Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-4452.BG + Email gehackt? Was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.06.2012, 14:19   #1
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Guten Tag,

gestern habe ich bemerkt, dass eine Werbe-Email von meiner Emailadresse aus an alle meine Kontakte geschickt wurde und habe deshalb das Passwort geändert.

Das hat mich auch dazu veranlasst, einen Virenscan durchzuführen .

Hier das AV-Log:

Code:
ATTFilter
 

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  00:23

Es wird nach 3837524 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Ultimate
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : VuN
Computername   : VUN-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE     : 12.3.0.15     466896 Bytes  08.05.2012 19:41:56
AVSCAN.DLL     : 12.3.0.15      66256 Bytes  08.05.2012 19:41:56
LUKE.DLL       : 12.3.0.15      68304 Bytes  08.05.2012 19:41:56
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 19:41:56
AVREG.DLL      : 12.3.0.17     232200 Bytes  10.05.2012 19:41:45
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 18:21:14
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 18:21:22
VBASE005.VDF   : 7.11.29.136  2166272 Bytes  10.05.2012 19:41:41
VBASE006.VDF   : 7.11.29.137     2048 Bytes  10.05.2012 19:41:41
VBASE007.VDF   : 7.11.29.138     2048 Bytes  10.05.2012 19:41:41
VBASE008.VDF   : 7.11.29.139     2048 Bytes  10.05.2012 19:41:41
VBASE009.VDF   : 7.11.29.140     2048 Bytes  10.05.2012 19:41:41
VBASE010.VDF   : 7.11.29.141     2048 Bytes  10.05.2012 19:41:41
VBASE011.VDF   : 7.11.29.142     2048 Bytes  10.05.2012 19:41:41
VBASE012.VDF   : 7.11.29.143     2048 Bytes  10.05.2012 19:41:41
VBASE013.VDF   : 7.11.29.144     2048 Bytes  10.05.2012 19:41:41
VBASE014.VDF   : 7.11.30.3     198144 Bytes  14.05.2012 20:28:19
VBASE015.VDF   : 7.11.30.69    186368 Bytes  17.05.2012 20:28:23
VBASE016.VDF   : 7.11.30.143   223744 Bytes  21.05.2012 11:04:51
VBASE017.VDF   : 7.11.30.207   287744 Bytes  23.05.2012 16:11:46
VBASE018.VDF   : 7.11.31.57    188416 Bytes  28.05.2012 18:49:13
VBASE019.VDF   : 7.11.31.111   214528 Bytes  30.05.2012 18:49:08
VBASE020.VDF   : 7.11.31.151   116736 Bytes  31.05.2012 19:13:02
VBASE021.VDF   : 7.11.31.205   134144 Bytes  03.06.2012 19:11:14
VBASE022.VDF   : 7.11.32.9     169472 Bytes  05.06.2012 19:11:21
VBASE023.VDF   : 7.11.32.85    155648 Bytes  08.06.2012 19:11:32
VBASE024.VDF   : 7.11.32.133   127488 Bytes  11.06.2012 19:11:34
VBASE025.VDF   : 7.11.32.171   182784 Bytes  12.06.2012 20:53:33
VBASE026.VDF   : 7.11.32.251   119296 Bytes  14.06.2012 23:14:04
VBASE027.VDF   : 7.11.32.252     2048 Bytes  14.06.2012 23:14:04
VBASE028.VDF   : 7.11.32.253     2048 Bytes  14.06.2012 23:14:04
VBASE029.VDF   : 7.11.32.254     2048 Bytes  14.06.2012 23:14:04
VBASE030.VDF   : 7.11.32.255     2048 Bytes  14.06.2012 23:14:04
VBASE031.VDF   : 7.11.33.6       2048 Bytes  14.06.2012 23:14:04
Engineversion  : 8.2.10.92 
AEVDF.DLL      : 8.1.2.8       106867 Bytes  01.06.2012 19:11:12
AESCRIPT.DLL   : 8.1.4.26      450939 Bytes  14.06.2012 23:14:12
AESCN.DLL      : 8.1.8.2       131444 Bytes  22.04.2012 18:21:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 23:14:12
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL     : 8.2.16.18     807287 Bytes  14.06.2012 23:14:12
AEOFFICE.DLL   : 8.1.2.36      201082 Bytes  14.06.2012 23:14:11
AEHEUR.DLL     : 8.1.4.46     4923767 Bytes  14.06.2012 23:14:10
AEHELP.DLL     : 8.1.21.0      254326 Bytes  10.05.2012 19:41:42
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 23:14:05
AEEXP.DLL      : 8.1.0.52       82293 Bytes  14.06.2012 23:14:12
AEEMU.DLL      : 8.1.3.0       393589 Bytes  31.01.2012 06:55:34
AECORE.DLL     : 8.1.25.10     201080 Bytes  31.05.2012 19:13:06
AEBB.DLL       : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 19:41:55
AVPREF.DLL     : 12.3.0.15      51920 Bytes  08.05.2012 19:41:56
AVREP.DLL      : 12.3.0.15     179208 Bytes  08.05.2012 19:41:56
AVARKT.DLL     : 12.3.0.15     211408 Bytes  08.05.2012 19:41:55
AVEVTLOG.DLL   : 12.3.0.15     169168 Bytes  08.05.2012 19:41:56
SQLITE3.DLL    : 3.7.0.1       398288 Bytes  08.05.2012 19:41:56
AVSMTP.DLL     : 12.3.0.15      63440 Bytes  08.05.2012 19:41:56
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 19:41:56
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 19:41:55
RCTEXT.DLL     : 12.3.0.15      98512 Bytes  08.05.2012 19:41:55

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 16. Juni 2012  00:23

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSX.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wn111.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
  [WARNUNG]   Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '2622' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\androidsdk\platforms\android-10\images\system.img
  [WARNUNG]   Der Archivheader ist defekt
C:\androidsdk\platforms\android-12\images\system.img
  [WARNUNG]   Der Archivheader ist defekt
C:\Program Files\WinRAR\rarnew.dat
  [WARNUNG]   Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
  [WARNUNG]   Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
  [WARNUNG]   Unerwartetes Dateiende erreicht
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
  [0] Archivtyp: ZIP
  --> Java.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
C:\Users\VuN\Desktop\I9000XWJW5%20-%20DBT.zip
  [WARNUNG]   Die Datei ist kennwortgeschützt
C:\Users\VuN\Music\Imogen Heap\Imogen Heap - Speeding Cars.rar
  [WARNUNG]   Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 20.zip
  [WARNUNG]   Unerwartetes Ende beim Lesen eines Blocks
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 4.zip
  [WARNUNG]   Unerwartetes Ende beim Lesen eines Blocks


Beginne mit der Desinfektion:
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5572f467.qua' verschoben!


Ende des Suchlaufs: Samstag, 16. Juni 2012  11:49
Benötigte Zeit:  1:45:27 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  43990 Verzeichnisse wurden überprüft
 979006 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 979004 Dateien ohne Befall
   7892 Archive wurden durchsucht
     12 Warnungen
      2 Hinweise
 653490 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
         

Ein Malwarebytes Log nach dem AV-Scan:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Deaktiviert

16.06.2012 11:53:48
mbam-log-2012-06-16 (11-53-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476455
Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Und zuletzt OTL-Logs:

Code:
ATTFilter
 OTL logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
PRC - [2012.05.08 21:41:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll
MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012.06.15 01:46:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 17:33:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.14 13:09:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.08 18:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M]
 
[2010.12.02 20:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions
[2012.05.19 01:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\tzmkfnv0.default\extensions
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\askcom.xml
[2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\youtube.xml
[2012.03.18 01:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.04.13 13:41:29 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 13:46:23 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.19 01:07:39 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.05.03 17:33:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:36:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe
[2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012
[2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia
[2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.05.20 19:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Tuner
[2012.05.20 19:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuned
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.16 13:47:37 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 13:47:36 | 002,031,392 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.16 13:37:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe
[2012.06.16 13:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:19:16 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 14:19:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 14:19:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 14:19:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 14:19:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2012.05.20 20:25:54 | 000,364,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (12).wma
[2012.05.20 20:21:28 | 000,808,683 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (11).wma
[2012.05.20 20:08:58 | 000,534,793 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (10).wma
[2012.05.20 20:01:26 | 000,813,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (2).wma
[2012.05.20 19:10:38 | 000,001,120 | ---- | M] () -- C:\Users\VuN\ia_remove.sh
[2012.05.17 20:39:47 | 000,249,516 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 804.png
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2012.05.20 20:25:54 | 000,364,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (12).wma
[2012.05.20 20:21:28 | 000,808,683 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (11).wma
[2012.05.20 20:08:58 | 000,534,793 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (10).wma
[2012.05.20 20:01:25 | 000,813,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (2).wma
[2012.05.20 19:10:38 | 000,001,120 | ---- | C] () -- C:\Users\VuN\ia_remove.sh
[2012.05.17 20:39:31 | 000,249,516 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 804.png
[2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat
 
