| |
| |||||||
Log-Analyse und Auswertung: Rechner langsam, tlw. hängt er sich sogar aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.01.2013, 15:14
| #1 |
 |  Rechner langsam, tlw. hängt er sich sogar auf Schönen guten Tag, nach einiger Zeit muss ich mich leider wieder hilfesuchend an Sie wenden. Im Benutzerkonto meiner Frau ist das Arbeiten in letzter Zeit nicht mehr ordentlich möglich, da der Rechner nach einiger Zeit immer langsamer wird und sich manchmal dann auch ganz aufhängt. Ein Virenfund wird und wurde von AntiVir nicht angezeigt. Habe im vermeintlich befallenen Account die drei Schritte defogger - OTL - Gmer durchgeführt und füge die Ergebnisse bei. Allerdings hat mir OTL bei mehreren Versuchen immer nur eine OTL.txt aber keine Extra.txt kreiert!? Ich bedanke mich schon jetzt für jede Hilfe. OTL.txt: OTL logfile created on: 12.01.2013 13:04:46 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nadine\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,49 Mb Total Physical Memory | 245,04 Mb Available Physical Memory | 23,97% Memory free 3,46 Gb Paging File | 2,52 Gb Available in Paging File | 72,71% Paging File free Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 269,41 Gb Total Space | 96,79 Gb Free Space | 35,93% Space Free | Partition Type: NTFS Drive D: | 28,67 Gb Total Space | 18,84 Gb Free Space | 65,71% Space Free | Partition Type: FAT32 Drive G: | 465,76 Gb Total Space | 318,22 Gb Free Space | 68,32% Space Free | Partition Type: NTFS Computer Name: HORST | User Name: Chef | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.12 12:48:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nadine\Desktop\OTL.exe PRC - [2012.12.03 23:35:12 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.11.30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.09 13:42:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.26 20:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\ipoint.exe PRC - [2012.06.26 20:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Device Center\itype.exe PRC - [2012.05.08 17:33:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 17:33:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 17:33:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe PRC - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\openvpnas.exe PRC - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Programme\Hotspot Shield\bin\hsswd.exe PRC - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.11.18 13:40:26 | 001,154,048 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) -- C:\Programme\Virtual Router\VirtualRouterClient.exe PRC - [2009.11.18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) -- C:\Programme\Virtual Router\VirtualRouterService.exe PRC - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2013.01.11 16:00:06 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\07ea9ea39e1fddc8e4fe8850c849309e\System.WorkflowServices.ni.dll MOD - [2013.01.11 15:59:38 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll MOD - [2013.01.11 15:47:45 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.01.11 14:57:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\ba5b576bb86b2ea9f2d8840fc26631e3\System.IdentityModel.Selectors.ni.dll MOD - [2013.01.11 14:57:44 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\3e79256ce40faa9682f9e3511ca115ea\System.ServiceModel.ni.dll MOD - [2013.01.11 14:57:18 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll MOD - [2013.01.11 14:57:14 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\219c68f83fa608b496b163fd6782e696\System.IdentityModel.ni.dll MOD - [2013.01.11 14:57:10 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll MOD - [2013.01.11 14:56:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll MOD - [2013.01.11 14:54:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll MOD - [2013.01.11 14:53:02 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.01.11 14:51:49 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.11 14:51:31 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.11 14:51:20 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.01.11 14:51:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.11 14:51:00 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.11 14:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.11 14:50:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.11 14:50:47 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.29 22:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.07.22 10:33:52 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.13 00:19:34 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2010.11.05 03:00:15 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 09:47:20 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ========== Services (SafeList) ========== SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.03 20:01:28 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.05.08 17:33:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 17:33:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.03.21 14:26:04 | 000,580,976 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Programme\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService) SRV - [2012.01.06 19:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService) SRV - [2012.01.06 19:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012.01.05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Programme\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2012.01.05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.11.18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Programme\Virtual Router\VirtualRouterService.exe -- (Virtual Router) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2005.06.02 14:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2012.06.27 09:37:56 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2012.06.27 09:37:56 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2012.06.27 09:37:56 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2012.06.27 09:37:56 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2012.06.24 21:24:46 | 000,046,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2012.05.08 17:33:57 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 17:33:57 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.02 05:22:48 | 000,129,024 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2012.03.21 14:26:40 | 000,011,632 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86) DRV - [2012.03.21 14:26:34 | 000,021,872 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86) DRV - [2012.03.21 14:26:30 | 000,014,704 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86) DRV - [2012.02.24 20:00:11 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05) DRV - [2011.12.29 00:57:28 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv) DRV - [2011.12.29 00:57:26 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.10.05 09:54:44 | 000,564,800 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.13 23:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.13 23:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS) DRV - [2009.02.20 17:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2006.11.30 14:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb117?a=1&i=26 IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb117/?search={searchTerms}&loc=IB_DS&a=1&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://ziebm000.bplaced.net/wordpress/" FF - prefs.js..extensions.enabledAddons: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2 FF - prefs.js..extensions.enabledAddons: afurladvisor@anchorfree.com:1.0 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.2 FF - prefs.js..keyword.URL: "hxxp://search.hotspotshield.com/g/results.php?c=s&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Users\Marc\AppData\Roaming\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.14 16:56:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.14 17:03:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.07.22 10:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Extensions [2011.07.22 10:18:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.11.16 16:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\ef7c128s.default\extensions [2012.09.13 20:16:41 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\ef7c128s.default\extensions\foxmarks@kei.com [2012.07.30 17:23:53 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\ef7c128s.default\extensions\ich@maltegoetz.de [2012.11.16 16:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\ef7c128s.default\extensions\staged [2012.07.30 17:23:54 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Chef\AppData\Roaming\mozilla\Firefox\Profiles\ef7c128s.default\extensions\support@lastpass.com [2012.02.12 14:06:01 | 000,013,074 | ---- | M] () (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\firefox\profiles\ef7c128s.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}.xpi [2012.09.13 19:50:46 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Chef\AppData\Roaming\mozilla\firefox\profiles\ef7c128s.