951 2728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:54:32.0960 2728 usbehci - ok
21:54:32.0985 2728 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:54:33.0009 2728 usbhub - ok
21:54:33.0026 2728 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:54:33.0036 2728 usbohci - ok
21:54:33.0048 2728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:33.0069 2728 usbprint - ok
21:54:33.0084 2728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:33.0108 2728 USBSTOR - ok
21:54:33.0124 2728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:33.0145 2728 usbuhci - ok
21:54:33.0173 2728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:54:33.0212 2728 UxSms - ok
21:54:33.0232 2728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:54:33.0242 2728 VaultSvc - ok
21:54:33.0255 2728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:54:33.0264 2728 vdrvroot - ok
21:54:33.0311 2728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:54:33.0350 2728 vds - ok
21:54:33.0362 2728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:33.0373 2728 vga - ok
21:54:33.0385 2728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:54:33.0420 2728 VgaSave - ok
21:54:33.0433 2728 VGPU - ok
21:54:33.0473 2728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:54:33.0484 2728 vhdmp - ok
21:54:33.0493 2728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:54:33.0503 2728 viaide - ok
21:54:33.0562 2728 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:54:33.0569 2728 VLAN - ok
21:54:33.0605 2728 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:54:33.0616 2728 vmbus - ok
21:54:33.0626 2728 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:54:33.0643 2728 VMBusHID - ok
21:54:33.0661 2728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:54:33.0670 2728 volmgr - ok
21:54:33.0705 2728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:54:33.0717 2728 volmgrx - ok
21:54:33.0743 2728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:54:33.0754 2728 volsnap - ok
21:54:33.0775 2728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:33.0785 2728 vsmraid - ok
21:54:33.0896 2728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:54:33.0946 2728 VSS - ok
21:54:34.0039 2728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:54:34.0065 2728 vwifibus - ok
21:54:34.0101 2728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:54:34.0130 2728 W32Time - ok
21:54:34.0141 2728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:54:34.0151 2728 WacomPen - ok
21:54:34.0193 2728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:34.0225 2728 WANARP - ok
21:54:34.0234 2728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:34.0258 2728 Wanarpv6 - ok
21:54:34.0344 2728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:34.0377 2728 WatAdminSvc - ok
21:54:34.0465 2728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:54:34.0498 2728 wbengine - ok
21:54:34.0579 2728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:54:34.0600 2728 WbioSrvc - ok
21:54:34.0634 2728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:54:34.0660 2728 wcncsvc - ok
21:54:34.0679 2728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:54:34.0699 2728 WcsPlugInService - ok
21:54:34.0734 2728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:54:34.0743 2728 Wd - ok
21:54:34.0782 2728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:54:34.0797 2728 Wdf01000 - ok
21:54:34.0813 2728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:54:34.0837 2728 WdiServiceHost - ok
21:54:34.0839 2728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:54:34.0853 2728 WdiSystemHost - ok
21:54:34.0886 2728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:54:34.0912 2728 WebClient - ok
21:54:34.0934 2728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:54:34.0977 2728 Wecsvc - ok
21:54:34.0991 2728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:54:35.0026 2728 wercplsupport - ok
21:54:35.0047 2728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:54:35.0074 2728 WerSvc - ok
21:54:35.0101 2728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:35.0127 2728 WfpLwf - ok
21:54:35.0135 2728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:54:35.0144 2728 WIMMount - ok
21:54:35.0193 2728 WinDefend - ok
21:54:35.0201 2728 WinHttpAutoProxySvc - ok
21:54:35.0262 2728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:54:35.0301 2728 Winmgmt - ok
21:54:35.0408 2728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:54:35.0459 2728 WinRM - ok
21:54:35.0580 2728 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:35.0608 2728 WinUsb - ok
21:54:35.0669 2728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:54:35.0708 2728 Wlansvc - ok
21:54:35.0728 2728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:54:35.0738 2728 WmiAcpi - ok
21:54:35.0803 2728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:54:35.0831 2728 wmiApSrv - ok
21:54:35.0901 2728 WMPNetworkSvc - ok
21:54:35.0918 2728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:54:35.0932 2728 WPCSvc - ok
21:54:35.0962 2728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:54:35.0979 2728 WPDBusEnum - ok
21:54:36.0002 2728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:36.0053 2728 ws2ifsl - ok
21:54:36.0065 2728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:54:36.0092 2728 wscsvc - ok
21:54:36.0094 2728 WSearch - ok
21:54:36.0223 2728 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:54:36.0284 2728 wuauserv - ok
21:54:36.0386 2728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:54:36.0428 2728 WudfPf - ok
21:54:36.0465 2728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:54:36.0503 2728 wudfsvc - ok
21:54:36.0541 2728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:54:36.0556 2728 WwanSvc - ok
21:54:36.0576 2728 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:54:36.0940 2728 \Device\Harddisk0\DR0 - ok
21:54:36.0942 2728 Boot (0x1200) (0bad36234d44da07ecd9352cabff905d) \Device\Harddisk0\DR0\Partition0
21:54:36.0944 2728 \Device\Harddisk0\DR0\Partition0 - ok
21:54:36.0968 2728 Boot (0x1200) (777b13c19d7df68449108280f2a13010) \Device\Harddisk0\DR0\Partition1
21:54:36.0969 2728 \Device\Harddisk0\DR0\Partition1 - ok
21:54:36.0983 2728 Boot (0x1200) (2bb9fa725471a7211fc6a271a3451b14) \Device\Harddisk0\DR0\Partition2
21:54:36.0984 2728 \Device\Harddisk0\DR0\Partition2 - ok
21:54:37.0012 2728 Boot (0x1200) (886e4e72fb1c452c861462f8cfa669af) \Device\Harddisk0\DR0\Partition3
21:54:37.0012 2728 \Device\Harddisk0\DR0\Partition3 - ok
21:54:37.0013 2728 ============================================================
21:54:37.0013 2728 Scan finished
21:54:37.0013 2728 ============================================================
21:54:37.0022 1088 Detected object count: 9
21:54:37.0022 1088 Actual detected object count: 9
21:55:21.0260 1088 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:55:21.0260 1088 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:55:21.0260 1088 HotspotShieldService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0260 1088 HotspotShieldService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0262 1088 HssSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0262 1088 HssSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0263 1088 HssTrayService ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0263 1088 HssTrayService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0264 1088 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0264 1088 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0265 1088 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0265 1088 MEMSWEEP2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0266 1088 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0266 1088 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0268 1088 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0268 1088 STRATO HiDrive Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:21.0269 1088 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:21.0269 1088 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:29.0035 3192 ============================================================