========== LOP Check ==========
 
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
[2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
 OTL Extras logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135816FA-C601-4C70-BAB7-8EE5D5768023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A0D5BA6-F8A4-4284-9404-84EFC137E966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1C4A3E53-9784-430C-81EC-6DF70C9C3063}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1D705481-46F3-4EA4-B4E5-AB69811296CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1FA7B0E7-19B0-4A13-B3F0-29F5B944E6C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{205D6A4D-DC75-4F8D-848A-CD4C2A3209E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{207FF0ED-E175-4332-921D-8EFE74D447A4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{29595982-E4C8-40AB-B858-700141011539}" = lport=137 | protocol=17 | dir=in | app=system | 
"{371E43A2-C5EE-4490-ACB7-963CDA3F4960}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher | 
"{3B468C96-820C-48D8-9380-5D335091FF8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3C7D34BE-8938-4A09-90CC-B06E358D42ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3FDC5E30-3F1D-4AB2-A140-1EC21662B686}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D13F98F-F948-4C82-A69E-30DCB39DE22B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{4E227041-096D-473C-82F5-A65EEF1B1FB2}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{4ECB70DA-5D22-4AAD-9434-73A00BCD7E74}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher | 
"{5A4B8C64-D93D-47C0-A496-25F6916347B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6250864A-0031-46C3-A326-02AFE2EC8C04}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6DD680B3-5FC2-490A-884E-F8705E8E2772}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{704418F3-5B7A-4BDA-AAD4-46773B8D953E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74D498E8-1AAF-4A2B-B5F9-B2B0B2C9D51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{97DA7D57-B648-435D-BCDD-2B6B30358901}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9B4026AF-308E-4FAC-9875-DF19E8835853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7619A2E-CA78-4A45-A25A-D95F2C6EE989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AEC8C7FF-4C8C-41CC-9A14-73238FC78333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AF7F80F6-92C8-455E-B2A3-91D796B0E77A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C5C25498-BB44-451F-91AA-BAC481905F7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA7327B0-875B-4CBD-9FDE-6E7D6C7ECEE8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D29756D9-52DB-4959-9423-479B65DF373B}" = lport=4495 | protocol=6 | dir=in | name=net monitor for employees configuration | 
"{D326070F-A57B-42E2-889B-6D07C6D3F988}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D88545B4-8F7B-470E-968F-2CA1C23E66AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D9EF043B-C8AC-4752-AACF-F3273340FBDB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F285AAD6-CD38-4D39-A80A-C35345CED91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FB732DA6-3AE9-4D37-B18F-8DD32F0FFED1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF219F88-1859-4324-933A-BABE0C0475B2}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A9C88-07D2-485E-BADC-AC7D3B780DD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06054B65-263C-4FC7-9E00-A9FE44252358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{09D877CB-4796-48D2-8B12-042E83729373}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe | 
"{119D9CF6-5168-4657-9197-E5CE4736800E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1A6BAAEA-603E-43A3-9AB6-D217A9F2305A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1C0081D3-126D-4DD0-913B-5E5E153C99DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{1CAB0875-6211-4AE4-AFF6-C4862D324B29}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe | 
"{232E82DA-F6AD-47DA-BBCA-7D2598EA9802}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{2F8F8712-0E08-4CE5-93CA-C8711221FEBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{31B9F738-7A0A-4CCF-AFE6-113674AFCD0D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31C8A650-D148-4622-AA85-DC1172DED484}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe | 
"{357791B5-D1BE-41B6-AC90-A16408FDF08F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3B8B6566-1DC1-4EC4-9AC5-2CCA955A4502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4018DE97-16DF-406C-A989-0B428F11E6B0}" = protocol=6 | dir=out | app=system | 
"{42EA7D0B-BE99-4E1D-BCB2-4978E5EACC8B}" = protocol=6 | dir=in | app=e:\games\rayman origins\rayman origins.exe | 
"{4CE70D5C-D945-4F99-905F-E2760ECF22B9}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe | 
"{575BEAD5-BC6B-4D69-950A-5B2A8A12DFEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6005C0E0-D3D2-4F15-94E0-FC03CFF5F6AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{664F7CAC-2943-41AE-ACA0-148807AB38E9}" = protocol=6 | dir=in | app=e:\games\rayman origins\gu.exe | 
"{6762DA49-7EFE-453D-B10F-A35349FF2AF2}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe | 
"{6D1FDBA3-328D-4B96-ADAB-112580D0E05D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{76288942-8814-451B-903A-3E58E0288B41}" = protocol=6 | dir=in | app=e:\program files (x86)\opera\opera.exe | 
"{78A85FCF-3317-43DB-91FB-A0DDF144A3E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E7997F9-0C4C-4D87-88BA-F205F7503625}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe | 
"{83138879-0C1C-4E62-8B75-73CA34185883}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{83D723DE-6A92-49E2-BF7B-E1849FEA83F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{8B82C53B-8BE0-43C7-A8A3-B52A08F0540F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9413AA04-31B6-47D0-B2C4-B7B823EA2220}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{969E7223-2346-4C47-BF00-E821AA727516}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{A4783BE5-B950-4A89-B82E-6F824C74C886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AB5A5199-A001-4C17-BF57-277F046EEC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B6658E43-FE77-4A58-BB88-6530A6286779}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B7D101E3-0D0A-427E-A345-449137F20E03}" = protocol=17 | dir=in | app=e:\games\rayman origins\rayman origins.exe | 
"{C05758F3-1D62-4182-AD10-E5741D8FD954}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5CE8B2B-E81B-40B6-8A1E-BEEC1BB12EBE}" = protocol=17 | dir=in | app=e:\program files (x86)\opera\opera.exe | 
"{C80A5E28-74DF-44AF-A116-62374AA840AC}" = protocol=17 | dir=in | app=e:\games\rayman origins\gu.exe | 
"{D833D58F-115A-4468-9B8F-BA7F437097F0}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe | 
"{E879E2E2-E3B9-40E2-8C4E-E3E936BDC185}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe | 
"{E8A1E8DE-8FCA-41FE-B739-15A7152E820F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EB85073C-6DAA-41B9-BDE4-B38EE93FC266}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EC31520F-2B8A-4855-AC3B-D27EC012A04B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{ECEE5E1C-2207-4678-97A1-28CC9A42537D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{050BC08D-77B8-4872-BA41-28A7CC169C43}E:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe | 
"TCP Query User{4A27BC9C-DF3C-4076-A13F-BA7026E6986C}G:\david\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe | 
"TCP Query User{5218527F-F8CB-4017-AE3A-C57F53B37654}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe | 
"TCP Query User{72447530-DE3A-4684-8702-4B84B6E213F6}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"TCP Query User{7D4055E3-6EC8-41E2-8D48-A27AED180DF4}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe | 
"TCP Query User{83E743ED-13D0-4C87-91A1-564018E9D3BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{907A20FF-E9F9-4659-A553-91D2EECE7B0C}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"TCP Query User{9A91632B-0368-4166-97EB-626E505F4D26}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe | 
"TCP Query User{AFC38F18-AAAE-4970-8821-A3812BDA61A8}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe | 
"TCP Query User{CA4B37F0-A0E5-483A-B7FF-18841FCDDD8D}E:\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\srcds.exe | 
"TCP Query User{D0254337-EC51-413B-8E59-159D8495EED7}E:\games\mw2\iw4mp.dat" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.dat | 
"TCP Query User{ECF77B2C-6383-4701-BC19-99FA4C381043}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"TCP Query User{F2F1015D-C694-4D7D-9616-B56BBF975E9B}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe | 
"UDP Query User{2070C189-46B0-4D92-9DBA-2D48AD082A86}E:\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\srcds.exe | 
"UDP Query User{2FF0BD35-42D3-4ACF-A4AE-0FDD654E01B5}E:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe | 
"UDP Query User{489C661E-7508-47FC-BD84-8428614ED624}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe | 
"UDP Query User{79C4ABEF-AE70-47AE-98B9-4338597755EE}G:\david\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe | 
"UDP Query User{84198B8B-4E0E-4ECA-BC61-75E9593E6176}E:\games\mw2\iw4mp.dat" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.dat | 
"UDP Query User{846138DD-7041-475B-ACC0-C648FB5F4E57}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe | 
"UDP Query User{99F01905-4920-4E80-865A-30541D000520}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe | 
"UDP Query User{ADE3C6C8-2BE8-41F2-9A63-999D202E221B}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe | 
"UDP Query User{CB9A66EF-9982-41BB-9701-B13F7AFC800A}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe | 
"UDP Query User{D4E2088F-8256-4F18-958B-FC77DE967975}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe | 
"UDP Query User{EAC08568-6CE1-4C6D-9890-4AB930FD773A}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe | 
"UDP Query User{ED37E1BF-CEED-4963-AF98-1968A2A80153}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{F7821A52-7EB5-4D48-8456-221F578304E4}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DF54E1D5-B4A3-4F94-B018-75529AB97682}" = O&O Defrag Professional
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"AMP WinOFF" = AMP WinOFF
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Dungeon Defenders_is1" = Dungeon Defenders
"EarMaster School 5_is1" = EarMaster School 5
"gedit_is1" = gedit 2.30.1
"Hamachi" = Hamachi 1.0.1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.4 (Standard)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 2.6.60 (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QcDrv" = Logitech® Camera-Treiber
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 570" = Dota 2
"Tuned!" = Tuned!
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.3.0b
"XnView_is1" = XnView 1.98.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2012 08:14:23 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.06.2012 08:21:59 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x105c  Startzeit der fehlerhaften Anwendung:
 0x01cd494c9399f081  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 5f5d2e38-b552-11e1-869a-002354c0ca07
 
Error - 13.06.2012 19:31:45 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x6da59903  ID des fehlerhaften Prozesses: 0x15b4  Startzeit der fehlerhaften Anwendung:
 0x01cd49aefd92598d  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 f005a920-b5af-11e1-9b35-002354c0ca07
 
Error - 14.06.2012 19:47:41 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: MSVCR80.dll,
 Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3  Ausnahmecode: 0xc000000d  Fehleroffset:
 0x00014ba1  ID des fehlerhaften Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung:
 0x01cd4a87f1a8eb66  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
 53c989bd-b67b-11e1-9d77-002354c0ca07
 
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12310
Description = 
 
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12298
Description = 
 
[ System Events ]
Error - 11.06.2012 14:40:17 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 12.06.2012 05:37:54 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 12.06.2012 16:49:22 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.06.2012 06:06:18 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.06.2012 17:41:52 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 13.06.2012 19:41:46 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.06.2012 08:05:38 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 14.06.2012 19:09:58 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 15.06.2012 16:44:12 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 16.06.2012 07:48:02 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >
         
Da der Virus nun in Quarantäne ist, muss ich noch was befüchten?

Vielen Dank im Voraus ,
boreal99 :-)

Alt 18.06.2012, 17:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 18.06.2012, 22:27   #3
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Ja, aber es wurde nie was gefunden bzw. sie sehen so aus wie das Logfile, das ich schon gepostet habe.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Aktiviert

30.03.2012 00:03:25
mbam-log-2012-03-30 (00-03-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208218
Laufzeit: 3 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Aktiviert

15.03.2012 22:34:54
mbam-log-2012-03-15 (22-34-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204218
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Mfg,
boreal99
__________________

Alt 18.06.2012, 22:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.06.2012, 09:11   #5
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ce384113997e843ad67f54a89e2a2ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:39:49
# local_time=2012-06-19 01:39:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 26990385 26990385 0 0
# compatibility_mode=1792 16777215 100 0 4935510 4935510 0 0
# compatibility_mode=5893 16776574 100 94 79100 91684172 0 0
# compatibility_mode=8192 67108863 100 0 882 882 0 0
# scanned=267671
# found=3
# cleaned=0
# scan_time=8468
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz	a variant of Android/Adware.Leadbolt.B application (unable to clean)	00000000000000000000000000000000	I
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz	Android/Plankton.H trojan (unable to clean)	00000000000000000000000000000000	I
         


Alt 19.06.2012, 09:48   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> EXP/CVE-2010-4452.BG + Email gehackt? Was tun?

Alt 19.06.2012, 21:50   #7
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.06.2012 21:36:27 - Run 2
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,72% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 62,69 Gb Free Space | 54,60% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 194,49 Gb Free Space | 58,58% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:41:56 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe
PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll
MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012.06.16 21:15:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 00:00:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M]
 
[2012.06.17 13:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions
[2012.06.17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\6etmbr70.default\extensions
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml
[2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\youtube.xml
[2012.06.17 13:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.04.13 13:41:30 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 13:46:24 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.19 01:07:40 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^VuN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk - C:\PROGRA~2\Warkeys\AUTOWA~1\AUTOHO~1\AUTOHO~1.EXE - ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 23:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.18 23:03:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe
[2012.06.17 13:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2012.06.16 17:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.06.16 17:47:07 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.06.16 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon
[2012.06.16 16:57:03 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\magicka
[2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012
[2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia
[2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 21:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 21:24:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.19 21:24:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.19 21:24:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.19 21:24:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.19 21:24:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.19 21:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 21:20:31 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 21:20:31 | 002,037,772 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.18 23:03:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe
[2012.06.17 13:05:56 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 13:00:55 | 004,294,464 | ---- | M] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv
[2012.06.17 12:59:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.06.16 17:49:49 | 000,000,691 | ---- | M] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk
[2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.06.16 17:43:22 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.16 14:18:08 | 000,048,483 | ---- | M] () -- C:\Users\VuN\Desktop\authrootstl.cab
[2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.17 13:05:56 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.17 13:05:56 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 13:00:53 | 004,294,464 | ---- | C] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv
[2012.06.17 12:59:37 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.06.16 17:49:49 | 000,000,691 | ---- | C] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk
[2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.16 14:18:07 | 000,048,483 | ---- | C] () -- C:\Users\VuN\Desktop\authrootstl.cab
[2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat
 
========== LOP Check ==========
 
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
[2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2011.05.07 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AccurateRip
[2011.01.16 02:10:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Adobe
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.01.16 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Apple Computer
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2012.04.22 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Avira
[2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2011.12.11 02:48:31 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DivX
[2011.01.13 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Download Manager
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.06.19 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\dvdcss
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2012.06.18 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi
[2012.04.09 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi Backup
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2010.12.02 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Identities
[2012.02.04 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\InstallShield Installation Information
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2010.12.02 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Macromedia
[2011.01.09 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Malwarebytes
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Center Programs
[2012.04.16 22:05:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Player Classic
[2011.09.20 12:33:28 | 000,000,000 | --SD | M] -- C:\Users\VuN\AppData\Roaming\Microsoft
[2012.06.17 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mozilla
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.29 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\NVIDIA
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2010.12.18 20:39:48 | 000,000,000 | RH-D | M] -- C:\Users\VuN\AppData\Roaming\SecuROM
[2012.06.19 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Skype
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.12.15 02:00:36 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\vlc
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2010.12.02 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WinRAR
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2011.08.11 13:58:57 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.11.15 15:20:01 | 000,010,134 | R--- | M] () -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---

Alt 19.06.2012, 21:55   #8
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



-Doppelpost-

Geändert von boreal99 (19.06.2012 um 22:16 Uhr)

Alt 20.06.2012, 11:54   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml
[2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe
[2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon
[2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js
:Files
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.06.2012, 20:30   #10
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Der OTL-Fix lief bis zu "resetting hosts file. do not interrupt......" und dann erschien eine Fehlermeldung : cannot create file C:\windows\system32\drivers\etc\hosts . Der Pc hat sich dann aufgehangen und ich musste neustarten.

Diese .txt Datei wurde erstellt :
Code:
ATTFilter
 Files\Folders moved on Reboot...
File move failed. C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...
         
Hab den OTL-Fix dann nach dem Neustart nochmal laufen lassen und dann ging es ohne Fehlermeldung. Hier die .txt datei :
Code:
ATTFilter
 All processes killed
========== OTL ==========
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q=" removed from keyword.URL
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "64.85.181.46" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "" removed from network.proxy.gopher
Prefs.js: 0 removed from network.proxy.gopher_port
Prefs.js: "64.85.181.46" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "64.85.181.46" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
File C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
File H:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
File G:\Setup.exe not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Users\VuN\AppData\Roaming\Babylon\ not found.
File C:\user.js not found.
========== FILES ==========
File\Folder C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File\Folder C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: VuN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38443 bytes
->FireFox cache emptied: 6342273 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: VuN
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06202012_202403