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.01.11 17:20:14 | 000,002,185 | ---- | M] () -- C:\Users\Chef\AppData\Roaming\mozilla\firefox\profiles\ef7c128s.default\searchplugins\MyStart Search.xml [2012.07.03 20:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.14 17:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.01.11 17:07:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012.02.14 17:15:00 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.01.11 17:07:03 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\AFURLADVISOR@ANCHORFREE.COM [2012.02.08 21:31:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.08 18:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.08 18:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.08 18:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.08 18:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.29 00:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\privatesearch.xml [2012.02.08 18:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.08 18:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.12 19:06:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Programme\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D74C7DD-F05F-410B-92BB-1C56E52AC309}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27C004EA-8F9A-43B7-AC85-11C801B0074B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2002.10.02 19:32:44 | 000,000,648 | ---- | M] () - C:\Autorun.exe.manifest -- [ NTFS ] O32 - AutoRun File - [2005.11.24 21:56:21 | 000,023,934 | ---- | M] () - C:\Autorun.ico -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 15:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2013.01.07 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\Chef\AppData\Local\libimobiledevice [2012.12.26 21:45:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.26 21:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny [2012.12.26 21:15:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2012.12.26 21:12:18 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdm.sys [2012.12.26 21:12:18 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadbus.sys [2012.12.26 21:12:18 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadmdfl.sys [2012.12.26 21:12:18 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadcmnt.sys [2012.12.26 21:12:18 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ssadwhnt.sys [2012.12.26 21:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2012.12.26 21:10:37 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll [2012.12.26 21:10:19 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll [2012.12.26 21:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2012.12.26 21:05:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.24 11:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ratDVD [2012.12.24 11:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\ratDVD ========== Files - Modified Within 30 Days ========== [2013.01.12 12:26:13 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 12:26:13 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 12:17:52 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.12 12:17:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 12:17:18 | 804,118,528 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 12:12:53 | 000,657,078 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.12 12:12:53 | 000,618,542 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.12 12:12:53 | 000,131,602 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.12 12:12:53 | 000,107,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.12 12:09:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.11 15:25:12 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013.01.11 14:49:35 | 000,395,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.26 21:13:23 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.12.26 17:17:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.12.24 11:34:06 | 000,000,963 | ---- | M] () -- C:\Users\Chef\Desktop\ratDVD.lnk ========== Files Created - No Company Name ========== [2013.01.11 15:25:12 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2012.12.26 21:13:23 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2012.12.26 17:17:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf [2012.12.24 11:34:06 | 000,000,963 | ---- | C] () -- C:\Users\Chef\Desktop\ratDVD.lnk [2012.11.28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.11.28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.11.28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.11.28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.11.28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.07.30 15:34:59 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2012.07.14 20:05:41 | 000,007,634 | ---- | C] () -- C:\Users\Chef\AppData\Local\Resmon.ResmonCfg [2012.02.24 19:59:18 | 000,200,758 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll [2012.02.15 17:50:18 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys [2012.02.10 22:16:16 | 000,000,000 | ---- | C] () -- C:\Users\Chef\defogger_reenable [2012.02.09 17:08:59 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.02.09 17:08:59 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.02.09 17:08:59 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.02.09 17:08:59 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.01.15 23:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2012.01.13 15:11:19 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.18 15:42:19 | 000,825,859 | ---- | C] () -- C:\Windows\Diercke Globus Uninstaller.exe [2011.12.08 21:22:57 | 000,000,072 | ---- | C] () -- C:\Windows\GEOPOOL06.ini [2011.09.18 16:39:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.08.02 09:23:40 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.07.26 12:17:02 | 000,000,841 | ---- | C] () -- C:\Users\Chef\.recently-used.xbel [2011.07.22 16:02:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.04.17 16:41:34 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Anvsoft [2011.07.26 22:52:57 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Artisteer [2012.04.19 14:14:53 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\BMSEV [2012.12.17 19:35:27 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\BOM [2012.03.03 16:34:46 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Canneverbe Limited [2012.07.30 17:27:45 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\canon [2013.01.11 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\FileZilla [2012.10.17 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Garmin [2011.07.26 12:21:02 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\gtk-2.0 [2012.01.14 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\HandBrake [2011.07.31 16:42:11 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\LG Electronics [2011.09.10 13:19:48 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\MyPhoneExplorer [2011.07.22 10:36:32 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\OpenOffice.org [2012.07.13 18:18:14 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\SMART Technologies [2011.10.30 19:57:44 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\SMART Technologies Inc [2012.02.12 23:10:40 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\Thunderbird [2011.07.27 23:25:09 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\UseNeXT [2012.01.03 23:26:35 | 000,000,000 | ---D | M] -- C:\Users\Chef\AppData\Roaming\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9 < End of report > Gmer.txt: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-12 14:53:34 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAC 298,09GB Running: gmer-2.0.18444.exe; Driver: C:\Users\Chef\AppData\Local\Temp\fgldipoc.sys ---- System - GMER 2.0 ---- SSDT 8CBD82EE ZwCreateSection SSDT 8CBD82F8 ZwRequestWaitReplyPort SSDT 8CBD82F3 ZwSetContextThread SSDT 8CBD82FD ZwSetSecurityObject SSDT 8CBD8302 ZwSystemDebugControl SSDT 8CBD828F ZwTerminateProcess ---- Kernel code sections - GMER 2.0 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E48A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E824D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8962C 4 Bytes [EE, 82, BD, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82E89988 4 Bytes [F8, 82, BD, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E899CC 4 Bytes [F3, 82, BD, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82E89A48 4 Bytes [FD, 82, BD, 8C] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82E89A9C 4 Bytes [02, 83, BD, 8C] .text ... .text C:\Windows\system32\drivers\ACEDRV05.sys section is writeable [0x8CE37000, 0x30A4A, 0xE8000020] .pklstb C:\Windows\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0x8CE79000] .relo2 C:\Windows\system32\drivers\ACEDRV05.sys unknown last section [0x8CE94000, 0x8E, 0x42000040] ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675c3f20 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675c3f20@b8c75d170293 0xE1 0x0C 0xDD 0x3C ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675c3f20@7c2f8005aa0b 0xC4 0x0F 0x67 0xA0 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675c3f20 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675c3f20@b8c75d170293 0xE1 0x0C 0xDD 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0011675c3f20@7c2f8005aa0b 0xC4 0x0F 0x67 0xA0 ... ---- EOF - GMER 2.0 ---- |
|
12.01.2013, 17:21
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner langsam, tlw. hängt er sich sogar aufZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
12.01.2013, 17:27
| #3 |
| | Rechner langsam, tlw. hängt er sich sogar auf Nein, das ist ein ganz normaler Heimrechner.
__________________Die Windows7-Version habe ich mir bei CoTec gekauft, dort bekommt man als Lehrer günstige Angebote. Auf der DVD steht auch "Licensed for use only bei students and faculty" |
|
12.01.2013, 17:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar auf Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.01.2013, 17:31
| #5 |
| | Rechner langsam, tlw. hängt er sich sogar auf Habe in letzter Zeit keine anderen Scans durchgeführt. Habe gerade in den Berichten von AntiVir nachgeschaut und dort einen Malware-Fund am 11.1. gefunden. Der ist irgendwie an mir vorbei gegangen, bin, wie gesagt, nicht der einzige Nutzer: In der Datei 'C:\Users\Marc\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe' wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.Gen2' [adware] gefunden. Ausgeführte Aktion: Zugriff verweigern |
|
12.01.2013, 17:53
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar auf Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Rechner langsam, tlw. hängt er sich sogar auf |