21:55:29.0035 3192 Scan started
21:55:29.0035 3192 Mode: Manual;
21:55:29.0035 3192 ============================================================
21:55:29.0525 3192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:55:29.0526 3192 1394ohci - ok
21:55:29.0563 3192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:55:29.0564 3192 ACPI - ok
21:55:29.0591 3192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:55:29.0591 3192 AcpiPmi - ok
21:55:29.0683 3192 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:55:29.0684 3192 AdobeARMservice - ok
21:55:29.0779 3192 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:55:29.0780 3192 AdobeFlashPlayerUpdateSvc - ok
21:55:29.0824 3192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:55:29.0827 3192 adp94xx - ok
21:55:29.0855 3192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:55:29.0857 3192 adpahci - ok
21:55:29.0872 3192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:55:29.0873 3192 adpu320 - ok
21:55:29.0898 3192 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:55:29.0899 3192 AeLookupSvc - ok
21:55:29.0947 3192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:55:29.0950 3192 AFD - ok
21:55:29.0961 3192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:55:29.0961 3192 agp440 - ok
21:55:30.0185 3192 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
21:55:30.0185 3192 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
21:55:30.0191 3192 Akamai ( HiddenFile.Multi.Generic ) - warning
21:55:30.0191 3192 Akamai - detected HiddenFile.Multi.Generic (1)
21:55:30.0280 3192 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:55:30.0281 3192 ALG - ok
21:55:30.0298 3192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:55:30.0298 3192 aliide - ok
21:55:30.0329 3192 AMD External Events Utility (a359974eaac83a435497c52f62a2e590) C:\Windows\system32\atiesrxx.exe
21:55:30.0330 3192 AMD External Events Utility - ok
21:55:30.0338 3192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:55:30.0338 3192 amdide - ok
21:55:30.0362 3192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:55:30.0363 3192 AmdK8 - ok
21:55:30.0832 3192 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:30.0872 3192 amdkmdag - ok
21:55:30.0933 3192 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
21:55:30.0935 3192 amdkmdap - ok
21:55:30.0953 3192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:55:30.0953 3192 AmdPPM - ok
21:55:30.0971 3192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:55:30.0972 3192 amdsata - ok
21:55:30.0992 3192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:55:30.0993 3192 amdsbs - ok
21:55:31.0012 3192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:55:31.0012 3192 amdxata - ok
21:55:31.0040 3192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:55:31.0040 3192 AppID - ok
21:55:31.0060 3192 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:55:31.0061 3192 AppIDSvc - ok
21:55:31.0086 3192 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:55:31.0086 3192 Appinfo - ok
21:55:31.0182 3192 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:55:31.0183 3192 Apple Mobile Device - ok
21:55:31.0218 3192 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:55:31.0220 3192 AppMgmt - ok
21:55:31.0236 3192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:55:31.0237 3192 arc - ok
21:55:31.0248 3192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:55:31.0249 3192 arcsas - ok
21:55:31.0332 3192 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:55:31.0332 3192 aspnet_state - ok
21:55:31.0346 3192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:31.0346 3192 AsyncMac - ok
21:55:31.0371 3192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:55:31.0371 3192 atapi - ok
21:55:31.0778 3192 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
21:55:31.0817 3192 atikmdag - ok
21:55:31.0934 3192 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:55:31.0938 3192 AudioEndpointBuilder - ok
21:55:31.0945 3192 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:55:31.0949 3192 AudioSrv - ok
21:55:31.0973 3192 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:55:31.0974 3192 AxInstSV - ok
21:55:32.0031 3192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:55:32.0034 3192 b06bdrv - ok
21:55:32.0059 3192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:32.0061 3192 b57nd60a - ok
21:55:32.0087 3192 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:55:32.0088 3192 BDESVC - ok
21:55:32.0094 3192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:55:32.0094 3192 Beep - ok
21:55:32.0145 3192 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:55:32.0149 3192 BFE - ok
21:55:32.0194 3192 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:55:32.0200 3192 BITS - ok
21:55:32.0217 3192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:32.0217 3192 blbdrive - ok
21:55:32.0287 3192 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:55:32.0290 3192 Bonjour Service - ok
21:55:32.0310 3192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:55:32.0311 3192 bowser - ok
21:55:32.0323 3192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:55:32.0324 3192 BrFiltLo - ok
21:55:32.0332 3192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:55:32.0332 3192 BrFiltUp - ok
21:55:32.0368 3192 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:55:32.0369 3192 Browser - ok
21:55:32.0390 3192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:55:32.0392 3192 Brserid - ok
21:55:32.0406 3192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:32.0407 3192 BrSerWdm - ok
21:55:32.0417 3192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:32.0417 3192 BrUsbMdm - ok
21:55:32.0423 3192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:32.0424 3192 BrUsbSer - ok
21:55:32.0436 3192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:55:32.0436 3192 BTHMODEM - ok
21:55:32.0468 3192 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:55:32.0469 3192 bthserv - ok
21:55:32.0487 3192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:32.0488 3192 cdfs - ok
21:55:32.0517 3192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:55:32.0518 3192 cdrom - ok
21:55:32.0547 3192 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:55:32.0548 3192 CertPropSvc - ok
21:55:32.0563 3192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:55:32.0563 3192 circlass - ok
21:55:32.0587 3192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:55:32.0589 3192 CLFS - ok
21:55:32.0644 3192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:55:32.0645 3192 clr_optimization_v2.0.50727_32 - ok
21:55:32.0703 3192 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:55:32.0704 3192 clr_optimization_v2.0.50727_64 - ok
21:55:32.0760 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:55:32.0761 3192 clr_optimization_v4.0.30319_32 - ok
21:55:32.0785 3192 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:55:32.0786 3192 clr_optimization_v4.0.30319_64 - ok
21:55:32.0794 3192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:32.0794 3192 CmBatt - ok
21:55:32.0817 3192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:55:32.0817 3192 cmdide - ok
21:55:32.0859 3192 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:55:32.0861 3192 CNG - ok
21:55:32.0885 3192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:32.0886 3192 Compbatt - ok
21:55:32.0908 3192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:55:32.0908 3192 CompositeBus - ok
21:55:32.0911 3192 COMSysApp - ok
21:55:32.0925 3192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:55:32.0925 3192 crcdisk - ok
21:55:32.0949 3192 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:55:32.0951 3192 CryptSvc - ok
21:55:32.0983 3192 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:55:32.0986 3192 CSC - ok
21:55:33.0028 3192 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:55:33.0032 3192 CscService - ok