Files\Folders moved on Reboot...
File\Folder C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 21.06.2012, 11:13   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 20:39   #12
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Code:
ATTFilter
 20:36:07.0393 2104	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:36:07.0720 2104	============================================================
20:36:07.0720 2104	Current date / time: 2012/06/21 20:36:07.0720
20:36:07.0720 2104	SystemInfo:
20:36:07.0720 2104	
20:36:07.0720 2104	OS Version: 6.1.7601 ServicePack: 1.0
20:36:07.0720 2104	Product type: Workstation
20:36:07.0720 2104	ComputerName: VUN-PC
20:36:07.0720 2104	UserName: VuN
20:36:07.0720 2104	Windows directory: C:\Windows
20:36:07.0720 2104	System windows directory: C:\Windows
20:36:07.0720 2104	Running under WOW64
20:36:07.0720 2104	Processor architecture: Intel x64
20:36:07.0721 2104	Number of processors: 2
20:36:07.0721 2104	Page size: 0x1000
20:36:07.0721 2104	Boot type: Normal boot
20:36:07.0721 2104	============================================================
20:36:08.0625 2104	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:36:08.0629 2104	============================================================
20:36:08.0629 2104	\Device\Harddisk0\DR0:
20:36:08.0630 2104	MBR partitions:
20:36:08.0630 2104	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:36:08.0630 2104	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32808, BlocksNum 0x298106B8
20:36:08.0646 2104	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29843800, BlocksNum 0x259C800
20:36:08.0646 2104	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BDE0EC0, BlocksNum 0xE5A4140
20:36:08.0646 2104	============================================================
20:36:08.0665 2104	C: <-> \Device\Harddisk0\DR0\Partition3
20:36:08.0692 2104	D: <-> \Device\Harddisk0\DR0\Partition2
20:36:08.0731 2104	E: <-> \Device\Harddisk0\DR0\Partition1
20:36:08.0731 2104	============================================================
20:36:08.0731 2104	Initialize success
20:36:08.0731 2104	============================================================
20:36:33.0781 3704	============================================================
20:36:33.0781 3704	Scan started
20:36:33.0781 3704	Mode: Manual; SigCheck; TDLFS; 
20:36:33.0781 3704	============================================================
20:36:34.0261 3704	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:36:34.0388 3704	1394ohci - ok
20:36:34.0419 3704	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:36:34.0433 3704	ACPI - ok
20:36:34.0446 3704	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:36:34.0485 3704	AcpiPmi - ok
20:36:34.0592 3704	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:34.0601 3704	AdobeARMservice - ok
20:36:34.0697 3704	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:34.0708 3704	AdobeFlashPlayerUpdateSvc - ok
20:36:34.0754 3704	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:34.0783 3704	adp94xx - ok
20:36:34.0815 3704	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:36:34.0836 3704	adpahci - ok
20:36:34.0858 3704	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:36:34.0876 3704	adpu320 - ok
20:36:34.0910 3704	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:36:34.0987 3704	AeLookupSvc - ok
20:36:35.0040 3704	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:36:35.0062 3704	AFD - ok
20:36:35.0086 3704	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:36:35.0101 3704	agp440 - ok
20:36:35.0115 3704	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:36:35.0154 3704	ALG - ok
20:36:35.0181 3704	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:36:35.0195 3704	aliide - ok
20:36:35.0215 3704	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:36:35.0228 3704	amdide - ok
20:36:35.0259 3704	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:36:35.0287 3704	AmdK8 - ok
20:36:35.0304 3704	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:36:35.0321 3704	AmdPPM - ok
20:36:35.0353 3704	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:36:35.0369 3704	amdsata - ok
20:36:35.0389 3704	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:35.0408 3704	amdsbs - ok
20:36:35.0422 3704	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:36:35.0435 3704	amdxata - ok
20:36:35.0462 3704	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:36:35.0513 3704	androidusb - ok
20:36:35.0594 3704	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:36:35.0605 3704	AntiVirSchedulerService - ok
20:36:35.0674 3704	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:36:35.0684 3704	AntiVirService - ok
20:36:35.0735 3704	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:36:35.0860 3704	AppID - ok
20:36:35.0877 3704	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:36:35.0917 3704	AppIDSvc - ok
20:36:35.0936 3704	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:36:35.0971 3704	Appinfo - ok
20:36:36.0022 3704	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:36:36.0056 3704	AppMgmt - ok
20:36:36.0086 3704	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:36:36.0103 3704	arc - ok
20:36:36.0123 3704	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:36:36.0139 3704	arcsas - ok
20:36:36.0165 3704	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:36.0206 3704	AsyncMac - ok
20:36:36.0247 3704	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:36:36.0256 3704	atapi - ok
20:36:36.0302 3704	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:36:36.0323 3704	atksgt - ok
20:36:36.0375 3704	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0446 3704	AudioEndpointBuilder - ok
20:36:36.0456 3704	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0491 3704	AudioSrv - ok
20:36:36.0537 3704	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:36:36.0553 3704	avgntflt - ok
20:36:36.0573 3704	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:36:36.0592 3704	avipbb - ok
20:36:36.0605 3704	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:36:36.0619 3704	avkmgr - ok
20:36:36.0647 3704	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:36:36.0718 3704	AxInstSV - ok
20:36:36.0765 3704	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:36:36.0807 3704	b06bdrv - ok
20:36:36.0842 3704	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:36.0879 3704	b57nd60a - ok
20:36:36.0920 3704	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:36:36.0959 3704	BDESVC - ok
20:36:36.0970 3704	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:36:37.0009 3704	Beep - ok
20:36:37.0063 3704	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:36:37.0107 3704	BFE - ok
20:36:37.0155 3704	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:36:37.0199 3704	BITS - ok
20:36:37.0237 3704	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:37.0271 3704	blbdrive - ok
20:36:37.0303 3704	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:36:37.0340 3704	bowser - ok
20:36:37.0362 3704	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:37.0413 3704	BrFiltLo - ok
20:36:37.0437 3704	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:37.0454 3704	BrFiltUp - ok
20:36:37.0484 3704	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:36:37.0522 3704	Browser - ok
20:36:37.0551 3704	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:36:37.0590 3704	Brserid - ok
20:36:37.0608 3704	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:37.0637 3704	BrSerWdm - ok
20:36:37.0660 3704	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:37.0682 3704	BrUsbMdm - ok
20:36:37.0699 3704	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:37.0714 3704	BrUsbSer - ok
20:36:37.0733 3704	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:37.0765 3704	BTHMODEM - ok
20:36:37.0807 3704	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:36:37.0856 3704	bthserv - ok
20:36:37.0909 3704	CamDrL64        (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:36:37.0938 3704	CamDrL64 - ok
20:36:37.0955 3704	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:37.0998 3704	cdfs - ok
20:36:38.0058 3704	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:36:38.0085 3704	cdrom - ok
20:36:38.0114 3704	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:38.0155 3704	CertPropSvc - ok
20:36:38.0179 3704	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:36:38.0200 3704	circlass - ok
20:36:38.0236 3704	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:36:38.0252 3704	CLFS - ok
20:36:38.0304 3704	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:38.0319 3704	clr_optimization_v2.0.50727_32 - ok
20:36:38.0348 3704	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:38.0364 3704	clr_optimization_v2.0.50727_64 - ok
20:36:38.0413 3704	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:38.0422 3704	clr_optimization_v4.0.30319_32 - ok
20:36:38.0450 3704	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:38.0460 3704	clr_optimization_v4.0.30319_64 - ok
20:36:38.0567 3704	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:38.0599 3704	CmBatt - ok
20:36:38.0654 3704	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:36:38.0668 3704	cmdide - ok
20:36:38.0704 3704	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:36:38.0736 3704	CNG - ok
20:36:38.0756 3704	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:38.0770 3704	Compbatt - ok
20:36:38.0807 3704	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:36:38.0837 3704	CompositeBus - ok
20:36:38.0847 3704	COMSysApp - ok
20:36:38.0862 3704	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:38.0876 3704	crcdisk - ok
20:36:38.0903 3704	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:36:38.0929 3704	CryptSvc - ok
20:36:38.0961 3704	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:36:39.0016 3704	CSC - ok
20:36:39.0043 3704	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:36:39.0069 3704	CscService - ok
20:36:39.0098 3704	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:39.0140 3704	DcomLaunch - ok
20:36:39.0185 3704	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:36:39.0229 3704	defragsvc - ok
20:36:39.0285 3704	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:36:39.0337 3704	DfsC - ok
20:36:39.0376 3704	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:36:39.0420 3704	Dhcp - ok
20:36:39.0444 3704	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:36:39.0487 3704	discache - ok
20:36:39.0512 3704	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:36:39.0530 3704	Disk - ok
20:36:39.0551 3704	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:36:39.0585 3704	Dnscache - ok
20:36:39.0623 3704	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:36:39.0675 3704	dot3svc - ok
20:36:39.0698 3704	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:36:39.0740 3704	DPS - ok
20:36:39.0775 3704	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:36:39.0799 3704	drmkaud - ok
20:36:39.0836 3704	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:36:39.0848 3704	dtsoftbus01 - ok
20:36:39.0887 3704	dwmrcs - ok
20:36:39.0944 3704	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:39.0972 3704	DXGKrnl - ok
20:36:39.0998 3704	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:36:40.0040 3704	EapHost - ok
20:36:40.0146 3704	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:36:40.0274 3704	ebdrv - ok
20:36:40.0344 3704	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:36:40.0366 3704	EFS - ok
20:36:40.0424 3704	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:36:40.0479 3704	ehRecvr - ok
20:36:40.0503 3704	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:36:40.0537 3704	ehSched - ok
20:36:40.0596 3704	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:36:40.0621 3704	elxstor - ok
20:36:40.0648 3704	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:36:40.0672 3704	ErrDev - ok
20:36:40.0866 3704	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:36:40.0908 3704	EventSystem - ok
20:36:40.0931 3704	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:36:40.0981 3704	exfat - ok
20:36:41.0000 3704	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:36:41.0048 3704	fastfat - ok
20:36:41.0100 3704	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:36:41.0130 3704	Fax - ok
20:36:41.0142 3704	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:36:41.0161 3704	fdc - ok
20:36:41.0182 3704	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:36:41.0231 3704	fdPHost - ok
20:36:41.0250 3704	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:36:41.0304 3704	FDResPub - ok
20:36:41.0332 3704	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:36:41.0348 3704	FileInfo - ok
20:36:41.0369 3704	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:36:41.0412 3704	Filetrace - ok
20:36:41.0438 3704	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:41.0460 3704	flpydisk - ok
20:36:41.0493 3704	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:36:41.0517 3704	FltMgr - ok
20:36:41.0579 3704	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:36:41.0618 3704	FontCache - ok
20:36:41.0663 3704	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:41.0677 3704	FontCache3.0.0.0 - ok
20:36:41.0714 3704	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:36:41.0730 3704	FsDepends - ok
20:36:41.0758 3704	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:41.0772 3704	Fs_Rec - ok
20:36:41.0804 3704	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:36:41.0819 3704	fvevol - ok
20:36:41.0842 3704	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:41.0858 3704	gagp30kx - ok
20:36:41.0897 3704	GGSAFERDriver - ok
20:36:41.0931 3704	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:36:41.0996 3704	gpsvc - ok
20:36:42.0015 3704	hamachi         (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:36:42.0028 3704	hamachi - ok
20:36:42.0048 3704	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:36:42.0080 3704	hcw85cir - ok
20:36:42.0122 3704	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:36:42.0160 3704	HdAudAddService - ok
20:36:42.0175 3704	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:36:42.0201 3704	HDAudBus - ok
20:36:42.0219 3704	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:42.0245 3704	HidBatt - ok
20:36:42.0262 3704	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:36:42.0299 3704	HidBth - ok
20:36:42.0313 3704	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:36:42.0339 3704	HidIr - ok
20:36:42.0361 3704	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:36:42.0422 3704	hidserv - ok
20:36:42.0453 3704	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:42.0470 3704	HidUsb - ok
20:36:42.0492 3704	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:36:42.0534 3704	hkmsvc - ok
20:36:42.0575 3704	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:36:42.0612 3704	HomeGroupListener - ok
20:36:42.0638 3704	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:36:42.0661 3704	HomeGroupProvider - ok
20:36:42.0687 3704	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:36:42.0702 3704	HpSAMD - ok
20:36:42.0764 3704	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:36:42.0813 3704	HTTP - ok
20:36:42.0831 3704	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:36:42.0841 3704	hwpolicy - ok
20:36:42.0877 3704	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:36:42.0895 3704	i8042prt - ok
20:36:42.0926 3704	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:36:42.0950 3704	iaStorV - ok
20:36:43.0018 3704	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:43.0064 3704	idsvc - ok
20:36:43.0089 3704	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:36:43.0103 3704	iirsp - ok
20:36:43.0147 3704	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:36:43.0202 3704	IKEEXT - ok
20:36:43.0225 3704	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:36:43.0238 3704	intelide - ok
20:36:43.0262 3704	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:43.0279 3704	intelppm - ok
20:36:43.0300 3704	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:36:43.0337 3704	IPBusEnum - ok
20:36:43.0363 3704	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:43.0400 3704	IpFilterDriver - ok
20:36:43.0440 3704	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:36:43.0478 3704	iphlpsvc - ok
20:36:43.0502 3704	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:36:43.0526 3704	IPMIDRV - ok
20:36:43.0546 3704	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:36:43.0591 3704	IPNAT - ok
20:36:43.0611 3704	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:36:43.0655 3704	IRENUM - ok
20:36:43.0677 3704	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:36:43.0692 3704	isapnp - ok
20:36:43.0718 3704	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:36:43.0740 3704	iScsiPrt - ok
20:36:43.0767 3704	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:36:43.0784 3704	kbdclass - ok
20:36:43.0808 3704	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:36:43.0829 3704	kbdhid - ok
20:36:43.0848 3704	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:43.0860 3704	KeyIso - ok
20:36:43.0878 3704	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:36:43.0895 3704	KSecDD - ok
20:36:43.0926 3704	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:36:43.0944 3704	KSecPkg - ok
20:36:43.0964 3704	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:36:44.0008 3704	ksthunk - ok
20:36:44.0045 3704	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:36:44.0106 3704	KtmRm - ok
20:36:44.0151 3704	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:36:44.0192 3704	LanmanServer - ok
20:36:44.0223 3704	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:36:44.0259 3704	LanmanWorkstation - ok
20:36:44.0307 3704	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:36:44.0321 3704	lirsgt - ok
20:36:44.0347 3704	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:44.0385 3704	lltdio - ok
20:36:44.0415 3704	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:36:44.0462 3704	lltdsvc - ok
20:36:44.0471 3704	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:36:44.0506 3704	lmhosts - ok
20:36:44.0542 3704	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:44.0558 3704	LSI_FC - ok
20:36:44.0575 3704	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:44.0593 3704	LSI_SAS - ok
20:36:44.0607 3704	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:44.0624 3704	LSI_SAS2 - ok
20:36:44.0649 3704	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:44.0666 3704	LSI_SCSI - ok
20:36:44.0692 3704	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:36:44.0723 3704	luafv - ok
20:36:44.0782 3704	LVcKap64        (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:36:44.0820 3704	LVcKap64 - ok
20:36:44.0893 3704	LVMVDrv         (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:36:44.0940 3704	LVMVDrv - ok
20:36:44.0994 3704	LVPr2Mon        (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:36:45.0015 3704	LVPr2Mon - ok
20:36:45.0053 3704	LVPrcS64        (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:36:45.0064 3704	LVPrcS64 - ok
20:36:45.0094 3704	LVSrvLauncher   (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:36:45.0113 3704	LVSrvLauncher - ok
20:36:45.0135 3704	LVUSBS64        (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:36:45.0148 3704	LVUSBS64 - ok
20:36:45.0176 3704	ManyCam         (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:36:45.0208 3704	ManyCam - ok
20:36:45.0257 3704	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:36:45.0274 3704	MBAMProtector - ok