|
12.01.2013, 18:07
| #7 |
| | Rechner langsam, tlw. hängt er sich sogar auf Habe die "neueste Version" bei filepony heruntergeladen. Beim Starten bekomme ich jedoch die Meldung "Your Version ... has been outdated" und werde aufgefordert die neueste Version bei w w w . malwarebytes. org herunterzuladen. Ist das OK? Wird schon ok sein. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.12.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Chef :: HORST [administrator]
12.01.2013 18:58:41
mbar-log-2013-01-12 (18-58-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28636
Time elapsed: 19 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\temp\Autostart.exe (Trojan.Agent) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.12.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Chef :: HORST [administrator]
12.01.2013 19:47:02
mbar-log-2013-01-12 (19-47-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28590
Time elapsed: 17 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
13.01.2013, 19:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar auf 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2013, 23:25
| #9 |
| | Rechner langsam, tlw. hängt er sich sogar auf Hallo und vielen Dank für den Sonntagsdienst!! Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-13 22:59:54
-----------------------------
22:59:54.882 OS Version: Windows 6.1.7601 Service Pack 1
22:59:54.882 Number of processors: 2 586 0xF02
22:59:54.882 ComputerName: HORST UserName: Chef
22:59:55.335 Initialize success
23:00:04.070 AVAST engine defs: 13011301
23:00:15.665 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:00:15.680 Disk 0 Vendor: ST3320820AS 3.AAC Size: 305245MB BusType: 3
23:00:15.680 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-5
23:00:15.680 Disk 1 Vendor: ST3500830AS 3.AFE Size: 476940MB BusType: 3
23:00:15.711 Disk 0 MBR read successfully
23:00:15.711 Disk 0 MBR scan
23:00:15.743 Disk 0 Windows 7 default MBR code
23:00:15.743 Disk 0 Partition - 00 0F Extended LBA 29368 MB offset 564989985
23:00:15.743 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 275873 MB offset 63
23:00:15.774 Disk 0 Partition 2 00 0B FAT32 MSDOS5.0 29368 MB offset 564990048
23:00:15.790 Disk 0 scanning sectors +625137345
23:00:15.836 Disk 0 scanning C:\Windows\system32\drivers
23:00:29.088 Service scanning
23:00:52.330 Modules scanning
23:01:01.009 Disk 0 trace - called modules:
23:01:01.041 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
23:01:01.041 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85362030]
23:01:01.056 3 CLASSPNP.SYS[86e0459e] -> nt!IofCallDriver -> [0x85281810]
23:01:01.056 5 ACPI.sys[870ca3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f0a788]
23:01:01.072 Scan finished successfully
23:14:20.285 Disk 0 MBR has been saved successfully to "C:\Users\Nadine\Desktop\MBR.dat"
23:14:20.285 The log file has been saved successfully to "C:\Users\Nadine\Desktop\aswMBR.txt"
Code:
ATTFilter 23:19:58.0594 3792 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:19:58.0750 3792 ============================================================
23:19:58.0750 3792 Current date / time: 2013/01/13 23:19:58.0750
23:19:58.0750 3792 SystemInfo:
23:19:58.0750 3792
23:19:58.0750 3792 OS Version: 6.1.7601 ServicePack: 1.0
23:19:58.0750 3792 Product type: Workstation
23:19:58.0750 3792 ComputerName: HORST
23:19:58.0750 3792 UserName: Chef
23:19:58.0750 3792 Windows directory: C:\Windows
23:19:58.0750 3792 System windows directory: C:\Windows
23:19:58.0750 3792 Processor architecture: Intel x86
23:19:58.0750 3792 Number of processors: 2
23:19:58.0750 3792 Page size: 0x1000
23:19:58.0750 3792 Boot type: Normal boot
23:19:58.0750 3792 ============================================================
23:19:59.0750 3792 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:20:09.0815 3792 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:20:09.0862 3792 ============================================================
23:20:09.0862 3792 \Device\Harddisk0\DR0:
23:20:09.0862 3792 MBR partitions:
23:20:09.0893 3792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x21AD1060, BlocksNum 0x395C661
23:20:09.0893 3792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x21AD0FE2
23:20:09.0893 3792 \Device\Harddisk1\DR1:
23:20:09.0893 3792 MBR partitions:
23:20:09.0893 3792 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
23:20:09.0893 3792 ============================================================
23:20:09.0924 3792 C: <-> \Device\Harddisk0\DR0\Partition2
23:20:09.0924 3792 D: <-> \Device\Harddisk0\DR0\Partition1
23:20:09.0956 3792 G: <-> \Device\Harddisk1\DR1\Partition1
23:20:09.0956 3792 ============================================================
23:20:09.0956 3792 Initialize success
23:20:09.0956 3792 ============================================================
23:20:59.0584 3868 ============================================================
23:20:59.0584 3868 Scan started
23:20:59.0584 3868 Mode: Manual; SigCheck; TDLFS;
23:20:59.0584 3868 ============================================================
23:21:00.0038 3868 ================ Scan system memory ========================
23:21:00.0038 3868 System memory - ok
23:21:00.0038 3868 ================ Scan services =============================
23:21:00.0163 3868 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:21:00.0303 3868 1394ohci - ok
23:21:00.0350 3868 [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883 C:\Windows\system32\DRIVERS\61883.sys
23:21:00.0397 3868 61883 - ok
23:21:00.0428 3868 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\Windows\system32\drivers\ACEDRV05.sys
23:21:00.0444 3868 ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning
23:21:00.0444 3868 ACEDRV05 - detected UnsignedFile.Multi.Generic (1)
23:21:00.0475 3868 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:21:00.0506 3868 ACPI - ok
23:21:00.0522 3868 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:21:00.0584 3868 AcpiPmi - ok
23:21:00.0678 3868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:21:00.0694 3868 AdobeARMservice - ok
23:21:00.0743 3868 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:21:00.0790 3868 adp94xx - ok
23:21:00.0821 3868 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:21:00.0836 3868 adpahci - ok
23:21:00.0852 3868 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:21:00.0883 3868 adpu320 - ok
23:21:00.0915 3868 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:21:00.0961 3868 AeLookupSvc - ok
23:21:01.0008 3868 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:21:01.0055 3868 AFD - ok
23:21:01.0102 3868 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:21:01.0118 3868 agp440 - ok
23:21:01.0149 3868 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:21:01.0165 3868 aic78xx - ok
23:21:01.0211 3868 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:21:01.0243 3868 ALG - ok
23:21:01.0290 3868 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:21:01.0305 3868 aliide - ok
23:21:01.0321 3868 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:21:01.0336 3868 amdagp - ok
23:21:01.0352 3868 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:21:01.0368 3868 amdide - ok
23:21:01.0383 3868 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:21:01.0430 3868 AmdK8 - ok
23:21:01.0446 3868 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:21:01.0493 3868 AmdPPM - ok
23:21:01.0524 3868 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:21:01.0540 3868 amdsata - ok
23:21:01.0571 3868 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:21:01.0602 3868 amdsbs - ok
23:21:01.0602 3868 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:21:01.0618 3868 amdxata - ok
23:21:01.0665 3868 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
23:21:01.0758 3868 androidusb - ok
23:21:01.0821 3868 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:21:01.0852 3868 AntiVirSchedulerService - ok
23:21:01.0883 3868 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:21:01.0899 3868 AntiVirService - ok
23:21:01.0915 3868 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:21:01.0977 3868 AppID - ok
23:21:02.0024 3868 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:21:02.0071 3868 AppIDSvc - ok
23:21:02.0102 3868 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:21:02.0133 3868 Appinfo - ok
23:21:02.0196 3868 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:21:02.0196 3868 Apple Mobile Device - ok
23:21:02.0243 3868 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:21:02.0258 3868 AppMgmt - ok
23:21:02.0290 3868 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:21:02.0305 3868 arc - ok
23:21:02.0321 3868 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:21:02.0336 3868 arcsas - ok
23:21:02.0368 3868 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:21:02.0446 3868 AsyncMac - ok
23:21:02.0477 3868 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:21:02.0493 3868 atapi - ok
23:21:02.0540 3868 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:21:02.0586 3868 AudioEndpointBuilder - ok
23:21:02.0618 3868 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:21:02.0649 3868 Audiosrv - ok
23:21:02.0680 3868 [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc C:\Windows\system32\DRIVERS\avc.sys
23:21:02.0711 3868 Avc - ok
23:21:02.0727 3868 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:21:02.0743 3868 avgntflt - ok
23:21:02.0774 3868 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:21:02.0790 3868 avipbb - ok
23:21:02.0805 3868 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:21:02.0821 3868 avkmgr - ok
23:21:02.0852 3868 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:21:02.0930 3868 AxInstSV - ok
23:21:02.0977 3868 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:21:03.0024 3868 b06bdrv - ok