21:55:33.0068 3192 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:55:33.0072 3192 DcomLaunch - ok
21:55:33.0112 3192 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:55:33.0114 3192 defragsvc - ok
21:55:33.0167 3192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:55:33.0168 3192 DfsC - ok
21:55:33.0187 3192 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:55:33.0190 3192 Dhcp - ok
21:55:33.0200 3192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:55:33.0201 3192 discache - ok
21:55:33.0216 3192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:55:33.0216 3192 Disk - ok
21:55:33.0240 3192 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:55:33.0241 3192 Dnscache - ok
21:55:33.0277 3192 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:55:33.0279 3192 dot3svc - ok
21:55:33.0326 3192 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:55:33.0328 3192 DPS - ok
21:55:33.0354 3192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:55:33.0355 3192 drmkaud - ok
21:55:33.0404 3192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:33.0410 3192 DXGKrnl - ok
21:55:33.0445 3192 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:55:33.0446 3192 EapHost - ok
21:55:33.0594 3192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:55:33.0613 3192 ebdrv - ok
21:55:33.0698 3192 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:55:33.0700 3192 EFS - ok
21:55:33.0760 3192 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:55:33.0764 3192 ehRecvr - ok
21:55:33.0795 3192 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:55:33.0795 3192 ehSched - ok
21:55:33.0845 3192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:55:33.0848 3192 elxstor - ok
21:55:33.0869 3192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:55:33.0869 3192 ErrDev - ok
21:55:33.0909 3192 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:55:33.0912 3192 EventSystem - ok
21:55:33.0931 3192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:55:33.0933 3192 exfat - ok
21:55:33.0952 3192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:55:33.0954 3192 fastfat - ok
21:55:34.0006 3192 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:55:34.0010 3192 Fax - ok
21:55:34.0027 3192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:55:34.0027 3192 fdc - ok
21:55:34.0034 3192 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:55:34.0035 3192 fdPHost - ok
21:55:34.0048 3192 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:55:34.0049 3192 FDResPub - ok
21:55:34.0057 3192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:55:34.0057 3192 FileInfo - ok
21:55:34.0070 3192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:55:34.0070 3192 Filetrace - ok
21:55:34.0084 3192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:34.0084 3192 flpydisk - ok
21:55:34.0121 3192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:55:34.0123 3192 FltMgr - ok
21:55:34.0192 3192 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:55:34.0199 3192 FontCache - ok
21:55:34.0280 3192 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:55:34.0281 3192 FontCache3.0.0.0 - ok
21:55:34.0318 3192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:55:34.0318 3192 FsDepends - ok
21:55:34.0341 3192 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:34.0341 3192 Fs_Rec - ok
21:55:34.0377 3192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:55:34.0378 3192 fvevol - ok
21:55:34.0392 3192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:55:34.0393 3192 gagp30kx - ok
21:55:34.0414 3192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:55:34.0415 3192 GEARAspiWDM - ok
21:55:34.0468 3192 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:55:34.0473 3192 gpsvc - ok
21:55:34.0497 3192 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys
21:55:34.0497 3192 grmnusb - ok
21:55:34.0552 3192 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:55:34.0553 3192 gusvc - ok
21:55:34.0563 3192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:55:34.0563 3192 hcw85cir - ok
21:55:34.0601 3192 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:55:34.0603 3192 HdAudAddService - ok
21:55:34.0636 3192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:55:34.0640 3192 HDAudBus - ok
21:55:34.0643 3192 hdgnlava - ok
21:55:34.0657 3192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:55:34.0657 3192 HidBatt - ok
21:55:34.0674 3192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:55:34.0674 3192 HidBth - ok
21:55:34.0682 3192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:55:34.0683 3192 HidIr - ok
21:55:34.0711 3192 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:55:34.0712 3192 hidserv - ok
21:55:34.0721 3192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:55:34.0722 3192 HidUsb - ok
21:55:34.0745 3192 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:55:34.0746 3192 hkmsvc - ok
21:55:34.0779 3192 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:55:34.0781 3192 HomeGroupListener - ok
21:55:34.0798 3192 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:55:34.0801 3192 HomeGroupProvider - ok
21:55:34.0854 3192 HotspotShieldService (b2afa712b3cdf8ad04d85c56546bb174) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
21:55:34.0855 3192 HotspotShieldService - ok
21:55:34.0885 3192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:55:34.0886 3192 HpSAMD - ok
21:55:34.0906 3192 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
21:55:34.0907 3192 HssDrv - ok
21:55:34.0961 3192 HssSrv (b8b90bb7011556691d432aaecaa0d26c) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
21:55:34.0963 3192 HssSrv - ok
21:55:34.0990 3192 HssTrayService (8faab97946600e312cb3398061ad3059) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
21:55:34.0991 3192 HssTrayService - ok
21:55:34.0993 3192 HssWd - ok
21:55:35.0047 3192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:55:35.0051 3192 HTTP - ok
21:55:35.0073 3192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:55:35.0073 3192 hwpolicy - ok
21:55:35.0085 3192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:55:35.0086 3192 i8042prt - ok
21:55:35.0148 3192 IAANTMON (549275dc1004e09f92167b98b0ce63fe) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:55:35.0150 3192 IAANTMON - ok
21:55:35.0188 3192 iaStor (f27742d576f355972c94952671658dc2) C:\Windows\system32\DRIVERS\iaStor.sys
21:55:35.0191 3192 iaStor - ok
21:55:35.0224 3192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:55:35.0227 3192 iaStorV - ok
21:55:35.0266 3192 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:55:35.0267 3192 IDriverT - ok
21:55:35.0369 3192 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:55:35.0374 3192 idsvc - ok
21:55:35.0464 3192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:55:35.0465 3192 iirsp - ok
21:55:35.0524 3192 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:55:35.0529 3192 IKEEXT - ok
21:55:35.0532 3192 iktydhah - ok
21:55:35.0563 3192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:55:35.0564 3192 intelide - ok
21:55:35.0571 3192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:35.0572 3192 intelppm - ok
21:55:35.0594 3192 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:55:35.0596 3192 IPBusEnum - ok
21:55:35.0618 3192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:35.0619 3192 IpFilterDriver - ok
21:55:35.0663 3192 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:55:35.0667 3192 iphlpsvc - ok
21:55:35.0676 3192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:55:35.0677 3192 IPMIDRV - ok
21:55:35.0694 3192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:55:35.0694 3192 IPNAT - ok
21:55:35.0781 3192 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:55:35.0786 3192 iPod Service - ok
21:55:35.0798 3192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:55:35.0799 3192 IRENUM - ok
21:55:35.0811 3192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:55:35.0811 3192 isapnp - ok
21:55:35.0832 3192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:55:35.0833 3192 iScsiPrt - ok