20:36:45.0368 3704	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:36:45.0385 3704	MBAMService - ok
20:36:45.0417 3704	mcdevice        (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:36:45.0440 3704	mcdevice - ok
20:36:45.0466 3704	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:36:45.0495 3704	Mcx2Svc - ok
20:36:45.0544 3704	MDM             (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:36:45.0559 3704	MDM ( UnsignedFile.Multi.Generic ) - warning
20:36:45.0559 3704	MDM - detected UnsignedFile.Multi.Generic (1)
20:36:45.0584 3704	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:36:45.0599 3704	megasas - ok
20:36:45.0626 3704	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:45.0648 3704	MegaSR - ok
20:36:45.0670 3704	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:36:45.0713 3704	MMCSS - ok
20:36:45.0730 3704	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:36:45.0773 3704	Modem - ok
20:36:45.0802 3704	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:36:45.0826 3704	monitor - ok
20:36:45.0879 3704	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:36:45.0894 3704	mouclass - ok
20:36:45.0908 3704	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:45.0922 3704	mouhid - ok
20:36:45.0950 3704	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:36:45.0966 3704	mountmgr - ok
20:36:46.0035 3704	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:46.0058 3704	MozillaMaintenance - ok
20:36:46.0082 3704	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:36:46.0109 3704	mpio - ok
20:36:46.0134 3704	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:36:46.0172 3704	mpsdrv - ok
20:36:46.0217 3704	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:36:46.0269 3704	MpsSvc - ok
20:36:46.0310 3704	MRV6X64U        (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:36:46.0342 3704	MRV6X64U - ok
20:36:46.0351 3704	Mrvleap - ok
20:36:46.0378 3704	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:36:46.0414 3704	MRxDAV - ok
20:36:46.0444 3704	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:46.0467 3704	mrxsmb - ok
20:36:46.0499 3704	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:46.0526 3704	mrxsmb10 - ok
20:36:46.0546 3704	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:46.0563 3704	mrxsmb20 - ok
20:36:46.0592 3704	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:36:46.0606 3704	msahci - ok
20:36:46.0634 3704	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:36:46.0655 3704	msdsm - ok
20:36:46.0684 3704	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:36:46.0707 3704	MSDTC - ok
20:36:46.0737 3704	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:36:46.0770 3704	Msfs - ok
20:36:46.0784 3704	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:36:46.0836 3704	mshidkmdf - ok
20:36:46.0850 3704	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:36:46.0884 3704	msisadrv - ok
20:36:46.0919 3704	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:36:46.0961 3704	MSiSCSI - ok
20:36:46.0970 3704	msiserver - ok
20:36:47.0000 3704	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:47.0036 3704	MSKSSRV - ok
20:36:47.0064 3704	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:47.0107 3704	MSPCLOCK - ok
20:36:47.0123 3704	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:36:47.0167 3704	MSPQM - ok
20:36:47.0199 3704	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:36:47.0221 3704	MsRPC - ok
20:36:47.0249 3704	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:36:47.0259 3704	mssmbios - ok
20:36:47.0280 3704	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:36:47.0322 3704	MSTEE - ok
20:36:47.0335 3704	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:47.0348 3704	MTConfig - ok
20:36:47.0386 3704	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:36:47.0404 3704	MTsensor - ok
20:36:47.0423 3704	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:36:47.0439 3704	Mup - ok
20:36:47.0475 3704	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:36:47.0516 3704	napagent - ok
20:36:47.0541 3704	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:47.0577 3704	NativeWifiP - ok
20:36:47.0623 3704	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:36:47.0647 3704	NDIS - ok
20:36:47.0666 3704	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:47.0701 3704	NdisCap - ok
20:36:47.0729 3704	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:47.0771 3704	NdisTapi - ok
20:36:47.0813 3704	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:47.0852 3704	Ndisuio - ok
20:36:47.0883 3704	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:47.0952 3704	NdisWan - ok
20:36:47.0962 3704	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:36:48.0005 3704	NDProxy - ok
20:36:48.0037 3704	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:36:48.0085 3704	NetBIOS - ok
20:36:48.0106 3704	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:36:48.0145 3704	NetBT - ok
20:36:48.0168 3704	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:48.0179 3704	Netlogon - ok
20:36:48.0224 3704	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:36:48.0260 3704	Netman - ok
20:36:48.0285 3704	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:36:48.0362 3704	netprofm - ok
20:36:48.0422 3704	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:48.0441 3704	NetTcpPortSharing - ok
20:36:48.0481 3704	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:48.0500 3704	nfrd960 - ok
20:36:48.0533 3704	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:36:48.0576 3704	NlaSvc - ok
20:36:48.0596 3704	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:36:48.0637 3704	Npfs - ok
20:36:48.0669 3704	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:36:48.0706 3704	nsi - ok
20:36:48.0723 3704	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:36:48.0766 3704	nsiproxy - ok
20:36:48.0863 3704	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:36:48.0923 3704	Ntfs - ok
20:36:48.0982 3704	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:36:49.0026 3704	Null - ok
20:36:49.0410 3704	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:49.0616 3704	nvlddmkm - ok
20:36:49.0687 3704	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:36:49.0728 3704	nvraid - ok
20:36:49.0816 3704	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:36:49.0835 3704	nvstor - ok
20:36:49.0906 3704	NVSvc           (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:36:49.0935 3704	NVSvc - ok
20:36:50.0065 3704	nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:36:50.0104 3704	nvUpdatusService - ok
20:36:50.0184 3704	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:36:50.0201 3704	nv_agp - ok
20:36:50.0229 3704	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:36:50.0259 3704	ohci1394 - ok
20:36:50.0382 3704	OODefragAgent   (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:36:50.0430 3704	OODefragAgent - ok
20:36:50.0506 3704	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:50.0529 3704	p2pimsvc - ok
20:36:50.0569 3704	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:36:50.0592 3704	p2psvc - ok
20:36:50.0634 3704	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:36:50.0655 3704	Parport - ok
20:36:50.0679 3704	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:36:50.0697 3704	partmgr - ok
20:36:50.0714 3704	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:36:50.0756 3704	PcaSvc - ok
20:36:50.0784 3704	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:36:50.0810 3704	pci - ok
20:36:50.0822 3704	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:36:50.0838 3704	pciide - ok
20:36:50.0864 3704	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:50.0887 3704	pcmcia - ok
20:36:50.0928 3704	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:36:50.0945 3704	pcw - ok
20:36:51.0046 3704	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:36:51.0115 3704	PEAUTH - ok
20:36:51.0298 3704	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:36:51.0361 3704	PeerDistSvc - ok
20:36:51.0411 3704	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:36:51.0432 3704	PerfHost - ok
20:36:51.0531 3704	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:36:51.0609 3704	pla - ok
20:36:51.0641 3704	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:36:51.0671 3704	PlugPlay - ok
20:36:51.0702 3704	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:36:51.0756 3704	PNRPAutoReg - ok
20:36:51.0967 3704	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:51.0986 3704	PNRPsvc - ok
20:36:52.0020 3704	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:36:52.0067 3704	PolicyAgent - ok
20:36:52.0093 3704	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:36:52.0140 3704	Power - ok
20:36:52.0213 3704	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:52.0288 3704	PptpMiniport - ok
20:36:52.0319 3704	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:36:52.0343 3704	Processor - ok
20:36:52.0380 3704	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:36:52.0410 3704	ProfSvc - ok
20:36:52.0430 3704	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:52.0441 3704	ProtectedStorage - ok
20:36:52.0476 3704	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:36:52.0518 3704	Psched - ok
20:36:52.0607 3704	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:36:52.0694 3704	ql2300 - ok
20:36:52.0768 3704	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:36:52.0791 3704	ql40xx - ok
20:36:52.0829 3704	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:36:53.0014 3704	QWAVE - ok
20:36:53.0095 3704	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:36:53.0221 3704	QWAVEdrv - ok
20:36:53.0241 3704	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:53.0280 3704	RasAcd - ok
20:36:53.0313 3704	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:53.0352 3704	RasAgileVpn - ok
20:36:53.0368 3704	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:36:53.0513 3704	RasAuto - ok
20:36:53.0558 3704	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:53.0605 3704	Rasl2tp - ok
20:36:53.0636 3704	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:36:53.0699 3704	RasMan - ok
20:36:53.0765 3704	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:53.0944 3704	RasPppoe - ok
20:36:53.0981 3704	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:54.0097 3704	RasSstp - ok
20:36:54.0126 3704	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:54.0168 3704	rdbss - ok
20:36:54.0181 3704	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:36:54.0200 3704	rdpbus - ok
20:36:54.0211 3704	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:54.0246 3704	RDPCDD - ok
20:36:54.0292 3704	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:36:54.0319 3704	RDPDR - ok
20:36:54.0332 3704	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:36:54.0368 3704	RDPENCDD - ok
20:36:54.0381 3704	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:36:54.0414 3704	RDPREFMP - ok
20:36:54.0464 3704	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:36:54.0512 3704	RdpVideoMiniport - ok
20:36:54.0567 3704	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:36:54.0683 3704	RDPWD - ok
20:36:54.0715 3704	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:36:54.0764 3704	rdyboost - ok
20:36:54.0786 3704	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:36:54.0840 3704	RemoteAccess - ok
20:36:54.0870 3704	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:36:54.0920 3704	RemoteRegistry - ok
20:36:54.0938 3704	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:36:54.0976 3704	RpcEptMapper - ok
20:36:54.0994 3704	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:36:55.0015 3704	RpcLocator - ok
20:36:55.0111 3704	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:55.0160 3704	RpcSs - ok
20:36:55.0186 3704	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:55.0233 3704	rspndr - ok
20:36:55.0275 3704	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:36:55.0297 3704	RTL8167 - ok
20:36:55.0317 3704	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:36:55.0338 3704	s3cap - ok
20:36:55.0360 3704	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:55.0371 3704	SamSs - ok
20:36:55.0392 3704	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:36:55.0411 3704	sbp2port - ok
20:36:55.0439 3704	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:36:55.0490 3704	SCardSvr - ok
20:36:55.0512 3704	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:36:55.0552 3704	scfilter - ok
20:36:55.0614 3704	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:36:55.0667 3704	Schedule - ok
20:36:55.0687 3704	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:55.0723 3704	SCPolicySvc - ok
20:36:55.0751 3704	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:36:56.0090 3704	SDRSVC - ok
20:36:56.0137 3704	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:36:56.0176 3704	secdrv - ok
20:36:56.0203 3704	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:36:56.0243 3704	seclogon - ok
20:36:56.0272 3704	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:36:56.0327 3704	SENS - ok
20:36:56.0341 3704	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:36:56.0377 3704	SensrSvc - ok
20:36:56.0403 3704	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:36:56.0419 3704	Serenum - ok
20:36:56.0438 3704	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:36:56.0467 3704	Serial - ok
20:36:56.0490 3704	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:36:56.0512 3704	sermouse - ok
20:36:56.0550 3704	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:36:56.0603 3704	SessionEnv - ok
20:36:56.0626 3704	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:36:56.0652 3704	sffdisk - ok
20:36:56.0673 3704	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:56.0701 3704	sffp_mmc - ok
20:36:56.0711 3704	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:36:56.0741 3704	sffp_sd - ok
20:36:56.0776 3704	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:36:56.0794 3704	sfloppy - ok
20:36:56.0836 3704	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:36:56.0893 3704	SharedAccess - ok
20:36:56.0925 3704	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:36:56.0975 3704	ShellHWDetection - ok
20:36:57.0049 3704	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:36:57.0067 3704	SiSRaid2 - ok
20:36:57.0087 3704	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:36:57.0102 3704	SiSRaid4 - ok
20:36:57.0223 3704	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:57.0236 3704	SkypeUpdate - ok
20:36:57.0266 3704	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:36:57.0323 3704	Smb - ok
20:36:57.0395 3704	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:36:57.0530 3704	SNMPTRAP - ok
20:36:57.0561 3704	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:36:57.0589 3704	spldr - ok
20:36:57.0633 3704	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:36:57.0702 3704	Spooler - ok
20:36:57.0869 3704	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:36:58.0033 3704	sppsvc - ok
20:36:58.0126 3704	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:36:58.0260 3704	sppuinotify - ok
20:36:58.0334 3704	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:36:58.0381 3704	sptd - ok
20:36:58.0422 3704	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:36:58.0535 3704	srv - ok
20:36:58.0564 3704	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:36:58.0608 3704	srv2 - ok
20:36:58.0626 3704	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:58.0654 3704	srvnet - ok
20:36:58.0698 3704	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:36:58.0725 3704	ssadbus - ok
20:36:58.0736 3704	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:36:58.0767 3704	ssadmdfl - ok
20:36:58.0787 3704	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:36:59.0124 3704	ssadmdm - ok
20:36:59.0164 3704	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:36:59.0184 3704	sscdbus - ok
20:36:59.0198 3704	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:36:59.0212 3704	sscdmdfl - ok
20:36:59.0258 3704	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:36:59.0323 3704	sscdmdm - ok
20:36:59.0555 3704	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:36:59.0602 3704	SSDPSRV - ok
20:36:59.0627 3704	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:36:59.0677 3704	SstpSvc - ok
20:36:59.0784 3704	Steam Client Service - ok
20:36:59.0956 3704	Stereo Service  (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:36:59.0991 3704	Stereo Service - ok
20:37:00.0013 3704	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:00.0027 3704	stexstor - ok
20:37:00.0085 3704	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:00.0146 3704	stisvc - ok
20:37:00.0176 3704	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:00.0202 3704	storflt - ok
20:37:00.0221 3704	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:00.0238 3704	storvsc - ok
20:37:00.0256 3704	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:00.0269 3704	swenum - ok
20:37:00.0373 3704	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:00.0422 3704	swprv - ok
20:37:00.0446 3704	Synth3dVsc - ok
20:37:00.0550 3704	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:00.0598 3704	SysMain - ok
20:37:00.0689 3704	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:00.0718 3704	TabletInputService - ok
20:37:00.0741 3704	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:00.0793 3704	TapiSrv - ok
20:37:00.0836 3704	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:00.0924 3704	TBS - ok
20:37:01.0034 3704	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:01.0127 3704	Tcpip - ok
20:37:01.0450 3704	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:01.0486 3704	TCPIP6 - ok
20:37:01.0547 3704	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:01.0588 3704	tcpipreg - ok
20:37:01.0608 3704	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:01.0629 3704	TDPIPE - ok
20:37:01.0660 3704	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:01.0723 3704	TDTCP - ok
20:37:01.0749 3704	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:01.0790 3704	tdx - ok
20:37:01.0824 3704	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:01.0839 3704	TermDD - ok
20:37:01.0876 3704	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:01.0925 3704	TermService - ok
20:37:01.0947 3704	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:01.0972 3704	Themes - ok
20:37:01.0994 3704	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:02.0027 3704	THREADORDER - ok
20:37:02.0045 3704	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:02.0097 3704	TrkWks - ok
20:37:02.0149 3704	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:02.0188 3704	TrustedInstaller - ok
20:37:02.0218 3704	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:02.0254 3704	tssecsrv - ok
20:37:02.0291 3704	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:02.0320 3704	TsUsbFlt - ok
20:37:02.0330 3704	tsusbhub - ok
20:37:02.0364 3704	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:02.0407 3704	tunnel - ok
20:37:02.0428 3704	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:02.0444 3704	uagp35 - ok
20:37:02.0477 3704	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:02.0534 3704	udfs - ok
20:37:02.0564 3704	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:02.0595 3704	UI0Detect - ok
20:37:02.0622 3704	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:02.0639 3704	uliagpkx - ok