23:21:03.0040 3868 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:21:03.0071 3868 b57nd60x - ok
23:21:03.0118 3868 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:21:03.0180 3868 BDESVC - ok
23:21:03.0211 3868 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:21:03.0258 3868 Beep - ok
23:21:03.0305 3868 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:21:03.0368 3868 BFE - ok
23:21:03.0415 3868 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
23:21:03.0461 3868 BITS - ok
23:21:03.0477 3868 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:21:03.0508 3868 blbdrive - ok
23:21:03.0555 3868 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:21:03.0586 3868 Bonjour Service - ok
23:21:03.0618 3868 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:21:03.0665 3868 bowser - ok
23:21:03.0696 3868 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:21:03.0743 3868 BrFiltLo - ok
23:21:03.0758 3868 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:21:03.0805 3868 BrFiltUp - ok
23:21:03.0836 3868 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:21:03.0868 3868 BridgeMP - ok
23:21:03.0899 3868 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:21:03.0930 3868 Browser - ok
23:21:03.0961 3868 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:21:04.0008 3868 Brserid - ok
23:21:04.0040 3868 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:21:04.0071 3868 BrSerWdm - ok
23:21:04.0086 3868 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:21:04.0133 3868 BrUsbMdm - ok
23:21:04.0165 3868 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:21:04.0196 3868 BrUsbSer - ok
23:21:04.0243 3868 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:21:04.0305 3868 BthEnum - ok
23:21:04.0336 3868 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:21:04.0368 3868 BTHMODEM - ok
23:21:04.0399 3868 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:21:04.0430 3868 BthPan - ok
23:21:04.0461 3868 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:21:04.0524 3868 BTHPORT - ok
23:21:04.0555 3868 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:21:04.0602 3868 bthserv - ok
23:21:04.0633 3868 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:21:04.0680 3868 BTHUSB - ok
23:21:04.0744 3868 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
23:21:04.0744 3868 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
23:21:04.0744 3868 CCALib8 - detected UnsignedFile.Multi.Generic (1)
23:21:04.0759 3868 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:21:04.0806 3868 cdfs - ok
23:21:04.0837 3868 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:21:04.0869 3868 cdrom - ok
23:21:04.0900 3868 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:21:04.0931 3868 CertPropSvc - ok
23:21:04.0962 3868 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:21:04.0994 3868 circlass - ok
23:21:05.0041 3868 [ 3E2AFAFA158C9ED670C106842BDCC81E ] CISVC C:\Windows\system32\CISVC.EXE
23:21:05.0103 3868 CISVC - ok
23:21:05.0134 3868 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:21:05.0150 3868 CLFS - ok
23:21:05.0228 3868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:21:05.0244 3868 clr_optimization_v2.0.50727_32 - ok
23:21:05.0306 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:21:05.0353 3868 clr_optimization_v4.0.30319_32 - ok
23:21:05.0369 3868 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:21:05.0384 3868 CmBatt - ok
23:21:05.0400 3868 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:21:05.0416 3868 cmdide - ok
23:21:05.0462 3868 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:21:05.0509 3868 CNG - ok
23:21:05.0556 3868 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:21:05.0556 3868 Compbatt - ok
23:21:05.0587 3868 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:21:05.0603 3868 CompositeBus - ok
23:21:05.0619 3868 COMSysApp - ok
23:21:05.0650 3868 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:21:05.0666 3868 crcdisk - ok
23:21:05.0712 3868 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:21:05.0763 3868 CryptSvc - ok
23:21:05.0810 3868 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:21:05.0873 3868 CSC - ok
23:21:05.0904 3868 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:21:05.0966 3868 CscService - ok
23:21:05.0998 3868 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:21:06.0029 3868 dc3d - ok
23:21:06.0044 3868 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:21:06.0091 3868 DcomLaunch - ok
23:21:06.0138 3868 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:21:06.0169 3868 defragsvc - ok
23:21:06.0216 3868 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:21:06.0263 3868 DfsC - ok
23:21:06.0294 3868 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:21:06.0341 3868 Dhcp - ok
23:21:06.0373 3868 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:21:06.0419 3868 discache - ok
23:21:06.0435 3868 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:21:06.0451 3868 Disk - ok
23:21:06.0482 3868 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:21:06.0529 3868 Dnscache - ok
23:21:06.0560 3868 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:21:06.0591 3868 dot3svc - ok
23:21:06.0638 3868 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:21:06.0669 3868 DPS - ok
23:21:06.0716 3868 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:21:06.0732 3868 drmkaud - ok
23:21:06.0763 3868 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\Windows\system32\DRIVERS\dvd43llh.sys
23:21:06.0780 3868 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
23:21:06.0780 3868 dvd43llh - detected UnsignedFile.Multi.Generic (1)
23:21:06.0827 3868 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:21:06.0874 3868 DXGKrnl - ok
23:21:06.0905 3868 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:21:06.0952 3868 EapHost - ok
23:21:07.0061 3868 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:21:07.0170 3868 ebdrv - ok
23:21:07.0202 3868 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:21:07.0249 3868 EFS - ok
23:21:07.0280 3868 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:21:07.0311 3868 elxstor - ok
23:21:07.0342 3868 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:21:07.0374 3868 ErrDev - ok
23:21:07.0420 3868 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:21:07.0467 3868 EventSystem - ok
23:21:07.0499 3868 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:21:07.0530 3868 exfat - ok
23:21:07.0561 3868 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:21:07.0608 3868 fastfat - ok
23:21:07.0639 3868 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:21:07.0655 3868 fdc - ok
23:21:07.0702 3868 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:21:07.0749 3868 fdPHost - ok
23:21:07.0764 3868 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:21:07.0811 3868 FDResPub - ok
23:21:07.0842 3868 [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
23:21:07.0874 3868 FETNDIS - ok
23:21:07.0905 3868 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:21:07.0920 3868 FileInfo - ok
23:21:07.0936 3868 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:21:07.0967 3868 Filetrace - ok
23:21:08.0030 3868 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:21:08.0077 3868 FLEXnet Licensing Service - ok
23:21:08.0124 3868 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:21:08.0139 3868 flpydisk - ok
23:21:08.0155 3868 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:21:08.0186 3868 FltMgr - ok
23:21:08.0217 3868 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:21:08.0264 3868 FontCache - ok
23:21:08.0327 3868 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:21:08.0342 3868 FontCache3.0.0.0 - ok
23:21:08.0358 3868 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:21:08.0374 3868 FsDepends - ok
23:21:08.0405 3868 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:21:08.0420 3868 Fs_Rec - ok
23:21:08.0452 3868 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:21:08.0467 3868 fvevol - ok
23:21:08.0499 3868 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:21:08.0514 3868 gagp30kx - ok
23:21:08.0561 3868 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys
23:21:08.0592 3868 GigasetGenericUSB - ok
23:21:08.0639 3868 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:21:08.0702 3868 gpsvc - ok
23:21:08.0749 3868 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
23:21:08.0764 3868 grmnusb - ok
23:21:08.0827 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:21:08.0842 3868 gupdate - ok
23:21:08.0874 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:21:08.0874 3868 gupdatem - ok
23:21:08.0920 3868 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:21:08.0952 3868 hcw85cir - ok
23:21:08.0983 3868 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:21:09.0014 3868 HdAudAddService - ok
23:21:09.0030 3868 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:21:09.0061 3868 HDAudBus - ok
23:21:09.0092 3868 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:21:09.0124 3868 HidBatt - ok
23:21:09.0139 3868 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:21:09.0170 3868 HidBth - ok
23:21:09.0186 3868 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:21:09.0217 3868 HidIr - ok
23:21:09.0249 3868 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:21:09.0280 3868 hidserv - ok
23:21:09.0311 3868 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:21:09.0327 3868 HidUsb - ok
23:21:09.0358 3868 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:21:09.0374 3868 hkmsvc - ok
23:21:09.0420 3868 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:21:09.0483 3868 HomeGroupListener - ok
23:21:09.0514 3868 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:21:09.0545 3868 HomeGroupProvider - ok
23:21:09.0577 3868 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:21:09.0592 3868 HpSAMD - ok