21:55:35.0894 3192 ISODrive (9c6f3f69163133fb8e56ac4a6e163452) C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
21:55:35.0895 3192 ISODrive - ok
21:55:35.0905 3192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:55:35.0905 3192 kbdclass - ok
21:55:35.0926 3192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:55:35.0927 3192 kbdhid - ok
21:55:35.0943 3192 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:35.0944 3192 KeyIso - ok
21:55:35.0957 3192 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:55:35.0958 3192 KSecDD - ok
21:55:35.0971 3192 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:55:35.0972 3192 KSecPkg - ok
21:55:35.0981 3192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:55:35.0981 3192 ksthunk - ok
21:55:36.0018 3192 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:55:36.0021 3192 KtmRm - ok
21:55:36.0055 3192 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:55:36.0058 3192 LanmanServer - ok
21:55:36.0085 3192 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:55:36.0088 3192 LanmanWorkstation - ok
21:55:36.0108 3192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:36.0108 3192 lltdio - ok
21:55:36.0130 3192 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:55:36.0133 3192 lltdsvc - ok
21:55:36.0148 3192 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:55:36.0150 3192 lmhosts - ok
21:55:36.0169 3192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:55:36.0170 3192 LSI_FC - ok
21:55:36.0182 3192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:55:36.0182 3192 LSI_SAS - ok
21:55:36.0196 3192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:55:36.0197 3192 LSI_SAS2 - ok
21:55:36.0212 3192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:55:36.0213 3192 LSI_SCSI - ok
21:55:36.0229 3192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:55:36.0230 3192 luafv - ok
21:55:36.0252 3192 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:55:36.0252 3192 LVPr2M64 - ok
21:55:36.0254 3192 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
21:55:36.0255 3192 LVPr2Mon - ok
21:55:36.0292 3192 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
21:55:36.0294 3192 LVRS64 - ok
21:55:36.0516 3192 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
21:55:36.0542 3192 LVUVC64 - ok
21:55:36.0658 3192 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:55:36.0658 3192 MBAMProtector - ok
21:55:36.0713 3192 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:55:36.0717 3192 MBAMService - ok
21:55:36.0738 3192 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:55:36.0740 3192 Mcx2Svc - ok
21:55:36.0769 3192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:55:36.0770 3192 megasas - ok
21:55:36.0791 3192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:55:36.0793 3192 MegaSR - ok
21:55:36.0811 3192 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\2DB9.tmp
21:55:36.0812 3192 MEMSWEEP2 - ok
21:55:36.0871 3192 Microsoft SharePoint Workspace Audit Service - ok
21:55:36.0892 3192 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:55:36.0894 3192 MMCSS - ok
21:55:36.0905 3192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:55:36.0905 3192 Modem - ok
21:55:36.0930 3192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:55:36.0931 3192 monitor - ok
21:55:36.0951 3192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:55:36.0952 3192 mouclass - ok
21:55:36.0959 3192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:36.0959 3192 mouhid - ok
21:55:36.0997 3192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:55:36.0998 3192 mountmgr - ok
21:55:37.0030 3192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:55:37.0031 3192 mpio - ok
21:55:37.0049 3192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:55:37.0050 3192 mpsdrv - ok
21:55:37.0114 3192 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:55:37.0120 3192 MpsSvc - ok
21:55:37.0160 3192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:55:37.0161 3192 MRxDAV - ok
21:55:37.0189 3192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:37.0190 3192 mrxsmb - ok
21:55:37.0227 3192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:37.0229 3192 mrxsmb10 - ok
21:55:37.0262 3192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:37.0263 3192 mrxsmb20 - ok
21:55:37.0272 3192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:55:37.0272 3192 msahci - ok
21:55:37.0289 3192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:55:37.0291 3192 msdsm - ok
21:55:37.0317 3192 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:55:37.0319 3192 MSDTC - ok
21:55:37.0335 3192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:55:37.0335 3192 Msfs - ok
21:55:37.0344 3192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:55:37.0345 3192 mshidkmdf - ok
21:55:37.0368 3192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:55:37.0368 3192 msisadrv - ok
21:55:37.0398 3192 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:55:37.0400 3192 MSiSCSI - ok
21:55:37.0403 3192 msiserver - ok
21:55:37.0414 3192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:37.0415 3192 MSKSSRV - ok
21:55:37.0427 3192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:37.0427 3192 MSPCLOCK - ok
21:55:37.0431 3192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:55:37.0431 3192 MSPQM - ok
21:55:37.0467 3192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:55:37.0470 3192 MsRPC - ok
21:55:37.0485 3192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:55:37.0486 3192 mssmbios - ok
21:55:37.0501 3192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:55:37.0502 3192 MSTEE - ok
21:55:37.0509 3192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:55:37.0510 3192 MTConfig - ok
21:55:37.0524 3192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:55:37.0525 3192 Mup - ok
21:55:37.0556 3192 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:55:37.0560 3192 napagent - ok
21:55:37.0587 3192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:37.0589 3192 NativeWifiP - ok
21:55:37.0669 3192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:55:37.0674 3192 NDIS - ok
21:55:37.0693 3192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:37.0694 3192 NdisCap - ok
21:55:37.0702 3192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:37.0703 3192 NdisTapi - ok
21:55:37.0728 3192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:37.0729 3192 Ndisuio - ok
21:55:37.0764 3192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:37.0766 3192 NdisWan - ok
21:55:37.0788 3192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:55:37.0789 3192 NDProxy - ok
21:55:37.0799 3192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:55:37.0799 3192 NetBIOS - ok
21:55:37.0820 3192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:55:37.0821 3192 NetBT - ok
21:55:37.0841 3192 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:37.0842 3192 Netlogon - ok
21:55:37.0892 3192 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:55:37.0894 3192 Netman - ok
21:55:37.0981 3192 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:37.0982 3192 NetMsmqActivator - ok
21:55:37.0985 3192 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:37.0986 3192 NetPipeActivator - ok
21:55:38.0017 3192 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:55:38.0021 3192 netprofm - ok
21:55:38.0024 3192 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:38.0025 3192 NetTcpActivator - ok
21:55:38.0028 3192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:55:38.0029 3192 NetTcpPortSharing - ok
21:55:38.0073 3192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:55:38.0073 3192 nfrd960 - ok
21:55:38.0096 3192 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:55:38.0099 3192 NlaSvc - ok
21:55:38.0162 3192 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe
21:55:38.0163 3192 nlsX86cc - ok
21:55:38.0234 3192 NMSAccessU (fd306fbcce7adb1077b709742e7148e9) C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
21:55:38.0235 3192 NMSAccessU - ok