20:37:02.0671 3704	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:02.0688 3704	umbus - ok
20:37:02.0709 3704	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:02.0726 3704	UmPass - ok
20:37:02.0757 3704	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:02.0783 3704	UmRdpService - ok
20:37:02.0819 3704	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:02.0867 3704	upnphost - ok
20:37:02.0902 3704	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:02.0941 3704	usbaudio - ok
20:37:02.0967 3704	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:03.0005 3704	usbccgp - ok
20:37:03.0028 3704	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:03.0051 3704	usbcir - ok
20:37:03.0068 3704	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:03.0087 3704	usbehci - ok
20:37:03.0119 3704	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:03.0153 3704	usbhub - ok
20:37:03.0171 3704	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:03.0200 3704	usbohci - ok
20:37:03.0233 3704	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:03.0266 3704	usbprint - ok
20:37:03.0316 3704	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:03.0346 3704	usbscan - ok
20:37:03.0385 3704	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:03.0434 3704	USBSTOR - ok
20:37:03.0462 3704	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:03.0491 3704	usbuhci - ok
20:37:03.0522 3704	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:03.0573 3704	UxSms - ok
20:37:03.0594 3704	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:03.0604 3704	VaultSvc - ok
20:37:03.0626 3704	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:03.0656 3704	VClone - ok
20:37:03.0687 3704	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:03.0700 3704	vdrvroot - ok
20:37:03.0738 3704	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:03.0788 3704	vds - ok
20:37:03.0816 3704	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:03.0838 3704	vga - ok
20:37:03.0850 3704	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:03.0887 3704	VgaSave - ok
20:37:03.0901 3704	VGPU - ok
20:37:03.0937 3704	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:03.0960 3704	vhdmp - ok
20:37:04.0039 3704	VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:04.0116 3704	VIAHdAudAddService - ok
20:37:04.0143 3704	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:04.0160 3704	viaide - ok
20:37:04.0182 3704	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:04.0203 3704	vmbus - ok
20:37:04.0225 3704	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:04.0245 3704	VMBusHID - ok
20:37:04.0267 3704	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:04.0283 3704	volmgr - ok
20:37:04.0328 3704	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:04.0343 3704	volmgrx - ok
20:37:04.0500 3704	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:04.0524 3704	volsnap - ok
20:37:04.0568 3704	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:04.0588 3704	vsmraid - ok
20:37:04.0649 3704	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:04.0721 3704	VSS - ok
20:37:04.0783 3704	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:04.0811 3704	vwifibus - ok
20:37:04.0848 3704	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:04.0888 3704	W32Time - ok
20:37:04.0915 3704	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:04.0937 3704	WacomPen - ok
20:37:04.0980 3704	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0021 3704	WANARP - ok
20:37:05.0029 3704	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0060 3704	Wanarpv6 - ok
20:37:05.0121 3704	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:05.0181 3704	wbengine - ok
20:37:05.0258 3704	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:05.0292 3704	WbioSrvc - ok
20:37:05.0323 3704	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:05.0351 3704	wcncsvc - ok
20:37:05.0369 3704	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:05.0390 3704	WcsPlugInService - ok
20:37:05.0437 3704	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:05.0451 3704	Wd - ok
20:37:05.0486 3704	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:05.0516 3704	Wdf01000 - ok
20:37:05.0533 3704	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0603 3704	WdiServiceHost - ok
20:37:05.0610 3704	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0628 3704	WdiSystemHost - ok
20:37:05.0666 3704	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:05.0703 3704	WebClient - ok
20:37:05.0726 3704	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:05.0839 3704	Wecsvc - ok
20:37:05.0857 3704	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:05.0905 3704	wercplsupport - ok
20:37:05.0929 3704	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:05.0973 3704	WerSvc - ok
20:37:06.0025 3704	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:06.0065 3704	WfpLwf - ok
20:37:06.0082 3704	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:06.0098 3704	WIMMount - ok
20:37:06.0121 3704	WinDefend - ok
20:37:06.0128 3704	WinHttpAutoProxySvc - ok
20:37:06.0177 3704	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:06.0213 3704	Winmgmt - ok
20:37:07.0433 3704	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:07.0720 3704	WinRM - ok
20:37:07.0830 3704	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:07.0862 3704	WinUsb - ok
20:37:07.0912 3704	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:07.0945 3704	Wlansvc - ok
20:37:08.0052 3704	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:08.0089 3704	wlidsvc - ok
20:37:08.0166 3704	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:08.0186 3704	WmiAcpi - ok
20:37:08.0271 3704	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0390 3704	wmiApSrv - ok
20:37:08.0436 3704	WMPNetworkSvc - ok
20:37:08.0462 3704	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:08.0510 3704	WPCSvc - ok
20:37:08.0565 3704	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:08.0584 3704	WPDBusEnum - ok
20:37:08.0605 3704	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:08.0690 3704	ws2ifsl - ok
20:37:08.0705 3704	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:08.0734 3704	wscsvc - ok
20:37:08.0742 3704	WSearch - ok
20:37:08.0837 3704	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:08.0880 3704	wuauserv - ok
20:37:09.0265 3704	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:09.0322 3704	WudfPf - ok
20:37:09.0351 3704	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:09.0390 3704	WUDFRd - ok
20:37:09.0417 3704	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:09.0454 3704	wudfsvc - ok
20:37:09.0488 3704	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:09.0523 3704	WwanSvc - ok
20:37:09.0595 3704	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:09.0804 3704	xusb21 - ok
20:37:09.0902 3704	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:10.0255 3704	\Device\Harddisk0\DR0 - ok
20:37:10.0261 3704	Boot (0x1200)   (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:10.0262 3704	\Device\Harddisk0\DR0\Partition0 - ok
20:37:10.0290 3704	Boot (0x1200)   (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:10.0292 3704	\Device\Harddisk0\DR0\Partition1 - ok
20:37:10.0316 3704	Boot (0x1200)   (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:10.0317 3704	\Device\Harddisk0\DR0\Partition2 - ok
20:37:10.0335 3704	Boot (0x1200)   (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:10.0337 3704	\Device\Harddisk0\DR0\Partition3 - ok
20:37:10.0339 3704	============================================================
20:37:10.0339 3704	Scan finished
20:37:10.0339 3704	============================================================
20:37:10.0353 3940	Detected object count: 1
20:37:10.0353 3940	Actual detected object count: 1
20:37:17.0556 3940	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:17.0556 3940	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:37:27.0076 3256	============================================================
20:37:27.0076 3256	Scan started
20:37:27.0076 3256	Mode: Manual; SigCheck; TDLFS; 
20:37:27.0076 3256	============================================================
20:37:27.0438 3256	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:37:27.0456 3256	1394ohci - ok
20:37:27.0487 3256	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:37:27.0504 3256	ACPI - ok
20:37:27.0531 3256	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:37:27.0543 3256	AcpiPmi - ok
20:37:27.0602 3256	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:27.0611 3256	AdobeARMservice - ok
20:37:27.0682 3256	AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:27.0693 3256	AdobeFlashPlayerUpdateSvc - ok
20:37:27.0739 3256	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:37:27.0754 3256	adp94xx - ok
20:37:27.0784 3256	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:37:27.0797 3256	adpahci - ok
20:37:27.0818 3256	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:37:27.0833 3256	adpu320 - ok
20:37:27.0862 3256	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:37:27.0893 3256	AeLookupSvc - ok
20:37:27.0932 3256	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:37:27.0949 3256	AFD - ok
20:37:27.0971 3256	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:37:27.0981 3256	agp440 - ok
20:37:28.0000 3256	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:37:28.0012 3256	ALG - ok
20:37:28.0042 3256	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:37:28.0051 3256	aliide - ok
20:37:28.0067 3256	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:37:28.0079 3256	amdide - ok
20:37:28.0103 3256	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:37:28.0121 3256	AmdK8 - ok
20:37:28.0140 3256	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:37:28.0150 3256	AmdPPM - ok
20:37:28.0165 3256	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:37:28.0175 3256	amdsata - ok
20:37:28.0199 3256	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:37:28.0211 3256	amdsbs - ok
20:37:28.0224 3256	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:37:28.0233 3256	amdxata - ok
20:37:28.0256 3256	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:37:28.0267 3256	androidusb - ok
20:37:28.0330 3256	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:37:28.0340 3256	AntiVirSchedulerService - ok
20:37:28.0368 3256	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:37:28.0377 3256	AntiVirService - ok
20:37:28.0404 3256	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:37:28.0433 3256	AppID - ok
20:37:28.0454 3256	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:37:28.0488 3256	AppIDSvc - ok
20:37:28.0513 3256	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:37:28.0545 3256	Appinfo - ok
20:37:28.0576 3256	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:37:28.0587 3256	AppMgmt - ok
20:37:28.0614 3256	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:37:28.0625 3256	arc - ok
20:37:28.0642 3256	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:37:28.0652 3256	arcsas - ok
20:37:28.0667 3256	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:28.0699 3256	AsyncMac - ok
20:37:28.0724 3256	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:37:28.0733 3256	atapi - ok
20:37:28.0764 3256	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:37:28.0776 3256	atksgt - ok
20:37:28.0820 3256	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0855 3256	AudioEndpointBuilder - ok
20:37:28.0866 3256	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0906 3256	AudioSrv - ok
20:37:28.0922 3256	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:37:28.0932 3256	avgntflt - ok
20:37:28.0950 3256	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:37:28.0961 3256	avipbb - ok
20:37:28.0970 3256	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:37:28.0979 3256	avkmgr - ok
20:37:29.0000 3256	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:37:29.0015 3256	AxInstSV - ok
20:37:29.0051 3256	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:37:29.0067 3256	b06bdrv - ok
20:37:29.0095 3256	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:37:29.0108 3256	b57nd60a - ok
20:37:29.0131 3256	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:37:29.0143 3256	BDESVC - ok
20:37:29.0156 3256	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:37:29.0189 3256	Beep - ok
20:37:29.0231 3256	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:37:29.0268 3256	BFE - ok
20:37:29.0310 3256	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:37:29.0354 3256	BITS - ok
20:37:29.0388 3256	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:37:29.0399 3256	blbdrive - ok
20:37:29.0422 3256	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:37:29.0435 3256	bowser - ok
20:37:29.0456 3256	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:37:29.0469 3256	BrFiltLo - ok
20:37:29.0480 3256	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:37:29.0493 3256	BrFiltUp - ok
20:37:29.0519 3256	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:37:29.0548 3256	Browser - ok
20:37:29.0569 3256	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:37:29.0585 3256	Brserid - ok
20:37:29.0601 3256	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:37:29.0614 3256	BrSerWdm - ok
20:37:29.0629 3256	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:37:29.0641 3256	BrUsbMdm - ok
20:37:29.0660 3256	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:37:29.0669 3256	BrUsbSer - ok
20:37:29.0685 3256	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:37:29.0698 3256	BTHMODEM - ok
20:37:29.0726 3256	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:37:29.0758 3256	bthserv - ok
20:37:29.0802 3256	CamDrL64        (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:37:29.0822 3256	CamDrL64 - ok
20:37:29.0840 3256	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:37:29.0871 3256	cdfs - ok
20:37:29.0894 3256	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:37:29.0905 3256	cdrom - ok
20:37:29.0924 3256	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:29.0954 3256	CertPropSvc - ok
20:37:29.0973 3256	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:37:29.0988 3256	circlass - ok
20:37:30.0012 3256	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:37:30.0027 3256	CLFS - ok
20:37:30.0072 3256	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:30.0085 3256	clr_optimization_v2.0.50727_32 - ok
20:37:30.0134 3256	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:37:30.0143 3256	clr_optimization_v2.0.50727_64 - ok
20:37:30.0186 3256	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:30.0197 3256	clr_optimization_v4.0.30319_32 - ok
20:37:30.0219 3256	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:37:30.0228 3256	clr_optimization_v4.0.30319_64 - ok
20:37:30.0253 3256	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:37:30.0263 3256	CmBatt - ok
20:37:30.0305 3256	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:37:30.0315 3256	cmdide - ok
20:37:30.0495 3256	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:37:30.0515 3256	CNG - ok
20:37:30.0534 3256	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:37:30.0543 3256	Compbatt - ok
20:37:30.0567 3256	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:37:30.0583 3256	CompositeBus - ok
20:37:30.0591 3256	COMSysApp - ok
20:37:30.0605 3256	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:37:30.0616 3256	crcdisk - ok
20:37:30.0648 3256	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:37:30.0659 3256	CryptSvc - ok
20:37:30.0688 3256	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:37:30.0704 3256	CSC - ok
20:37:30.0745 3256	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:37:30.0766 3256	CscService - ok
20:37:30.0799 3256	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:30.0840 3256	DcomLaunch - ok
20:37:30.0870 3256	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:37:30.0904 3256	defragsvc - ok
20:37:30.0943 3256	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:37:30.0972 3256	DfsC - ok
20:37:30.0994 3256	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:37:31.0026 3256	Dhcp - ok
20:37:31.0053 3256	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:37:31.0089 3256	discache - ok
20:37:31.0101 3256	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:37:31.0112 3256	Disk - ok
20:37:31.0153 3256	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:37:31.0164 3256	Dnscache - ok
20:37:31.0192 3256	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:37:31.0223 3256	dot3svc - ok
20:37:31.0242 3256	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:37:31.0273 3256	DPS - ok
20:37:31.0295 3256	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:37:31.0306 3256	drmkaud - ok
20:37:31.0334 3256	dtsoftbus01     (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:37:31.0349 3256	dtsoftbus01 - ok
20:37:31.0373 3256	dwmrcs - ok
20:37:31.0422 3256	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:37:31.0444 3256	DXGKrnl - ok
20:37:31.0475 3256	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:37:31.0506 3256	EapHost - ok
20:37:31.0619 3256	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:37:31.0660 3256	ebdrv - ok
20:37:31.0763 3256	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:37:31.0773 3256	EFS - ok
20:37:31.0837 3256	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:37:31.0854 3256	ehRecvr - ok
20:37:31.0881 3256	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:37:31.0892 3256	ehSched - ok
20:37:31.0932 3256	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:37:31.0948 3256	elxstor - ok
20:37:31.0976 3256	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:37:31.0986 3256	ErrDev - ok
20:37:32.0020 3256	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:37:32.0056 3256	EventSystem - ok
20:37:32.0075 3256	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:37:32.0111 3256	exfat - ok
20:37:32.0128 3256	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:37:32.0159 3256	fastfat - ok
20:37:32.0201 3256	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:37:32.0218 3256	Fax - ok
20:37:32.0237 3256	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:37:32.0247 3256	fdc - ok
20:37:32.0260 3256	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:37:32.0291 3256	fdPHost - ok
20:37:32.0311 3256	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:37:32.0345 3256	FDResPub - ok
20:37:32.0356 3256	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:37:32.0366 3256	FileInfo - ok
20:37:32.0388 3256	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:37:32.0418 3256	Filetrace - ok
20:37:32.0433 3256	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:32.0443 3256	flpydisk - ok
20:37:32.0471 3256	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:37:32.0484 3256	FltMgr - ok
20:37:32.0537 3256	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:37:32.0558 3256	FontCache - ok
20:37:32.0608 3256	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:37:32.0616 3256	FontCache3.0.0.0 - ok
20:37:32.0651 3256	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:37:32.0660 3256	FsDepends - ok
20:37:32.0686 3256	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:37:32.0695 3256	Fs_Rec - ok
20:37:32.0714 3256	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:37:32.0728 3256	fvevol - ok
20:37:32.0745 3256	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:37:32.0755 3256	gagp30kx - ok
20:37:32.0784 3256	GGSAFERDriver - ok
20:37:32.0819 3256	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:37:32.0859 3256	gpsvc - ok