23:21:09.0655 3868 [ 44452F7A09D00573DC6E714874257CC9 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
23:21:09.0686 3868 hshld - ok
23:21:09.0702 3868 [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
23:21:09.0717 3868 HssDrv - ok
23:21:09.0749 3868 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
23:21:09.0764 3868 HssSrv - ok
23:21:09.0795 3868 [ 6B1DC08D22231C9E508A715F07FCE7FB ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
23:21:09.0811 3868 HssTrayService - ok
23:21:09.0811 3868 HssWd - ok
23:21:09.0858 3868 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:21:09.0905 3868 HTTP - ok
23:21:09.0936 3868 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:21:09.0952 3868 hwpolicy - ok
23:21:09.0983 3868 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:21:09.0999 3868 i8042prt - ok
23:21:10.0030 3868 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:21:10.0045 3868 iaStorV - ok
23:21:10.0108 3868 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:21:10.0155 3868 idsvc - ok
23:21:10.0202 3868 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:21:10.0217 3868 iirsp - ok
23:21:10.0249 3868 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:21:10.0311 3868 IKEEXT - ok
23:21:10.0327 3868 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:21:10.0342 3868 intelide - ok
23:21:10.0374 3868 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:21:10.0405 3868 intelppm - ok
23:21:10.0452 3868 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:21:10.0499 3868 IPBusEnum - ok
23:21:10.0514 3868 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:21:10.0545 3868 IpFilterDriver - ok
23:21:10.0577 3868 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:21:10.0624 3868 iphlpsvc - ok
23:21:10.0655 3868 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:21:10.0686 3868 IPMIDRV - ok
23:21:10.0717 3868 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:21:10.0749 3868 IPNAT - ok
23:21:10.0780 3868 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:21:10.0811 3868 IRENUM - ok
23:21:10.0842 3868 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:21:10.0858 3868 isapnp - ok
23:21:10.0889 3868 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:21:10.0905 3868 iScsiPrt - ok
23:21:10.0920 3868 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:21:10.0936 3868 kbdclass - ok
23:21:10.0967 3868 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:21:10.0999 3868 kbdhid - ok
23:21:11.0014 3868 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:21:11.0030 3868 KeyIso - ok
23:21:11.0077 3868 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:21:11.0108 3868 KSecDD - ok
23:21:11.0155 3868 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:21:11.0202 3868 KSecPkg - ok
23:21:11.0249 3868 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:21:11.0311 3868 KtmRm - ok
23:21:11.0358 3868 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
23:21:11.0405 3868 LanmanServer - ok
23:21:11.0436 3868 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:21:11.0483 3868 LanmanWorkstation - ok
23:21:11.0514 3868 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:21:11.0545 3868 lltdio - ok
23:21:11.0577 3868 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:21:11.0639 3868 lltdsvc - ok
23:21:11.0655 3868 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:21:11.0686 3868 lmhosts - ok
23:21:11.0717 3868 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:21:11.0733 3868 LSI_FC - ok
23:21:11.0780 3868 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:21:11.0795 3868 LSI_SAS - ok
23:21:11.0811 3868 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:21:11.0827 3868 LSI_SAS2 - ok
23:21:11.0842 3868 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:21:11.0858 3868 LSI_SCSI - ok
23:21:11.0874 3868 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:21:11.0905 3868 luafv - ok
23:21:11.0967 3868 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
23:21:11.0983 3868 MDM - ok
23:21:12.0014 3868 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:21:12.0030 3868 megasas - ok
23:21:12.0061 3868 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:21:12.0077 3868 MegaSR - ok
23:21:12.0108 3868 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:21:12.0155 3868 MMCSS - ok
23:21:12.0186 3868 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:21:12.0249 3868 Modem - ok
23:21:12.0280 3868 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:21:12.0311 3868 monitor - ok
23:21:12.0327 3868 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:21:12.0342 3868 mouclass - ok
23:21:12.0389 3868 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:21:12.0405 3868 mouhid - ok
23:21:12.0436 3868 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:21:12.0452 3868 mountmgr - ok
23:21:12.0483 3868 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:21:12.0499 3868 mpio - ok
23:21:12.0530 3868 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:21:12.0577 3868 mpsdrv - ok
23:21:12.0624 3868 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:21:12.0670 3868 MpsSvc - ok
23:21:12.0686 3868 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:21:12.0717 3868 MRxDAV - ok
23:21:12.0749 3868 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:21:12.0795 3868 mrxsmb - ok
23:21:12.0827 3868 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:21:12.0858 3868 mrxsmb10 - ok
23:21:12.0889 3868 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:21:12.0920 3868 mrxsmb20 - ok
23:21:12.0936 3868 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:21:12.0952 3868 msahci - ok
23:21:12.0983 3868 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:21:12.0999 3868 msdsm - ok
23:21:13.0014 3868 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:21:13.0045 3868 MSDTC - ok
23:21:13.0092 3868 [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
23:21:13.0108 3868 MSDV - ok
23:21:13.0155 3868 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:21:13.0170 3868 Msfs - ok
23:21:13.0202 3868 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:21:13.0249 3868 mshidkmdf - ok
23:21:13.0280 3868 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:21:13.0295 3868 msisadrv - ok
23:21:13.0327 3868 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:21:13.0374 3868 MSiSCSI - ok
23:21:13.0374 3868 msiserver - ok
23:21:13.0420 3868 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:21:13.0467 3868 MSKSSRV - ok
23:21:13.0499 3868 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:21:13.0530 3868 MSPCLOCK - ok
23:21:13.0545 3868 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:21:13.0592 3868 MSPQM - ok
23:21:13.0608 3868 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:21:13.0624 3868 MsRPC - ok
23:21:13.0655 3868 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:21:13.0670 3868 mssmbios - ok
23:21:13.0702 3868 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:21:13.0733 3868 MSTEE - ok
23:21:13.0749 3868 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:21:13.0764 3868 MTConfig - ok
23:21:13.0780 3868 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:21:13.0795 3868 Mup - ok
23:21:13.0842 3868 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:21:13.0889 3868 napagent - ok
23:21:13.0936 3868 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:21:13.0952 3868 NativeWifiP - ok
23:21:13.0999 3868 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:21:14.0045 3868 NDIS - ok
23:21:14.0061 3868 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:21:14.0108 3868 NdisCap - ok
23:21:14.0124 3868 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:21:14.0170 3868 NdisTapi - ok
23:21:14.0186 3868 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:21:14.0217 3868 Ndisuio - ok
23:21:14.0249 3868 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:21:14.0295 3868 NdisWan - ok
23:21:14.0327 3868 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:21:14.0358 3868 NDProxy - ok
23:21:14.0389 3868 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:21:14.0436 3868 NetBIOS - ok
23:21:14.0467 3868 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:21:14.0514 3868 NetBT - ok
23:21:14.0530 3868 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:21:14.0545 3868 Netlogon - ok
23:21:14.0592 3868 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:21:14.0639 3868 Netman - ok
23:21:14.0655 3868 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:21:14.0717 3868 netprofm - ok
23:21:14.0764 3868 [ B8DEE9E7E8F55138F9BC886519C617C4 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
23:21:14.0812 3868 netr73 - ok
23:21:14.0859 3868 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:21:14.0875 3868 NetTcpPortSharing - ok
23:21:14.0906 3868 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:21:14.0921 3868 nfrd960 - ok
23:21:14.0968 3868 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:21:15.0000 3868 NlaSvc - ok
23:21:15.0046 3868 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:21:15.0078 3868 Npfs - ok
23:21:15.0109 3868 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:21:15.0140 3868 nsi - ok
23:21:15.0140 3868 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:21:15.0187 3868 nsiproxy - ok
23:21:15.0250 3868 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:21:15.0312 3868 Ntfs - ok
23:21:15.0343 3868 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:21:15.0375 3868 Null - ok
23:21:15.0656 3868 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:21:16.0015 3868 nvlddmkm - ok
23:21:16.0046 3868 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:21:16.0062 3868 nvraid - ok
23:21:16.0093 3868 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:21:16.0109 3868 nvstor - ok
23:21:16.0140 3868 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:21:16.0156 3868 nvsvc - ok