21:55:38.0245 3192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:55:38.0245 3192 Npfs - ok
21:55:38.0255 3192 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:55:38.0257 3192 nsi - ok
21:55:38.0272 3192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:55:38.0273 3192 nsiproxy - ok
21:55:38.0366 3192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:55:38.0376 3192 Ntfs - ok
21:55:38.0442 3192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:55:38.0442 3192 Null - ok
21:55:38.0468 3192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:55:38.0469 3192 nvraid - ok
21:55:38.0496 3192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:55:38.0497 3192 nvstor - ok
21:55:38.0524 3192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:55:38.0525 3192 nv_agp - ok
21:55:38.0540 3192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:55:38.0541 3192 ohci1394 - ok
21:55:38.0574 3192 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:55:38.0574 3192 ose - ok
21:55:38.0857 3192 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:55:38.0879 3192 osppsvc - ok
21:55:38.0946 3192 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:55:38.0949 3192 p2pimsvc - ok
21:55:38.0991 3192 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:55:38.0995 3192 p2psvc - ok
21:55:39.0039 3192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:55:39.0040 3192 Parport - ok
21:55:39.0071 3192 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:55:39.0071 3192 partmgr - ok
21:55:39.0092 3192 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:55:39.0095 3192 PcaSvc - ok
21:55:39.0127 3192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:55:39.0128 3192 pci - ok
21:55:39.0140 3192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:55:39.0140 3192 pciide - ok
21:55:39.0161 3192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:55:39.0163 3192 pcmcia - ok
21:55:39.0172 3192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:55:39.0173 3192 pcw - ok
21:55:39.0212 3192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:55:39.0216 3192 PEAUTH - ok
21:55:39.0296 3192 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:55:39.0305 3192 PeerDistSvc - ok
21:55:39.0365 3192 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:55:39.0366 3192 PerfHost - ok
21:55:39.0488 3192 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:55:39.0497 3192 pla - ok
21:55:39.0532 3192 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:55:39.0536 3192 PlugPlay - ok
21:55:39.0554 3192 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:55:39.0556 3192 PNRPAutoReg - ok
21:55:39.0582 3192 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:55:39.0585 3192 PNRPsvc - ok
21:55:39.0621 3192 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
21:55:39.0622 3192 Point64 - ok
21:55:39.0671 3192 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:55:39.0675 3192 PolicyAgent - ok
21:55:39.0699 3192 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:55:39.0702 3192 Power - ok
21:55:39.0730 3192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:39.0730 3192 PptpMiniport - ok
21:55:39.0757 3192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:55:39.0757 3192 Processor - ok
21:55:39.0775 3192 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:55:39.0778 3192 ProfSvc - ok
21:55:39.0802 3192 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:39.0803 3192 ProtectedStorage - ok
21:55:39.0827 3192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:55:39.0828 3192 Psched - ok
21:55:39.0852 3192 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
21:55:39.0852 3192 PSI - ok
21:55:39.0883 3192 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:55:39.0883 3192 PxHlpa64 - ok
21:55:39.0962 3192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:55:39.0968 3192 ql2300 - ok
21:55:40.0045 3192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:55:40.0046 3192 ql40xx - ok
21:55:40.0082 3192 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:55:40.0085 3192 QWAVE - ok
21:55:40.0098 3192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:55:40.0098 3192 QWAVEdrv - ok
21:55:40.0111 3192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:40.0111 3192 RasAcd - ok
21:55:40.0136 3192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:40.0137 3192 RasAgileVpn - ok
21:55:40.0151 3192 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:55:40.0153 3192 RasAuto - ok
21:55:40.0175 3192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:40.0176 3192 Rasl2tp - ok
21:55:40.0212 3192 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:55:40.0216 3192 RasMan - ok
21:55:40.0233 3192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:40.0234 3192 RasPppoe - ok
21:55:40.0248 3192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:40.0248 3192 RasSstp - ok
21:55:40.0291 3192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:40.0293 3192 rdbss - ok
21:55:40.0307 3192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:55:40.0307 3192 rdpbus - ok
21:55:40.0314 3192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:40.0315 3192 RDPCDD - ok
21:55:40.0342 3192 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:55:40.0343 3192 RDPDR - ok
21:55:40.0354 3192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:55:40.0354 3192 RDPENCDD - ok
21:55:40.0361 3192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:55:40.0361 3192 RDPREFMP - ok
21:55:40.0385 3192 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:55:40.0385 3192 RdpVideoMiniport - ok
21:55:40.0420 3192 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:55:40.0422 3192 RDPWD - ok
21:55:40.0455 3192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:55:40.0457 3192 rdyboost - ok
21:55:40.0485 3192 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:55:40.0487 3192 RemoteAccess - ok
21:55:40.0502 3192 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:55:40.0504 3192 RemoteRegistry - ok
21:55:40.0523 3192 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:55:40.0525 3192 RpcEptMapper - ok
21:55:40.0537 3192 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:55:40.0539 3192 RpcLocator - ok
21:55:40.0586 3192 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:55:40.0590 3192 RpcSs - ok
21:55:40.0603 3192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:40.0604 3192 rspndr - ok
21:55:40.0647 3192 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:55:40.0649 3192 RTL8167 - ok
21:55:40.0682 3192 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
21:55:40.0682 3192 RTL8169 - ok
21:55:40.0702 3192 RtNdPt60 (2b38c905492f36fe42b59da52d6b4eb7) C:\Windows\system32\DRIVERS\RtNdPt60.sys
21:55:40.0703 3192 RtNdPt60 - ok
21:55:40.0711 3192 RTTEAMPT (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:55:40.0712 3192 RTTEAMPT - ok
21:55:40.0727 3192 RTVLANPT (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVlan60.sys
21:55:40.0728 3192 RTVLANPT - ok
21:55:40.0749 3192 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:55:40.0750 3192 s3cap - ok
21:55:40.0771 3192 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:40.0772 3192 SamSs - ok
21:55:40.0845 3192 SbieDrv (0fe05dd9bbf0782e2bbf0977f2034616) C:\Program Files\Sandboxie\SbieDrv.sys
21:55:40.0846 3192 SbieDrv - ok
21:55:40.0869 3192 SbieSvc (c970c7b2fd2e811525d4578d50b535f5) C:\Program Files\Sandboxie\SbieSvc.exe
21:55:40.0870 3192 SbieSvc - ok
21:55:40.0888 3192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:55:40.0889 3192 sbp2port - ok
21:55:40.0919 3192 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:55:40.0921 3192 SCardSvr - ok
21:55:40.0942 3192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:55:40.0942 3192 scfilter - ok
21:55:41.0012 3192 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:55:41.0020 3192 Schedule - ok
21:55:41.0051 3192 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:55:41.0052 3192 SCPolicySvc - ok
21:55:41.0079 3192 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:55:41.0082 3192 SDRSVC - ok
21:55:41.0134 3192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:55:41.0134 3192 secdrv - ok