20:37:32.0877 3256	hamachi         (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:37:32.0886 3256	hamachi - ok
20:37:32.0901 3256	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:37:32.0911 3256	hcw85cir - ok
20:37:32.0950 3256	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:37:32.0965 3256	HdAudAddService - ok
20:37:32.0987 3256	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:37:33.0001 3256	HDAudBus - ok
20:37:33.0014 3256	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:37:33.0024 3256	HidBatt - ok
20:37:33.0040 3256	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:37:33.0053 3256	HidBth - ok
20:37:33.0067 3256	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:37:33.0079 3256	HidIr - ok
20:37:33.0106 3256	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:37:33.0137 3256	hidserv - ok
20:37:33.0157 3256	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:37:33.0167 3256	HidUsb - ok
20:37:33.0187 3256	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:37:33.0218 3256	hkmsvc - ok
20:37:33.0254 3256	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:37:33.0266 3256	HomeGroupListener - ok
20:37:33.0291 3256	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:37:33.0304 3256	HomeGroupProvider - ok
20:37:33.0323 3256	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:37:33.0333 3256	HpSAMD - ok
20:37:33.0383 3256	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:37:33.0420 3256	HTTP - ok
20:37:33.0436 3256	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:37:33.0445 3256	hwpolicy - ok
20:37:33.0472 3256	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:37:33.0486 3256	i8042prt - ok
20:37:33.0521 3256	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:37:33.0535 3256	iaStorV - ok
20:37:33.0609 3256	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:37:33.0629 3256	idsvc - ok
20:37:33.0650 3256	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:37:33.0660 3256	iirsp - ok
20:37:33.0710 3256	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:37:33.0747 3256	IKEEXT - ok
20:37:33.0770 3256	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:37:33.0779 3256	intelide - ok
20:37:33.0799 3256	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:37:33.0810 3256	intelppm - ok
20:37:33.0829 3256	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:37:33.0866 3256	IPBusEnum - ok
20:37:33.0891 3256	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:37:33.0920 3256	IpFilterDriver - ok
20:37:33.0953 3256	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:37:34.0013 3256	iphlpsvc - ok
20:37:34.0039 3256	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:37:34.0067 3256	IPMIDRV - ok
20:37:34.0083 3256	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:37:34.0146 3256	IPNAT - ok
20:37:34.0164 3256	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:37:34.0180 3256	IRENUM - ok
20:37:34.0206 3256	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:37:34.0215 3256	isapnp - ok
20:37:34.0247 3256	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:37:34.0260 3256	iScsiPrt - ok
20:37:34.0279 3256	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:37:34.0289 3256	kbdclass - ok
20:37:34.0312 3256	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:37:34.0322 3256	kbdhid - ok
20:37:34.0343 3256	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:34.0354 3256	KeyIso - ok
20:37:34.0374 3256	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:37:34.0385 3256	KSecDD - ok
20:37:34.0413 3256	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:37:34.0425 3256	KSecPkg - ok
20:37:34.0443 3256	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:37:34.0473 3256	ksthunk - ok
20:37:34.0509 3256	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:37:34.0543 3256	KtmRm - ok
20:37:34.0572 3256	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:37:34.0608 3256	LanmanServer - ok
20:37:34.0640 3256	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:37:34.0681 3256	LanmanWorkstation - ok
20:37:34.0711 3256	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:37:34.0719 3256	lirsgt - ok
20:37:34.0734 3256	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:37:34.0764 3256	lltdio - ok
20:37:34.0794 3256	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:37:34.0827 3256	lltdsvc - ok
20:37:34.0834 3256	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:37:34.0869 3256	lmhosts - ok
20:37:34.0902 3256	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:37:34.0912 3256	LSI_FC - ok
20:37:34.0928 3256	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:37:34.0939 3256	LSI_SAS - ok
20:37:34.0952 3256	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:37:34.0962 3256	LSI_SAS2 - ok
20:37:34.0978 3256	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:37:34.0988 3256	LSI_SCSI - ok
20:37:35.0012 3256	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:37:35.0046 3256	luafv - ok
20:37:35.0106 3256	LVcKap64        (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:37:35.0128 3256	LVcKap64 - ok
20:37:35.0206 3256	LVMVDrv         (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:37:35.0242 3256	LVMVDrv - ok
20:37:35.0298 3256	LVPr2Mon        (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:37:35.0307 3256	LVPr2Mon - ok
20:37:35.0343 3256	LVPrcS64        (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:37:35.0353 3256	LVPrcS64 - ok
20:37:35.0373 3256	LVSrvLauncher   (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:37:35.0383 3256	LVSrvLauncher - ok
20:37:35.0397 3256	LVUSBS64        (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:37:35.0406 3256	LVUSBS64 - ok
20:37:35.0421 3256	ManyCam         (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:37:35.0432 3256	ManyCam - ok
20:37:35.0452 3256	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:37:35.0462 3256	MBAMProtector - ok
20:37:35.0531 3256	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:35.0546 3256	MBAMService - ok
20:37:35.0585 3256	mcdevice        (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:37:35.0601 3256	mcdevice - ok
20:37:35.0634 3256	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:37:35.0648 3256	Mcx2Svc - ok
20:37:35.0677 3256	MDM             (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:37:35.0684 3256	MDM ( UnsignedFile.Multi.Generic ) - warning
20:37:35.0684 3256	MDM - detected UnsignedFile.Multi.Generic (1)
20:37:35.0705 3256	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:37:35.0714 3256	megasas - ok
20:37:35.0736 3256	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:37:35.0749 3256	MegaSR - ok
20:37:35.0790 3256	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:35.0821 3256	MMCSS - ok
20:37:35.0835 3256	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:37:35.0868 3256	Modem - ok
20:37:35.0889 3256	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:37:35.0907 3256	monitor - ok
20:37:35.0934 3256	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:37:35.0944 3256	mouclass - ok
20:37:35.0963 3256	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:37:35.0973 3256	mouhid - ok
20:37:35.0997 3256	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:37:36.0009 3256	mountmgr - ok
20:37:36.0040 3256	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:37:36.0050 3256	MozillaMaintenance - ok
20:37:36.0079 3256	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:37:36.0093 3256	mpio - ok
20:37:36.0114 3256	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:37:36.0145 3256	mpsdrv - ok
20:37:36.0188 3256	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:37:36.0225 3256	MpsSvc - ok
20:37:36.0256 3256	MRV6X64U        (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:37:36.0268 3256	MRV6X64U - ok
20:37:36.0274 3256	Mrvleap - ok
20:37:36.0308 3256	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:37:36.0326 3256	MRxDAV - ok
20:37:36.0358 3256	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:37:36.0370 3256	mrxsmb - ok
20:37:36.0404 3256	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:37:36.0417 3256	mrxsmb10 - ok
20:37:36.0428 3256	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:37:36.0440 3256	mrxsmb20 - ok
20:37:36.0464 3256	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:37:36.0474 3256	msahci - ok
20:37:36.0498 3256	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:37:36.0509 3256	msdsm - ok
20:37:36.0540 3256	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:37:36.0552 3256	MSDTC - ok
20:37:36.0576 3256	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:37:36.0609 3256	Msfs - ok
20:37:36.0623 3256	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:37:36.0654 3256	mshidkmdf - ok
20:37:36.0688 3256	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:37:36.0698 3256	msisadrv - ok
20:37:36.0724 3256	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:37:36.0757 3256	MSiSCSI - ok
20:37:36.0763 3256	msiserver - ok
20:37:36.0780 3256	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:37:36.0810 3256	MSKSSRV - ok
20:37:36.0827 3256	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:36.0860 3256	MSPCLOCK - ok
20:37:36.0870 3256	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:37:36.0903 3256	MSPQM - ok
20:37:36.0939 3256	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:37:36.0953 3256	MsRPC - ok
20:37:36.0972 3256	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:37:36.0981 3256	mssmbios - ok
20:37:37.0003 3256	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:37:37.0035 3256	MSTEE - ok
20:37:37.0048 3256	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:37:37.0059 3256	MTConfig - ok
20:37:37.0083 3256	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:37:37.0095 3256	MTsensor - ok
20:37:37.0106 3256	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:37:37.0116 3256	Mup - ok
20:37:37.0149 3256	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:37:37.0183 3256	napagent - ok
20:37:37.0205 3256	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:37:37.0223 3256	NativeWifiP - ok
20:37:37.0260 3256	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:37:37.0281 3256	NDIS - ok
20:37:37.0296 3256	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:37:37.0327 3256	NdisCap - ok
20:37:37.0336 3256	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:37.0370 3256	NdisTapi - ok
20:37:37.0390 3256	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:37.0421 3256	Ndisuio - ok
20:37:37.0447 3256	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:37.0477 3256	NdisWan - ok
20:37:37.0487 3256	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:37:37.0518 3256	NDProxy - ok
20:37:37.0535 3256	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:37:37.0568 3256	NetBIOS - ok
20:37:37.0586 3256	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:37:37.0621 3256	NetBT - ok
20:37:37.0649 3256	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:37.0659 3256	Netlogon - ok
20:37:37.0688 3256	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:37:37.0722 3256	Netman - ok
20:37:37.0773 3256	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:37:37.0807 3256	netprofm - ok
20:37:37.0866 3256	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:37.0876 3256	NetTcpPortSharing - ok
20:37:37.0895 3256	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:37:37.0905 3256	nfrd960 - ok
20:37:37.0939 3256	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:37:37.0971 3256	NlaSvc - ok
20:37:37.0985 3256	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:37:38.0015 3256	Npfs - ok
20:37:38.0030 3256	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:37:38.0060 3256	nsi - ok
20:37:38.0078 3256	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:37:38.0111 3256	nsiproxy - ok
20:37:38.0197 3256	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:37:38.0227 3256	Ntfs - ok
20:37:38.0288 3256	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:37:38.0318 3256	Null - ok
20:37:38.0683 3256	nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:38.0863 3256	nvlddmkm - ok
20:37:38.0927 3256	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:37:38.0937 3256	nvraid - ok
20:37:38.0957 3256	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:37:38.0969 3256	nvstor - ok
20:37:39.0019 3256	NVSvc           (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:37:39.0040 3256	NVSvc - ok
20:37:39.0151 3256	nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:37:39.0187 3256	nvUpdatusService - ok
20:37:39.0265 3256	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:37:39.0276 3256	nv_agp - ok
20:37:39.0302 3256	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:37:39.0313 3256	ohci1394 - ok
20:37:39.0428 3256	OODefragAgent   (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:37:39.0473 3256	OODefragAgent - ok
20:37:39.0571 3256	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:39.0585 3256	p2pimsvc - ok
20:37:39.0616 3256	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:37:39.0631 3256	p2psvc - ok
20:37:39.0657 3256	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:37:39.0669 3256	Parport - ok
20:37:39.0693 3256	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:37:39.0703 3256	partmgr - ok
20:37:39.0720 3256	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:37:39.0737 3256	PcaSvc - ok
20:37:39.0759 3256	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:37:39.0771 3256	pci - ok
20:37:39.0781 3256	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:37:39.0791 3256	pciide - ok
20:37:39.0811 3256	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:39.0823 3256	pcmcia - ok
20:37:39.0834 3256	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:37:39.0847 3256	pcw - ok
20:37:39.0875 3256	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:37:39.0915 3256	PEAUTH - ok
20:37:39.0973 3256	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:37:39.0999 3256	PeerDistSvc - ok
20:37:40.0051 3256	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:37:40.0063 3256	PerfHost - ok
20:37:40.0165 3256	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:37:40.0207 3256	pla - ok
20:37:40.0247 3256	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:37:40.0262 3256	PlugPlay - ok
20:37:40.0283 3256	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:37:40.0293 3256	PNRPAutoReg - ok
20:37:40.0320 3256	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:40.0333 3256	PNRPsvc - ok
20:37:40.0363 3256	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:37:40.0399 3256	PolicyAgent - ok
20:37:40.0423 3256	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:37:40.0461 3256	Power - ok
20:37:40.0504 3256	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:37:40.0534 3256	PptpMiniport - ok
20:37:40.0551 3256	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:37:40.0561 3256	Processor - ok
20:37:40.0597 3256	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:37:40.0614 3256	ProfSvc - ok
20:37:40.0637 3256	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:40.0648 3256	ProtectedStorage - ok
20:37:40.0666 3256	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:37:40.0696 3256	Psched - ok
20:37:40.0759 3256	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:37:40.0787 3256	ql2300 - ok
20:37:40.0851 3256	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:40.0865 3256	ql40xx - ok
20:37:40.0895 3256	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:37:40.0913 3256	QWAVE - ok
20:37:40.0927 3256	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:37:40.0942 3256	QWAVEdrv - ok
20:37:40.0955 3256	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:37:40.0989 3256	RasAcd - ok
20:37:41.0021 3256	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:41.0051 3256	RasAgileVpn - ok
20:37:41.0076 3256	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:37:41.0110 3256	RasAuto - ok
20:37:41.0127 3256	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:41.0157 3256	Rasl2tp - ok
20:37:41.0186 3256	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:37:41.0218 3256	RasMan - ok
20:37:41.0232 3256	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:41.0265 3256	RasPppoe - ok
20:37:41.0277 3256	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:37:41.0308 3256	RasSstp - ok
20:37:41.0324 3256	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:37:41.0358 3256	rdbss - ok
20:37:41.0369 3256	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:41.0383 3256	rdpbus - ok
20:37:41.0395 3256	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:41.0425 3256	RDPCDD - ok
20:37:41.0451 3256	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:37:41.0462 3256	RDPDR - ok
20:37:41.0470 3256	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:37:41.0500 3256	RDPENCDD - ok
20:37:41.0507 3256	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:37:41.0540 3256	RDPREFMP - ok
20:37:41.0581 3256	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:37:41.0591 3256	RdpVideoMiniport - ok
20:37:41.0627 3256	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:37:41.0639 3256	RDPWD - ok
20:37:41.0665 3256	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:37:41.0677 3256	rdyboost - ok
20:37:41.0703 3256	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:37:41.0735 3256	RemoteAccess - ok
20:37:41.0763 3256	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:37:41.0795 3256	RemoteRegistry - ok
20:37:41.0813 3256	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:37:41.0845 3256	RpcEptMapper - ok
20:37:41.0861 3256	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:37:41.0876 3256	RpcLocator - ok
20:37:41.0905 3256	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:41.0943 3256	RpcSs - ok
20:37:41.0970 3256	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:37:42.0001 3256	rspndr - ok
20:37:42.0033 3256	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:37:42.0046 3256	RTL8167 - ok
20:37:42.0076 3256	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:37:42.0087 3256	s3cap - ok
20:37:42.0111 3256	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:42.0122 3256	SamSs - ok
20:37:42.0143 3256	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:37:42.0153 3256	sbp2port - ok
20:37:42.0180 3256	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:37:42.0214 3256	SCardSvr - ok
20:37:42.0237 3256	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:37:42.0266 3256	scfilter - ok
20:37:42.0320 3256	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:37:42.0363 3256	Schedule - ok
20:37:42.0386 3256	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:42.0415 3256	SCPolicySvc - ok
20:37:42.0435 3256	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:37:42.0447 3256	SDRSVC - ok
20:37:42.0488 3256	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:37:42.0518 3256	secdrv - ok
20:37:42.0545 3256	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:37:42.0576 3256	seclogon - ok
20:37:42.0607 3256	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:37:42.0640 3256	SENS - ok
20:37:42.0659 3256	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:37:42.0672 3256	SensrSvc - ok
20:37:42.0687 3256	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:37:42.0697 3256	Serenum - ok
20:37:42.0714 3256	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:37:42.0725 3256	Serial - ok
20:37:42.0750 3256	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:37:42.0760 3256	sermouse - ok
20:37:42.0802 3256	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:37:42.0832 3256	SessionEnv - ok