23:21:16.0156 3868 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:21:16.0187 3868 nv_agp - ok
23:21:16.0218 3868 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:21:16.0234 3868 ohci1394 - ok
23:21:16.0265 3868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:21:16.0281 3868 ose - ok
23:21:16.0468 3868 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:21:16.0656 3868 osppsvc - ok
23:21:16.0687 3868 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:21:16.0734 3868 p2pimsvc - ok
23:21:16.0750 3868 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:21:16.0796 3868 p2psvc - ok
23:21:16.0828 3868 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:21:16.0843 3868 Parport - ok
23:21:16.0875 3868 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:21:16.0890 3868 partmgr - ok
23:21:16.0906 3868 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:21:16.0921 3868 Parvdm - ok
23:21:16.0953 3868 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:21:16.0984 3868 PcaSvc - ok
23:21:17.0000 3868 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:21:17.0015 3868 pci - ok
23:21:17.0046 3868 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:21:17.0062 3868 pciide - ok
23:21:17.0093 3868 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:21:17.0109 3868 pcmcia - ok
23:21:17.0125 3868 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:21:17.0140 3868 pcw - ok
23:21:17.0171 3868 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:21:17.0234 3868 PEAUTH - ok
23:21:17.0296 3868 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:21:17.0359 3868 PeerDistSvc - ok
23:21:17.0437 3868 [ 8B7AEC0ABA77DE5D2FEAC1824C15A3FA ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
23:21:17.0500 3868 Ph3xIB32 - ok
23:21:17.0578 3868 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:21:17.0671 3868 pla - ok
23:21:17.0703 3868 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:21:17.0734 3868 PlugPlay - ok
23:21:17.0765 3868 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:21:17.0781 3868 PNRPAutoReg - ok
23:21:17.0812 3868 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:21:17.0828 3868 PNRPsvc - ok
23:21:17.0843 3868 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
23:21:17.0875 3868 Point32 - ok
23:21:17.0906 3868 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:21:17.0937 3868 PolicyAgent - ok
23:21:17.0984 3868 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:21:18.0000 3868 Power - ok
23:21:18.0046 3868 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:21:18.0093 3868 PptpMiniport - ok
23:21:18.0109 3868 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:21:18.0140 3868 Processor - ok
23:21:18.0171 3868 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:21:18.0218 3868 ProfSvc - ok
23:21:18.0234 3868 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:21:18.0250 3868 ProtectedStorage - ok
23:21:18.0281 3868 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:21:18.0328 3868 Psched - ok
23:21:18.0375 3868 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:21:18.0437 3868 ql2300 - ok
23:21:18.0468 3868 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:21:18.0484 3868 ql40xx - ok
23:21:18.0515 3868 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:21:18.0531 3868 QWAVE - ok
23:21:18.0546 3868 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:21:18.0562 3868 QWAVEdrv - ok
23:21:18.0609 3868 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:21:18.0640 3868 RasAcd - ok
23:21:18.0656 3868 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:21:18.0703 3868 RasAgileVpn - ok
23:21:18.0734 3868 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:21:18.0765 3868 RasAuto - ok
23:21:18.0781 3868 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:21:18.0813 3868 Rasl2tp - ok
23:21:18.0860 3868 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:21:18.0907 3868 RasMan - ok
23:21:18.0922 3868 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:21:18.0969 3868 RasPppoe - ok
23:21:19.0000 3868 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:21:19.0032 3868 RasSstp - ok
23:21:19.0079 3868 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:21:19.0125 3868 rdbss - ok
23:21:19.0172 3868 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:21:19.0188 3868 rdpbus - ok
23:21:19.0219 3868 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:21:19.0250 3868 RDPCDD - ok
23:21:19.0297 3868 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:21:19.0329 3868 RDPDR - ok
23:21:19.0344 3868 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:21:19.0391 3868 RDPENCDD - ok
23:21:19.0422 3868 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:21:19.0454 3868 RDPREFMP - ok
23:21:19.0485 3868 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:21:19.0532 3868 RDPWD - ok
23:21:19.0579 3868 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:21:19.0594 3868 rdyboost - ok
23:21:19.0625 3868 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:21:19.0672 3868 RemoteAccess - ok
23:21:19.0719 3868 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:21:19.0750 3868 RemoteRegistry - ok
23:21:19.0797 3868 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:21:19.0813 3868 RFCOMM - ok
23:21:19.0829 3868 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:21:19.0875 3868 RpcEptMapper - ok
23:21:19.0907 3868 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:21:19.0938 3868 RpcLocator - ok
23:21:19.0954 3868 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:21:19.0985 3868 RpcSs - ok
23:21:20.0016 3868 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:21:20.0079 3868 rspndr - ok
23:21:20.0094 3868 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:21:20.0157 3868 s3cap - ok
23:21:20.0172 3868 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:21:20.0188 3868 SamSs - ok
23:21:20.0204 3868 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:21:20.0219 3868 sbp2port - ok
23:21:20.0250 3868 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:21:20.0282 3868 SCardSvr - ok
23:21:20.0297 3868 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:21:20.0329 3868 scfilter - ok
23:21:20.0375 3868 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:21:20.0438 3868 Schedule - ok
23:21:20.0454 3868 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:21:20.0485 3868 SCPolicySvc - ok
23:21:20.0516 3868 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:21:20.0563 3868 SDRSVC - ok
23:21:20.0594 3868 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:21:20.0625 3868 secdrv - ok
23:21:20.0657 3868 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:21:20.0704 3868 seclogon - ok
23:21:20.0735 3868 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:21:20.0782 3868 SENS - ok
23:21:20.0813 3868 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:21:20.0861 3868 SensrSvc - ok
23:21:20.0892 3868 [ 49385C352CBFA45E6DAF0F3545A5F798 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
23:21:20.0923 3868 Ser2pl - ok
23:21:20.0955 3868 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:21:20.0986 3868 Serenum - ok
23:21:21.0001 3868 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:21:21.0033 3868 Serial - ok
23:21:21.0048 3868 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:21:21.0064 3868 sermouse - ok
23:21:21.0126 3868 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:21:21.0158 3868 SessionEnv - ok
23:21:21.0189 3868 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:21:21.0220 3868 sffdisk - ok
23:21:21.0236 3868 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:21:21.0251 3868 sffp_mmc - ok
23:21:21.0283 3868 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:21:21.0298 3868 sffp_sd - ok
23:21:21.0330 3868 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:21:21.0345 3868 sfloppy - ok
23:21:21.0408 3868 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:21:21.0455 3868 SharedAccess - ok
23:21:21.0501 3868 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:21:21.0548 3868 ShellHWDetection - ok
23:21:21.0580 3868 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:21:21.0595 3868 sisagp - ok
23:21:21.0626 3868 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:21:21.0642 3868 SiSRaid2 - ok
23:21:21.0658 3868 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:21:21.0673 3868 SiSRaid4 - ok
23:21:21.0736 3868 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
23:21:21.0783 3868 SMARTHelperService - ok
23:21:21.0814 3868 [ A4C659F9692E7695CFDD23B9EF9F035D ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
23:21:21.0830 3868 SMARTMouseFilterx86 - ok
23:21:21.0861 3868 [ 45954C46F3FCAE82AC7ACF58F2B421BD ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
23:21:21.0876 3868 SMARTVHidMini2000x86 - ok
23:21:21.0908 3868 [ BD6F2C43F591A93D3D987A404DB3D62D ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
23:21:21.0908 3868 SMARTVTabletPCx86 - ok
23:21:21.0955 3868 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:21:21.0986 3868 Smb - ok
23:21:22.0033 3868 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:21:22.0064 3868 SNMPTRAP - ok
23:21:22.0080 3868 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:21:22.0095 3868 spldr - ok
23:21:22.0126 3868 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:21:22.0189 3868 Spooler - ok
23:21:22.0298 3868 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:21:22.0423 3868 sppsvc - ok
23:21:22.0470 3868 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:21:22.0501 3868 sppuinotify - ok
23:21:22.0533 3868 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:21:22.0580 3868 srv - ok
23:21:22.0611 3868 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:21:22.0642 3868 srv2 - ok
23:21:22.0673 3868 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:21:22.0689 3868 srvnet - ok
23:21:22.0736 3868 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