21:55:41.0151 3192 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:55:41.0153 3192 seclogon - ok
21:55:41.0244 3192 Secunia PSI Agent (7198bbfbe46c0070257278c536386687) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
21:55:41.0250 3192 Secunia PSI Agent - ok
21:55:41.0281 3192 Secunia Update Agent (d2fca567f9be87e29b9a9fa32ffe79ca) C:\Program Files (x86)\Secunia\PSI\sua.exe
21:55:41.0283 3192 Secunia Update Agent - ok
21:55:41.0362 3192 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:55:41.0364 3192 SENS - ok
21:55:41.0377 3192 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:55:41.0379 3192 SensrSvc - ok
21:55:41.0390 3192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:55:41.0391 3192 Serenum - ok
21:55:41.0409 3192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:55:41.0410 3192 Serial - ok
21:55:41.0433 3192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:55:41.0434 3192 sermouse - ok
21:55:41.0468 3192 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:55:41.0470 3192 SessionEnv - ok
21:55:41.0495 3192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:55:41.0496 3192 sffdisk - ok
21:55:41.0507 3192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:41.0507 3192 sffp_mmc - ok
21:55:41.0511 3192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:55:41.0511 3192 sffp_sd - ok
21:55:41.0529 3192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:55:41.0530 3192 sfloppy - ok
21:55:41.0570 3192 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:55:41.0573 3192 SharedAccess - ok
21:55:41.0604 3192 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:55:41.0608 3192 ShellHWDetection - ok
21:55:41.0618 3192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:55:41.0619 3192 SiSRaid2 - ok
21:55:41.0631 3192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:55:41.0632 3192 SiSRaid4 - ok
21:55:41.0695 3192 SkypeUpdate (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:55:41.0696 3192 SkypeUpdate - ok
21:55:41.0717 3192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:55:41.0718 3192 Smb - ok
21:55:41.0739 3192 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:55:41.0741 3192 SNMPTRAP - ok
21:55:41.0752 3192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:55:41.0753 3192 spldr - ok
21:55:41.0789 3192 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:55:41.0794 3192 Spooler - ok
21:55:41.0978 3192 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:55:41.0998 3192 sppsvc - ok
21:55:42.0067 3192 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:55:42.0069 3192 sppuinotify - ok
21:55:42.0132 3192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:55:42.0134 3192 srv - ok
21:55:42.0171 3192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:55:42.0173 3192 srv2 - ok
21:55:42.0189 3192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:42.0190 3192 srvnet - ok
21:55:42.0212 3192 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:55:42.0214 3192 SSDPSRV - ok
21:55:42.0224 3192 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:55:42.0227 3192 SstpSvc - ok
21:55:42.0242 3192 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:55:42.0242 3192 StarOpen - ok
21:55:42.0271 3192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:55:42.0272 3192 stexstor - ok
21:55:42.0324 3192 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:55:42.0329 3192 stisvc - ok
21:55:42.0356 3192 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:55:42.0356 3192 storflt - ok
21:55:42.0364 3192 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:55:42.0365 3192 storvsc - ok
21:55:42.0419 3192 STRATO HiDrive Service (a4533f6ee3dca68be5671c0571384e3a) C:\Program Files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe
21:55:42.0420 3192 STRATO HiDrive Service - ok
21:55:42.0443 3192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:55:42.0443 3192 swenum - ok
21:55:42.0514 3192 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:55:42.0518 3192 SwitchBoard - ok
21:55:42.0554 3192 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:55:42.0559 3192 swprv - ok
21:55:42.0564 3192 Synth3dVsc - ok
21:55:42.0666 3192 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:55:42.0677 3192 SysMain - ok
21:55:42.0755 3192 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:55:42.0757 3192 TabletInputService - ok
21:55:42.0793 3192 tap0901 (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
21:55:42.0794 3192 tap0901 - ok
21:55:42.0820 3192 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
21:55:42.0820 3192 taphss - ok
21:55:42.0862 3192 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:55:42.0865 3192 TapiSrv - ok
21:55:42.0888 3192 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:55:42.0891 3192 TBS - ok
21:55:43.0007 3192 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:55:43.0018 3192 Tcpip - ok
21:55:43.0119 3192 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:43.0130 3192 TCPIP6 - ok
21:55:43.0187 3192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:55:43.0188 3192 tcpipreg - ok
21:55:43.0209 3192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:55:43.0209 3192 TDPIPE - ok
21:55:43.0232 3192 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:55:43.0232 3192 TDTCP - ok
21:55:43.0262 3192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:55:43.0263 3192 tdx - ok
21:55:43.0290 3192 TEAM (8df706a5a12a4832a3291a1ff26a7cc1) C:\Windows\system32\DRIVERS\RtTeam60.sys
21:55:43.0290 3192 TEAM - ok
21:55:43.0489 3192 TeamViewer7 (74fc70ae64a7b7dabec9697ce0a1f4fa) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:55:43.0506 3192 TeamViewer7 - ok
21:55:43.0551 3192 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:55:43.0551 3192 teamviewervpn - ok
21:55:43.0576 3192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:55:43.0576 3192 TermDD - ok
21:55:43.0634 3192 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:55:43.0639 3192 TermService - ok
21:55:43.0661 3192 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:55:43.0663 3192 Themes - ok
21:55:43.0692 3192 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:55:43.0693 3192 THREADORDER - ok
21:55:43.0711 3192 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:55:43.0713 3192 TrkWks - ok
21:55:43.0746 3192 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys
21:55:43.0748 3192 truecrypt - ok
21:55:43.0805 3192 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:55:43.0806 3192 TrustedInstaller - ok
21:55:43.0829 3192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:43.0830 3192 tssecsrv - ok
21:55:43.0853 3192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:55:43.0854 3192 TsUsbFlt - ok
21:55:43.0857 3192 tsusbhub - ok
21:55:43.0888 3192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:43.0889 3192 tunnel - ok
21:55:43.0916 3192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:55:43.0917 3192 uagp35 - ok
21:55:43.0955 3192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:55:43.0957 3192 udfs - ok
21:55:43.0977 3192 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:55:43.0979 3192 UI0Detect - ok
21:55:43.0991 3192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:55:43.0992 3192 uliagpkx - ok
21:55:44.0017 3192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:55:44.0018 3192 umbus - ok
21:55:44.0030 3192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:55:44.0030 3192 UmPass - ok
21:55:44.0069 3192 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:55:44.0071 3192 UmRdpService - ok
21:55:44.0166 3192 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:55:44.0168 3192 UMVPFSrv - ok
21:55:44.0193 3192 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:55:44.0196 3192 upnphost - ok
21:55:44.0208 3192 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
21:55:44.0208 3192 USBAAPL64 - ok
21:55:44.0231 3192 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:55:44.0232 3192 usbaudio - ok
21:55:44.0251 3192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:44.0252 3192 usbccgp - ok