20:37:42.0851 3256	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:37:42.0866 3256	sffdisk - ok
20:37:42.0881 3256	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:37:42.0894 3256	sffp_mmc - ok
20:37:42.0911 3256	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:37:42.0923 3256	sffp_sd - ok
20:37:42.0942 3256	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:42.0953 3256	sfloppy - ok
20:37:42.0986 3256	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:37:43.0021 3256	SharedAccess - ok
20:37:43.0056 3256	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:37:43.0088 3256	ShellHWDetection - ok
20:37:43.0107 3256	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:43.0116 3256	SiSRaid2 - ok
20:37:43.0137 3256	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:43.0146 3256	SiSRaid4 - ok
20:37:43.0199 3256	SkypeUpdate     (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:37:43.0209 3256	SkypeUpdate - ok
20:37:43.0225 3256	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:37:43.0255 3256	Smb - ok
20:37:43.0282 3256	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:37:43.0293 3256	SNMPTRAP - ok
20:37:43.0309 3256	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:37:43.0319 3256	spldr - ok
20:37:43.0356 3256	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:37:43.0391 3256	Spooler - ok
20:37:43.0507 3256	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:37:43.0571 3256	sppsvc - ok
20:37:43.0651 3256	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:37:43.0685 3256	sppuinotify - ok
20:37:43.0740 3256	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:37:43.0759 3256	sptd - ok
20:37:43.0793 3256	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:37:43.0807 3256	srv - ok
20:37:43.0838 3256	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:37:43.0856 3256	srv2 - ok
20:37:43.0877 3256	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:37:43.0889 3256	srvnet - ok
20:37:43.0917 3256	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:37:43.0931 3256	ssadbus - ok
20:37:43.0940 3256	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:37:43.0950 3256	ssadmdfl - ok
20:37:43.0964 3256	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:37:43.0981 3256	ssadmdm - ok
20:37:44.0005 3256	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:37:44.0017 3256	sscdbus - ok
20:37:44.0032 3256	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:37:44.0040 3256	sscdmdfl - ok
20:37:44.0071 3256	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:37:44.0081 3256	sscdmdm - ok
20:37:44.0114 3256	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:37:44.0147 3256	SSDPSRV - ok
20:37:44.0162 3256	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:37:44.0196 3256	SstpSvc - ok
20:37:44.0233 3256	Steam Client Service - ok
20:37:44.0279 3256	Stereo Service  (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:37:44.0293 3256	Stereo Service - ok
20:37:44.0315 3256	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:44.0325 3256	stexstor - ok
20:37:44.0364 3256	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:44.0386 3256	stisvc - ok
20:37:44.0412 3256	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:44.0422 3256	storflt - ok
20:37:44.0438 3256	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:44.0448 3256	storvsc - ok
20:37:44.0475 3256	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:44.0484 3256	swenum - ok
20:37:44.0518 3256	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:44.0553 3256	swprv - ok
20:37:44.0562 3256	Synth3dVsc - ok
20:37:44.0635 3256	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:44.0668 3256	SysMain - ok
20:37:44.0734 3256	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:44.0750 3256	TabletInputService - ok
20:37:44.0777 3256	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:44.0810 3256	TapiSrv - ok
20:37:44.0830 3256	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:44.0867 3256	TBS - ok
20:37:44.0941 3256	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:44.0974 3256	Tcpip - ok
20:37:45.0066 3256	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:45.0098 3256	TCPIP6 - ok
20:37:45.0158 3256	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:45.0189 3256	tcpipreg - ok
20:37:45.0219 3256	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:45.0229 3256	TDPIPE - ok
20:37:45.0255 3256	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:45.0264 3256	TDTCP - ok
20:37:45.0293 3256	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:45.0323 3256	tdx - ok
20:37:45.0345 3256	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:45.0355 3256	TermDD - ok
20:37:45.0387 3256	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:45.0423 3256	TermService - ok
20:37:45.0441 3256	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:45.0457 3256	Themes - ok
20:37:45.0480 3256	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:45.0512 3256	THREADORDER - ok
20:37:45.0533 3256	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:45.0567 3256	TrkWks - ok
20:37:45.0610 3256	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:45.0641 3256	TrustedInstaller - ok
20:37:45.0680 3256	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:45.0709 3256	tssecsrv - ok
20:37:45.0728 3256	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:45.0738 3256	TsUsbFlt - ok
20:37:45.0747 3256	tsusbhub - ok
20:37:45.0767 3256	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:45.0798 3256	tunnel - ok
20:37:45.0824 3256	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:45.0834 3256	uagp35 - ok
20:37:45.0866 3256	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:45.0898 3256	udfs - ok
20:37:45.0934 3256	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:45.0946 3256	UI0Detect - ok
20:37:45.0967 3256	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:45.0977 3256	uliagpkx - ok
20:37:45.0999 3256	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:46.0010 3256	umbus - ok
20:37:46.0030 3256	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:46.0040 3256	UmPass - ok
20:37:46.0068 3256	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:46.0082 3256	UmRdpService - ok
20:37:46.0117 3256	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:46.0151 3256	upnphost - ok
20:37:46.0180 3256	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:46.0193 3256	usbaudio - ok
20:37:46.0220 3256	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:46.0231 3256	usbccgp - ok
20:37:46.0257 3256	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:46.0271 3256	usbcir - ok
20:37:46.0288 3256	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:46.0298 3256	usbehci - ok
20:37:46.0323 3256	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:46.0336 3256	usbhub - ok
20:37:46.0349 3256	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:46.0362 3256	usbohci - ok
20:37:46.0378 3256	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:46.0390 3256	usbprint - ok
20:37:46.0413 3256	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:46.0428 3256	usbscan - ok
20:37:46.0450 3256	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:46.0461 3256	USBSTOR - ok
20:37:46.0481 3256	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:46.0491 3256	usbuhci - ok
20:37:46.0517 3256	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:46.0552 3256	UxSms - ok
20:37:46.0572 3256	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:46.0583 3256	VaultSvc - ok
20:37:46.0605 3256	VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:46.0619 3256	VClone - ok
20:37:46.0641 3256	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:46.0650 3256	vdrvroot - ok
20:37:46.0684 3256	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:46.0720 3256	vds - ok
20:37:46.0736 3256	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:46.0749 3256	vga - ok
20:37:46.0771 3256	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:46.0801 3256	VgaSave - ok
20:37:46.0809 3256	VGPU - ok
20:37:46.0840 3256	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:46.0853 3256	vhdmp - ok
20:37:46.0916 3256	VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:46.0940 3256	VIAHdAudAddService - ok
20:37:46.0962 3256	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:46.0972 3256	viaide - ok
20:37:46.0994 3256	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:47.0006 3256	vmbus - ok
20:37:47.0019 3256	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:47.0029 3256	VMBusHID - ok
20:37:47.0047 3256	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:47.0057 3256	volmgr - ok
20:37:47.0100 3256	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:47.0117 3256	volmgrx - ok
20:37:47.0139 3256	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:47.0152 3256	volsnap - ok
20:37:47.0180 3256	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:47.0193 3256	vsmraid - ok
20:37:47.0252 3256	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:47.0297 3256	VSS - ok
20:37:47.0363 3256	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:47.0376 3256	vwifibus - ok
20:37:47.0411 3256	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:47.0445 3256	W32Time - ok
20:37:47.0461 3256	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:47.0473 3256	WacomPen - ok
20:37:47.0501 3256	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0530 3256	WANARP - ok
20:37:47.0537 3256	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0570 3256	Wanarpv6 - ok
20:37:47.0638 3256	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:47.0665 3256	wbengine - ok
20:37:47.0729 3256	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:47.0748 3256	WbioSrvc - ok
20:37:47.0780 3256	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:47.0799 3256	wcncsvc - ok
20:37:47.0815 3256	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:47.0827 3256	WcsPlugInService - ok
20:37:47.0861 3256	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:47.0870 3256	Wd - ok
20:37:47.0907 3256	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:47.0925 3256	Wdf01000 - ok
20:37:47.0945 3256	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0961 3256	WdiServiceHost - ok
20:37:47.0968 3256	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0984 3256	WdiSystemHost - ok
20:37:48.0020 3256	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:48.0039 3256	WebClient - ok
20:37:48.0063 3256	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:48.0097 3256	Wecsvc - ok
20:37:48.0113 3256	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:48.0145 3256	wercplsupport - ok
20:37:48.0158 3256	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:48.0191 3256	WerSvc - ok
20:37:48.0221 3256	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:48.0254 3256	WfpLwf - ok
20:37:48.0270 3256	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:48.0280 3256	WIMMount - ok
20:37:48.0309 3256	WinDefend - ok
20:37:48.0320 3256	WinHttpAutoProxySvc - ok
20:37:48.0367 3256	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:48.0399 3256	Winmgmt - ok
20:37:48.0472 3256	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:48.0521 3256	WinRM - ok
20:37:48.0603 3256	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:48.0618 3256	WinUsb - ok
20:37:48.0665 3256	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:48.0688 3256	Wlansvc - ok
20:37:48.0788 3256	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:48.0825 3256	wlidsvc - ok
20:37:48.0872 3256	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:48.0882 3256	WmiAcpi - ok
20:37:48.0935 3256	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:48.0947 3256	wmiApSrv - ok
20:37:48.0992 3256	WMPNetworkSvc - ok
20:37:49.0018 3256	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:49.0029 3256	WPCSvc - ok
20:37:49.0052 3256	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:49.0065 3256	WPDBusEnum - ok
20:37:49.0086 3256	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:49.0121 3256	ws2ifsl - ok
20:37:49.0137 3256	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:49.0154 3256	wscsvc - ok
20:37:49.0163 3256	WSearch - ok
20:37:49.0248 3256	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:49.0288 3256	wuauserv - ok
20:37:49.0358 3256	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:49.0394 3256	WudfPf - ok
20:37:49.0416 3256	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:49.0446 3256	WUDFRd - ok
20:37:49.0465 3256	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:49.0496 3256	wudfsvc - ok
20:37:49.0520 3256	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:49.0539 3256	WwanSvc - ok
20:37:49.0575 3256	xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:49.0585 3256	xusb21 - ok
20:37:49.0642 3256	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:50.0004 3256	\Device\Harddisk0\DR0 - ok
20:37:50.0032 3256	Boot (0x1200)   (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:50.0034 3256	\Device\Harddisk0\DR0\Partition0 - ok
20:37:50.0048 3256	Boot (0x1200)   (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:50.0049 3256	\Device\Harddisk0\DR0\Partition1 - ok
20:37:50.0073 3256	Boot (0x1200)   (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:50.0074 3256	\Device\Harddisk0\DR0\Partition2 - ok
20:37:50.0085 3256	Boot (0x1200)   (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:50.0086 3256	\Device\Harddisk0\DR0\Partition3 - ok
20:37:50.0089 3256	============================================================
20:37:50.0089 3256	Scan finished
20:37:50.0089 3256	============================================================
20:37:50.0096 2804	Detected object count: 1
20:37:50.0096 2804	Actual detected object count: 1
20:37:59.0593 2804	MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0593 2804	MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.06.2012, 20:54   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.06.2012, 08:43   #14
boreal99
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-06-21.02 - VuN 21.06.2012  23:11:52.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.4095.2898 [GMT 2:00]
ausgeführt von:: c:\users\VuN\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-21 18:21 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 18:21 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 18:21 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 18:21 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 18:21 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 18:21 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 18:21 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 18:21 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 18:21 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 18:02 . 2012-06-20 18:02	--------	d-----w-	C:\_OTL
2012-06-18 21:04 . 2012-06-18 21:04	--------	d-----w-	c:\program files (x86)\ESET
2012-06-17 10:59 . 2012-06-17 10:59	--------	d-----w-	c:\program files (x86)\MozBackup
2012-06-16 15:47 . 2012-06-16 15:49	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-16 15:47 . 2012-06-16 15:47	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2012-06-16 10:15 . 2012-06-16 10:15	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-16 10:15 . 2012-06-16 10:15	772592	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-16 10:13 . 2012-06-16 10:13	--------	d-----w-	c:\program files\Java
2012-06-15 20:48 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3952FE24-B6AD-4A8C-9B15-36A442645FBF}\mpengine.dll
2012-06-14 23:46 . 2012-06-16 19:15	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 23:46 . 2012-06-16 19:15	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 10:13 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-09 11:53 . 2012-06-09 11:53	--------	d-----w-	c:\users\VuN\AppData\Local\Macromedia
2012-05-28 14:35 . 2012-05-28 14:35	--------	d-----w-	c:\users\VuN\AppData\Roaming\LolClient2
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 10:15 . 2010-12-03 13:32	687600	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-16 10:13 . 2012-05-20 17:05	955840	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-06-16 10:13 . 2011-09-21 15:03	839096	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-08 19:41 . 2012-04-22 18:20	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:41 . 2012-04-22 18:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-04 20:19 . 2012-03-30 11:19	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-01-09 14:19	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 15:01	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2011-10-29 16384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MultiSkypeLauncher.lnk - c:\program files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe [2011-6-13 114176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-10-29 169472]
NETGEAR WN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111\wn111.exe [2008-4-1 2502656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: microsoft.com)\fai.music.metaservices
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - 
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,7c,e3,d9,f1,1f,06,3c,ee,5a,38,35,7a,53,ce,81,4c,b8,ca,59,a1,
   45,75,f1,a8,aa,13,43,91,3e,1a,db,3e,d3,68,3f,47,ae,f7,ce,7e,c1,8f,1e,03,88,\
"rkeysecu"=hex:bb,6e,1e,e3,89,67,51,33,1d,60,84,81,bd,19,c6,ad
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1C8132558822EDDB8A195AE2E7AD8737831FD61C9003A75EC0E34609D115486D59EBAF42C3CF08E1CC5D4F9978875D00D3F22EBB76F61DC21280986B90CACD608810CFCF0347C9DFE0809FCC61FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DF1C22A6820FA928B7B8A2F2B94B79A85578F722EF01069BDD75B49853746505AAC75EB2B85E2AC74007E8A4AB5B9C006262FE9559B4B1B2E5B139C71C9EE96BB12233F2BE3D06114D429CF800ABA97DD2DF10DBB4CB7F1062CD56918B3F9F5106F88113E55194D30C5417609FB1F19C6DBAE7A215D66DB957A3719DFE0C476595495B3137586B3A366B45AF678BCDD1064EBB69A2DDAEEC039FC770441A0C633156CDAA665D7F9DC89A4B72D725F251D3CEA28159E8C61FE9F233593C8513649C965A1CDC9BC285CCA63B265DC4652E49C1A9A4B976890DEA9D6666FEE92BADECE0D83B04BDE6F3A047BCF2BB3236C7406A0BDD0044EFBFD947A83CFAE8E6CC6C421644A95D49F20D9A9FB61741F9DE83957A40C5211C61265A469BF08E7096C8E1608EB5BAE2F4C2FDB83BA21D2B476BBCBC6B3747A3962E1A1571EFEB2714C55931737CEEDB7912D3919C13C4FA5E45940FED860C4BF4D16ED721C1B78297784742125AB0977D44219D352D396878E1EA90F5B92A269C0503C43C2E7B6D914CBC89602AB6950129F092E1C729F93E25E32177209B46A43A474B66A75DDD05922534CEB106CC75739480626AB562965AFB52126C5959A6B6A309B4456D37F963D0D7C599E6508C4C8CB1E4793984D2D6BC79655505076E4BBBD285123EFF8AC9820C30F201ADE934BBB9CAEC33AA366302D4831B2E41D727720F3697880F790766D24AADFC3BF8C82F58B5ADB82F9CFDF5E68C0FBC7D3E5420E7AB673C5D8CBDA87039BAF11BD8D730A5A217C2BBD3C210A10DB3F6001A982719DB73A769BFA0CB52A26E2A41489663D5BA9C9640113DD913932910B31386369214072B966CF18F3C5E05393A10768064373EF517C4F440B44448E98932354C7AD76C8AC818F4DF16738DC67E720CB132ECC1B088A81C6BE73E8D5CB7D0D88934F55ECE1D914C113066BE0200B03A5C49ADBFC14A9CB9AAAEE49085D66B0768676AB125D804A4C6E790FC42ED6F04EAD69994BF3FC663B80C1624E7968D7D811779BEF97AAB38950000BEE77B8C16319E252C01CCB9AE526DB07D0BFC564B0D30B9C43FD30645A38B91BCC57C1DEC682B02719F100C91D3410DC3FC3614ABFA64D79CAF28E86E1582E4D519A29479C98DF8B1852296626F916DDCC8E43918D92BED0C9C9E6D7871AC5876D83480D4D42E449020AF9788CF509D7AE1B1757E5574495094CFD29F8174D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  08:24:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 65.805.144.064 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 63.997.652.992 Bytes frei
.
- - End Of File - - 71F7615C8D48DABD861F3C6159FE9952
         