23:21:22.0767 3868 ssadbus - ok
23:21:22.0783 3868 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:21:22.0814 3868 ssadmdfl - ok
23:21:22.0849 3868 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
23:21:22.0874 3868 ssadmdm - ok
23:21:22.0920 3868 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:21:22.0967 3868 SSDPSRV - ok
23:21:22.0999 3868 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:21:23.0014 3868 ssmdrv - ok
23:21:23.0030 3868 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:21:23.0061 3868 SstpSvc - ok
23:21:23.0092 3868 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:21:23.0108 3868 stexstor - ok
23:21:23.0155 3868 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:21:23.0186 3868 StiSvc - ok
23:21:23.0217 3868 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:21:23.0233 3868 storflt - ok
23:21:23.0280 3868 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:21:23.0311 3868 StorSvc - ok
23:21:23.0327 3868 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:21:23.0342 3868 storvsc - ok
23:21:23.0374 3868 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:21:23.0374 3868 swenum - ok
23:21:23.0420 3868 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:21:23.0452 3868 swprv - ok
23:21:23.0514 3868 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:21:23.0577 3868 SysMain - ok
23:21:23.0608 3868 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:21:23.0655 3868 TabletInputService - ok
23:21:23.0686 3868 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
23:21:23.0686 3868 taphss - ok
23:21:23.0733 3868 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:21:23.0764 3868 TapiSrv - ok
23:21:23.0811 3868 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:21:23.0858 3868 TBS - ok
23:21:23.0922 3868 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:21:23.0985 3868 Tcpip - ok
23:21:24.0032 3868 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:21:24.0079 3868 TCPIP6 - ok
23:21:24.0110 3868 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:21:24.0141 3868 tcpipreg - ok
23:21:24.0172 3868 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:21:24.0219 3868 TDPIPE - ok
23:21:24.0250 3868 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:21:24.0282 3868 TDTCP - ok
23:21:24.0329 3868 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:21:24.0360 3868 tdx - ok
23:21:24.0391 3868 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:21:24.0407 3868 TermDD - ok
23:21:24.0454 3868 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:21:24.0500 3868 TermService - ok
23:21:24.0547 3868 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:21:24.0563 3868 Themes - ok
23:21:24.0579 3868 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:21:24.0610 3868 THREADORDER - ok
23:21:24.0641 3868 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:21:24.0672 3868 TrkWks - ok
23:21:24.0719 3868 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:21:24.0750 3868 TrustedInstaller - ok
23:21:24.0797 3868 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:21:24.0844 3868 tssecsrv - ok
23:21:24.0892 3868 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:21:24.0939 3868 TsUsbFlt - ok
23:21:24.0970 3868 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:21:25.0001 3868 tunnel - ok
23:21:25.0033 3868 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:21:25.0048 3868 uagp35 - ok
23:21:25.0080 3868 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:21:25.0126 3868 udfs - ok
23:21:25.0158 3868 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:21:25.0189 3868 UI0Detect - ok
23:21:25.0220 3868 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:21:25.0236 3868 uliagpkx - ok
23:21:25.0267 3868 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:21:25.0298 3868 umbus - ok
23:21:25.0330 3868 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:21:25.0345 3868 UmPass - ok
23:21:25.0392 3868 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:21:25.0423 3868 UmRdpService - ok
23:21:25.0470 3868 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:21:25.0533 3868 upnphost - ok
23:21:25.0564 3868 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:21:25.0595 3868 USBAAPL - ok
23:21:25.0611 3868 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
23:21:25.0658 3868 usbbus - ok
23:21:25.0673 3868 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:21:25.0736 3868 usbccgp - ok
23:21:25.0751 3868 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:21:25.0783 3868 usbcir - ok
23:21:25.0814 3868 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:21:25.0830 3868 UsbDiag - ok
23:21:25.0845 3868 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:21:25.0861 3868 usbehci - ok
23:21:25.0892 3868 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:21:25.0908 3868 usbhub - ok
23:21:25.0923 3868 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:21:25.0955 3868 USBModem - ok
23:21:25.0986 3868 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:21:26.0001 3868 usbohci - ok
23:21:26.0033 3868 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:21:26.0048 3868 usbprint - ok
23:21:26.0064 3868 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:21:26.0095 3868 usbscan - ok
23:21:26.0126 3868 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:21:26.0173 3868 USBSTOR - ok
23:21:26.0189 3868 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:21:26.0205 3868 usbuhci - ok
23:21:26.0236 3868 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
23:21:26.0267 3868 usb_rndisx - ok
23:21:26.0298 3868 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:21:26.0345 3868 UxSms - ok
23:21:26.0361 3868 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:21:26.0376 3868 VaultSvc - ok
23:21:26.0392 3868 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:21:26.0408 3868 vdrvroot - ok
23:21:26.0439 3868 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:21:26.0501 3868 vds - ok
23:21:26.0533 3868 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:21:26.0564 3868 vga - ok
23:21:26.0580 3868 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:21:26.0626 3868 VgaSave - ok
23:21:26.0658 3868 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:21:26.0673 3868 vhdmp - ok
23:21:26.0689 3868 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:21:26.0705 3868 viaagp - ok
23:21:26.0736 3868 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:21:26.0767 3868 ViaC7 - ok
23:21:26.0783 3868 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:21:26.0798 3868 viaide - ok
23:21:26.0876 3868 [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router C:\Program Files\Virtual Router\VirtualRouterService.exe
23:21:26.0909 3868 Virtual Router ( UnsignedFile.Multi.Generic ) - warning
23:21:26.0910 3868 Virtual Router - detected UnsignedFile.Multi.Generic (1)
23:21:26.0925 3868 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:21:26.0957 3868 vmbus - ok
23:21:26.0972 3868 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:21:27.0003 3868 VMBusHID - ok
23:21:27.0019 3868 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:21:27.0035 3868 volmgr - ok
23:21:27.0066 3868 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:21:27.0097 3868 volmgrx - ok
23:21:27.0113 3868 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:21:27.0128 3868 volsnap - ok
23:21:27.0175 3868 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:21:27.0191 3868 vsmraid - ok
23:21:27.0238 3868 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:21:27.0316 3868 VSS - ok
23:21:27.0332 3868 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:21:27.0363 3868 vwifibus - ok
23:21:27.0378 3868 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:21:27.0410 3868 vwififlt - ok
23:21:27.0441 3868 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:21:27.0472 3868 vwifimp - ok
23:21:27.0503 3868 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:21:27.0550 3868 W32Time - ok
23:21:27.0582 3868 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:21:27.0597 3868 WacomPen - ok
23:21:27.0613 3868 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:21:27.0644 3868 WANARP - ok
23:21:27.0660 3868 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:21:27.0691 3868 Wanarpv6 - ok
23:21:27.0738 3868 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:21:27.0847 3868 wbengine - ok
23:21:27.0894 3868 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:21:27.0929 3868 WbioSrvc - ok
23:21:27.0960 3868 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:21:27.0992 3868 wcncsvc - ok
23:21:28.0023 3868 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:21:28.0070 3868 WcsPlugInService - ok
23:21:28.0101 3868 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:21:28.0117 3868 Wd - ok
23:21:28.0164 3868 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:21:28.0195 3868 Wdf01000 - ok
23:21:28.0226 3868 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:21:28.0273 3868 WdiServiceHost - ok
23:21:28.0289 3868 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:21:28.0304 3868 WdiSystemHost - ok
23:21:28.0351 3868 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:21:28.0382 3868 WebClient - ok
23:21:28.0398 3868 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:21:28.0429 3868 Wecsvc - ok
23:21:28.0460 3868 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:21:28.0507 3868 wercplsupport - ok
23:21:28.0523 3868 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:21:28.0554 3868 WerSvc - ok
23:21:28.0585 3868 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:21:28.0617 3868 WfpLwf - ok
23:21:28.0632 3868 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:21:28.0648 3868 WIMMount - ok
23:21:28.0726 3868 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:21:28.0773 3868 WinDefend - ok
23:21:28.0773 3868 WinHttpAutoProxySvc - ok