21:55:44.0277 3192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:55:44.0278 3192 usbcir - ok
21:55:44.0301 3192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:55:44.0301 3192 usbehci - ok
21:55:44.0325 3192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:44.0327 3192 usbhub - ok
21:55:44.0343 3192 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:55:44.0343 3192 usbohci - ok
21:55:44.0348 3192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:55:44.0348 3192 usbprint - ok
21:55:44.0367 3192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:55:44.0368 3192 USBSTOR - ok
21:55:44.0382 3192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:55:44.0382 3192 usbuhci - ok
21:55:44.0407 3192 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:55:44.0408 3192 UxSms - ok
21:55:44.0424 3192 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:55:44.0425 3192 VaultSvc - ok
21:55:44.0431 3192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:55:44.0431 3192 vdrvroot - ok
21:55:44.0478 3192 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:55:44.0481 3192 vds - ok
21:55:44.0496 3192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:44.0496 3192 vga - ok
21:55:44.0510 3192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:55:44.0511 3192 VgaSave - ok
21:55:44.0513 3192 VGPU - ok
21:55:44.0536 3192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:55:44.0537 3192 vhdmp - ok
21:55:44.0544 3192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:55:44.0544 3192 viaide - ok
21:55:44.0572 3192 VLAN (8b6b42d782202363a562f82b0e13b1c0) C:\Windows\system32\DRIVERS\RtVLAN60.sys
21:55:44.0572 3192 VLAN - ok
21:55:44.0590 3192 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:55:44.0591 3192 vmbus - ok
21:55:44.0603 3192 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:55:44.0603 3192 VMBusHID - ok
21:55:44.0612 3192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:55:44.0613 3192 volmgr - ok
21:55:44.0648 3192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:55:44.0650 3192 volmgrx - ok
21:55:44.0676 3192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:55:44.0677 3192 volsnap - ok
21:55:44.0692 3192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:55:44.0693 3192 vsmraid - ok
21:55:44.0772 3192 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:55:44.0780 3192 VSS - ok
21:55:44.0876 3192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:55:44.0876 3192 vwifibus - ok
21:55:44.0924 3192 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:55:44.0926 3192 W32Time - ok
21:55:44.0936 3192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:55:44.0936 3192 WacomPen - ok
21:55:44.0954 3192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:44.0955 3192 WANARP - ok
21:55:44.0957 3192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:44.0957 3192 Wanarpv6 - ok
21:55:45.0034 3192 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:55:45.0039 3192 WatAdminSvc - ok
21:55:45.0120 3192 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:55:45.0128 3192 wbengine - ok
21:55:45.0183 3192 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:55:45.0185 3192 WbioSrvc - ok
21:55:45.0223 3192 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:55:45.0226 3192 wcncsvc - ok
21:55:45.0235 3192 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:55:45.0237 3192 WcsPlugInService - ok
21:55:45.0257 3192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:55:45.0258 3192 Wd - ok
21:55:45.0297 3192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:55:45.0299 3192 Wdf01000 - ok
21:55:45.0312 3192 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:55:45.0314 3192 WdiServiceHost - ok
21:55:45.0315 3192 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:55:45.0317 3192 WdiSystemHost - ok
21:55:45.0351 3192 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:55:45.0353 3192 WebClient - ok
21:55:45.0374 3192 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:55:45.0377 3192 Wecsvc - ok
21:55:45.0389 3192 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:55:45.0391 3192 wercplsupport - ok
21:55:45.0405 3192 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:55:45.0407 3192 WerSvc - ok
21:55:45.0417 3192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:45.0418 3192 WfpLwf - ok
21:55:45.0432 3192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:55:45.0432 3192 WIMMount - ok
21:55:45.0477 3192 WinDefend - ok
21:55:45.0482 3192 WinHttpAutoProxySvc - ok
21:55:45.0537 3192 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:55:45.0538 3192 Winmgmt - ok
21:55:45.0660 3192 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:55:45.0669 3192 WinRM - ok
21:55:45.0754 3192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:45.0755 3192 WinUsb - ok
21:55:45.0824 3192 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:55:45.0830 3192 Wlansvc - ok
21:55:45.0852 3192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:55:45.0852 3192 WmiAcpi - ok
21:55:45.0877 3192 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:55:45.0879 3192 wmiApSrv - ok
21:55:45.0925 3192 WMPNetworkSvc - ok
21:55:45.0942 3192 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:55:45.0945 3192 WPCSvc - ok
21:55:45.0978 3192 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:55:45.0981 3192 WPDBusEnum - ok
21:55:46.0002 3192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:46.0002 3192 ws2ifsl - ok
21:55:46.0020 3192 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:55:46.0023 3192 wscsvc - ok
21:55:46.0026 3192 WSearch - ok
21:55:46.0153 3192 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:55:46.0164 3192 wuauserv - ok
21:55:46.0253 3192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:55:46.0254 3192 WudfPf - ok
21:55:46.0274 3192 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:55:46.0276 3192 wudfsvc - ok
21:55:46.0301 3192 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:55:46.0304 3192 WwanSvc - ok
21:55:46.0328 3192 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:55:46.0628 3192 \Device\Harddisk0\DR0 - ok
21:55:46.0630 3192 Boot (0x1200) (0bad36234d44da07ecd9352cabff905d) \Device\Harddisk0\DR0\Partition0
21:55:46.0635 3192 \Device\Harddisk0\DR0\Partition0 - ok
21:55:46.0647 3192 Boot (0x1200) (777b13c19d7df68449108280f2a13010) \Device\Harddisk0\DR0\Partition1
21:55:46.0648 3192 \Device\Harddisk0\DR0\Partition1 - ok
21:55:46.0662 3192 Boot (0x1200) (2bb9fa725471a7211fc6a271a3451b14) \Device\Harddisk0\DR0\Partition2
21:55:46.0663 3192 \Device\Harddisk0\DR0\Partition2 - ok
21:55:46.0691 3192 Boot (0x1200) (886e4e72fb1c452c861462f8cfa669af) \Device\Harddisk0\DR0\Partition3
21:55:46.0692 3192 \Device\Harddisk0\DR0\Partition3 - ok
21:55:46.0692 3192 ============================================================
21:55:46.0692 3192 Scan finished
21:55:46.0692 3192 ============================================================
21:55:46.0700 5008 Detected object count: 1
21:55:46.0700 5008 Actual detected object count: 1
21:55:54.0884 5008 c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll - copied to quarantine
21:55:54.0885 5008 Akamai ( HiddenFile.Multi.Generic ) - User select action: Quarantine
21:56:27.0397 3308 Deinitialize success
|
|
18.06.2012, 08:22
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach VirenfundCode:
ATTFilter c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll - copied to quarantine
 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.06.2012, 19:31
| #14 |
| | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Combofix Log: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-06-16.02 - FH 18.06.2012 19:29:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1033.18.8190.6494 [GMT 2:00]
ausgeführt von:: c:\users\FH\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\avisynth.dll
c:\windows\SysWow64\devil.dll
c:\windows\SysWow64\odbcad32.exe
c:\windows\SysWow64\xa2930853.exe
c:\windows\SysWow64\xa2931055.exe
c:\windows\SysWow64\xa4960223.exe
c:\windows\SysWow64\xa4960410.exe
.