--- --- ---

Alt 22.06.2012, 11:44   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Standard

EXP/CVE-2010-4452.BG + Email gehackt? Was tun?



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
ATTFilter
Firefox::
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - 
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu EXP/CVE-2010-4452.BG + Email gehackt? Was tun?
7-zip, bho, dateisystem, desktop, device driver, email, email gehackt, error, exp/cve-2010-4452.bg, fehler, flash player, google, helper.exe, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, jdownloader, langs, league of legends, logfile, mozilla, mp3, msvcr80.dll, netgear, nt.dll, nvidia update, programm, realtek, registry, scan, searchscopes, security, software, svchost.exe, teamspeak, usb, usb 2.0, verweise, vista, warnung, windows



Ähnliche Themen: EXP/CVE-2010-4452.BG + Email gehackt? Was tun?


  1. AVIRA Meldung EXP/CVE-2010-4452
    Log-Analyse und Auswertung - 03.12.2013 (5)
  2. EXP/CVE-2010-4452 gefunden - wie werde ich ihn wieder los?
    Log-Analyse und Auswertung - 23.11.2012 (9)
  3. Exe/cve-2010-4452
    Log-Analyse und Auswertung - 07.10.2012 (3)
  4. TR/Dldr.OpenConnection.OJ.1, EXP/CVE-2010-4452 und EXP/CVE-2012-0507
    Log-Analyse und Auswertung - 10.07.2012 (16)
  5. Avira: TR/Crypt.XPACK.Gen & EXP/CVE-2010-4452
    Log-Analyse und Auswertung - 22.03.2012 (27)
  6. Wie beseitige ich EXP/CVE-2010-4452.D ?
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (7)
  7. TR/Agent.Rima.1 und EXP/CVE-2010-4452 entdeckt! Was nun?
    Log-Analyse und Auswertung - 03.03.2012 (15)
  8. (2x) TR/Agent.Rima.1 und EXP/CVE-2010-4452 entdeckt! Was nun?
    Mülltonne - 02.03.2012 (1)
  9. Exp/cve-2010-4452.ce
    Plagegeister aller Art und deren Bekämpfung - 13.01.2012 (1)
  10. Antivir findet EXP/CVE-2010-4452.CE
    Log-Analyse und Auswertung - 10.01.2012 (52)
  11. Avira findet Exploits EXP/CVE-2010-4452. Was ist das?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2011 (25)
  12. ECP/CVE-2010-4452.AN gemeldet von Avira Antivir
    Log-Analyse und Auswertung - 03.11.2011 (7)
  13. Virusfund! EXP/CVE-2010-4452.C
    Log-Analyse und Auswertung - 22.08.2011 (12)
  14. Avira findet Virus EXP/CVE-2010-4452.C als Fund
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (26)
  15. exploit.java.CVE-2010-4452.a
    Log-Analyse und Auswertung - 05.08.2011 (1)
  16. TR/Jorik.SpyEyes.nc + EXP/CVE-2010-4452.A
    Plagegeister aller Art und deren Bekämpfung - 05.06.2011 (23)
  17. Auf dem PC entdeckt SpyEyes / Exploits EXP/CVE-2010-4452.A
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (23)

Zum Thema EXP/CVE-2010-4452.BG + Email gehackt? Was tun? - Guten Tag, gestern habe ich bemerkt, dass eine Werbe-Email von meiner Emailadresse aus an alle meine Kontakte geschickt wurde und habe deshalb das Passwort geändert. Das hat mich auch dazu - EXP/CVE-2010-4452.BG + Email gehackt? Was tun?...
Archiv
Du betrachtest: EXP/CVE-2010-4452.BG + Email gehackt? Was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.