Infizierte Kopie von c:\windows\ehome\McxTask.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!ehome!McxTask.exe wurde wiederhergestellt
.
Infizierte Kopie von c:\windows\ehome\CreateDisc\SBEServer.exe wurde gefunden und desinfiziert
Kopie von - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!ehome!CreateDisc!SBEServer.exe wurde wiederhergestellt
.
Infizierte Kopie von c:\windows\System32\dccw.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-icm-dccw_31bf3856ad364e35_6.1.7600.16385_none_76e39d87a834545e\dccw.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-18 bis 2012-06-18 ))))))))))))))))))))))))))))))
.
.
2012-06-18 17:38 . 2012-06-18 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-16 06:29 . 2012-06-16 06:29 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2012-06-16 06:23 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBB06A9C-B12D-4A2E-8DDC-1106B46F94E0}\mpengine.dll
2012-06-14 18:15 . 2012-06-14 18:15 -------- d-----w- C:\_OTL
2012-06-14 05:36 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:36 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:36 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-10 18:54 . 2012-06-10 18:54 -------- d-----w- c:\program files (x86)\ESET
2012-06-10 10:25 . 2012-06-14 22:08 -------- d-----w- c:\users\FH\AppData\Roaming\vlc
2012-06-10 08:40 . 2012-06-10 08:40 -------- d-----w- c:\users\FH\AppData\Local\Macromedia
2012-06-07 19:08 . 2012-06-07 19:08 -------- d-----w- c:\users\FH\Doctor Web
2012-06-06 19:55 . 2012-06-06 19:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-06 16:12 . 2012-06-06 16:12 -------- d-----w- c:\users\FH\AppData\Roaming\bluejeans
2012-06-04 18:52 . 2012-06-04 19:11 -------- d-----w- c:\users\FH\DoctorWeb
2012-06-04 17:27 . 2012-06-17 10:17 -------- d-----w- c:\program files (x86)\Sophos
2012-06-03 18:40 . 2012-06-03 18:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 18:40 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-27 16:22 . 2012-05-28 08:03 -------- d-----w- c:\users\FH.FH-PC
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 08:37 . 2012-04-03 07:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 08:37 . 2011-05-15 16:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 16:42 . 2012-04-03 14:42 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-18 13:05 . 2012-04-18 13:05 19304 ----a-w- c:\windows\system32\drivers\grmnusb.sys
2012-04-18 13:05 . 2012-04-18 13:05 30568 ----a-w- c:\windows\system32\drivers\grmngen.sys
2012-04-11 18:40 . 2012-04-11 18:40 61440 ----a-r- c:\users\FH\AppData\Roaming\Microsoft\Installer\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}\ARPPRODUCTICON.exe
2012-04-11 18:39 . 2003-03-18 18:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-03-30 11:35 . 2012-05-08 17:50 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Akamai NetSession Interface"="c:\users\FH\AppData\Local\Akamai\netsession_win.exe" [2012-05-07 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 hdgnlava;hdgnlava;c:\windows\system32\drivers\hdgnlava.sys [x]
R1 iktydhah;iktydhah;c:\windows\system32\drivers\iktydhah.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\2DB9.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R4 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\SysWOW64\nlssrv32.exe [2011-09-22 66560]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-01-10 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-01-10 399416]
S2 STRATO HiDrive Service;STRATO HiDrive Service;c:\program files (x86)\STRATO AG\STRATO HiDrive\STRATO HiDrive Service.exe [2011-07-05 32768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:37]
.
2012-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000Core.job
- c:\users\FH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:08]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3505417148-2086896735-3607467643-1000UA.job
- c:\users\FH\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-05 16:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\FH\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-04-10 186904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
FF - ProfilePath - c:\users\FH\AppData\Roaming\Mozilla\Firefox\Profiles\ax7ky0ja.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2DB9.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-18 19:59:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-18 17:59
.
Vor Suchlauf: 13 Verzeichnis(se), 66.555.785.216 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 65.881.513.984 Bytes frei
.
- - End Of File - - 0D5F2CB5FE0D341B9F48E17E815092B2
|
|
18.06.2012, 21:33
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Browser & Antivirenprogramme stürzen ständig ab nach Virenfund Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter File::
c:\windows\system32\drivers\hdgnlava.sys
c:\windows\system32\drivers\iktydhah.sys
Driver::
hdgnlava
iktydhah
Dirlook::
c:\windows\system32\%LOCALAPPDATA%
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Browser & Antivirenprogramme stürzen ständig ab nach Virenfund |
| 7-zip, adblock, adobe, akamai, alternate, antivirus, autorun, avira, bho, bonjour, browser, cdburnerxp, certificate, dateisystem, defender, document, excel, explorer, fehler, firefox, flash player, format, helper, heuristiks/extra, heuristiks/shuriken, hotspot, hotspot shield, install.exe, jdownloader, langs, microsoft office word, mozilla, mp3, neustart, openvpn, plug-in, problem, realtek, recuva, registry, required, scan, searchscopes, secunia psi, software, system, tracker, version=1.0 |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