23:21:28.0851 3868 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:21:28.0882 3868 Winmgmt - ok
23:21:28.0946 3868 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:21:29.0040 3868 WinRM - ok
23:21:29.0071 3868 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
23:21:29.0102 3868 WinUSB - ok
23:21:29.0165 3868 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:21:29.0211 3868 Wlansvc - ok
23:21:29.0305 3868 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:21:29.0368 3868 wlidsvc - ok
23:21:29.0415 3868 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:21:29.0430 3868 WmiAcpi - ok
23:21:29.0477 3868 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:21:29.0493 3868 wmiApSrv - ok
23:21:29.0571 3868 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:21:29.0680 3868 WMPNetworkSvc - ok
23:21:29.0711 3868 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:21:29.0743 3868 WPCSvc - ok
23:21:29.0774 3868 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:21:29.0805 3868 WPDBusEnum - ok
23:21:29.0836 3868 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:21:29.0899 3868 ws2ifsl - ok
23:21:29.0930 3868 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:21:29.0962 3868 wscsvc - ok
23:21:29.0962 3868 WSearch - ok
23:21:30.0056 3868 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:21:30.0150 3868 wuauserv - ok
23:21:30.0197 3868 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:21:30.0228 3868 WudfPf - ok
23:21:30.0244 3868 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:21:30.0275 3868 WUDFRd - ok
23:21:30.0291 3868 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:21:30.0322 3868 wudfsvc - ok
23:21:30.0369 3868 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:21:30.0400 3868 WwanSvc - ok
23:21:30.0431 3868 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
23:21:30.0447 3868 XUIF - ok
23:21:30.0478 3868 ================ Scan global ===============================
23:21:30.0541 3868 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:21:30.0587 3868 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
23:21:30.0603 3868 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
23:21:30.0634 3868 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:21:30.0666 3868 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:21:30.0681 3868 [Global] - ok
23:21:30.0681 3868 ================ Scan MBR ==================================
23:21:30.0681 3868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:21:30.0853 3868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:21:30.0853 3868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:21:30.0869 3868 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:21:30.0916 3868 \Device\Harddisk1\DR1 - ok
23:21:30.0916 3868 ================ Scan VBR ==================================
23:21:30.0931 3868 [ DD5E1D07617DB2452771982D820DC68A ] \Device\Harddisk0\DR0\Partition1
23:21:30.0931 3868 \Device\Harddisk0\DR0\Partition1 - ok
23:21:30.0931 3868 [ E9ED5AFE0638C3603C764C36B83709F4 ] \Device\Harddisk0\DR0\Partition2
23:21:30.0947 3868 \Device\Harddisk0\DR0\Partition2 - ok
23:21:30.0947 3868 [ AA76959256255F519FD0A7AC15BBB1ED ] \Device\Harddisk1\DR1\Partition1
23:21:30.0947 3868 \Device\Harddisk1\DR1\Partition1 - ok
23:21:30.0947 3868 ============================================================
23:21:30.0947 3868 Scan finished
23:21:30.0947 3868 ============================================================
23:21:30.0978 2724 Detected object count: 5
23:21:30.0978 2724 Actual detected object count: 5
23:22:03.0827 2724 ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:03.0827 2724 ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:22:03.0827 2724 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:03.0827 2724 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:22:03.0827 2724 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:03.0827 2724 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:22:03.0842 2724 Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:03.0842 2724 Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:22:03.0842 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:22:03.0842 2724 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
13.01.2013, 23:43
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar aufCode:
ATTFilter \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Um das zu tun musst du den TDSS-Killer neu starten und einen neuen Scan machen. Wenn du danach die Ergebnisse siehst, stellst du bitte diesen Eintrag auf CURE bzw. DELETE (je nachdem was dir angeboten wird, alle anderen bitte auf SKIP lassen! ) und klickst dann unten rechts auf continue Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 16:48
| #11 |
| | Rechner langsam, tlw. hängt er sich sogar auf Hallo! Habe es wie oben beschrieben gemacht, allerdings ist mir hinterher eingefallen, dass ich dummerweise vergessen hatte Avira auszuschalten. Das hat sich allerdings nicht gemeldet. Falls ich es nochmal machen soll, sagen Sie mir bitte bescheid. Code:
ATTFilter 16:42:52.0896 3916 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:42:53.0115 3916 ============================================================
16:42:53.0115 3916 Current date / time: 2013/01/14 16:42:53.0115
16:42:53.0115 3916 SystemInfo:
16:42:53.0115 3916
16:42:53.0115 3916 OS Version: 6.1.7601 ServicePack: 1.0
16:42:53.0115 3916 Product type: Workstation
16:42:53.0115 3916 ComputerName: HORST
16:42:53.0115 3916 UserName: Chef
16:42:53.0115 3916 Windows directory: C:\Windows
16:42:53.0115 3916 System windows directory: C:\Windows
16:42:53.0115 3916 Processor architecture: Intel x86
16:42:53.0115 3916 Number of processors: 2
16:42:53.0115 3916 Page size: 0x1000
16:42:53.0115 3916 Boot type: Normal boot
16:42:53.0115 3916 ============================================================
16:42:56.0506 3916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:56.0506 3916 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:56.0709 3916 ============================================================
16:42:56.0709 3916 \Device\Harddisk0\DR0:
16:42:56.0709 3916 MBR partitions:
16:42:56.0725 3916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x21AD1060, BlocksNum 0x395C661
16:42:56.0725 3916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x21AD0FE2
16:42:56.0725 3916 \Device\Harddisk1\DR1:
16:42:56.0725 3916 MBR partitions:
16:42:56.0725 3916 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
16:42:56.0725 3916 ============================================================
16:42:56.0944 3916 C: <-> \Device\Harddisk0\DR0\Partition2
16:42:56.0959 3916 D: <-> \Device\Harddisk0\DR0\Partition1
16:42:56.0991 3916 G: <-> \Device\Harddisk1\DR1\Partition1
16:42:56.0991 3916 ============================================================
16:42:56.0991 3916 Initialize success
16:42:56.0991 3916 ============================================================
16:43:10.0851 4508 ============================================================
16:43:10.0851 4508 Scan started
16:43:10.0851 4508 Mode: Manual; SigCheck; TDLFS;
16:43:10.0851 4508 ============================================================
16:43:11.0992 4508 ================ Scan system memory ========================
16:43:11.0992 4508 System memory - ok
16:43:11.0992 4508 ================ Scan services =============================
16:43:13.0165 4508 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:43:13.0415 4508 1394ohci - ok
16:43:13.0493 4508 [ BEB5E6A8C17C3C7485563281E0F9E77E ] 61883 C:\Windows\system32\DRIVERS\61883.sys
16:43:13.0586 4508 61883 - ok
16:43:13.0618 4508 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\Windows\system32\drivers\ACEDRV05.sys
16:43:13.0836 4508 ACEDRV05 ( UnsignedFile.Multi.Generic ) - warning
16:43:13.0836 4508 ACEDRV05 - detected UnsignedFile.Multi.Generic (1)
16:43:13.0868 4508 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:43:13.0899 4508 ACPI - ok
16:43:13.0961 4508 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:43:14.0071 4508 AcpiPmi - ok
16:43:14.0243 4508 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:14.0336 4508 AdobeARMservice - ok
16:43:14.0524 4508 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:14.0586 4508 adp94xx - ok
16:43:14.0649 4508 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:43:14.0696 4508 adpahci - ok
16:43:14.0774 4508 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:43:14.0868 4508 adpu320 - ok
16:43:14.0946 4508 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:43:15.0040 4508 AeLookupSvc - ok
16:43:15.0102 4508 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:43:15.0165 4508 AFD - ok
16:43:15.0227 4508 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:43:15.0243 4508 agp440 - ok
16:43:15.0290 4508 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:43:15.0352 4508 aic78xx - ok
16:43:15.0415 4508 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:43:15.0508 4508 ALG - ok
16:43:15.0524 4508 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:43:15.0571 4508 aliide - ok
16:43:15.0618 4508 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:43:15.0633 4508 amdagp - ok
16:43:15.0665 4508 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:43:15.0711 4508 amdide - ok
16:43:15.0821 4508 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:43:15.0915 4508 AmdK8 - ok
16:43:15.0930 4508 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:43:15.0993 4508 AmdPPM - ok
16:43:16.0071 4508 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:43:16.0180 4508 amdsata - ok
16:43:16.0305 4508 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:16.0383 4508 amdsbs - ok
16:43:16.0430 4508 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:43:16.0508 4508 amdxata - ok
16:43:16.0555 4508 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
16:43:16.0633 4508 androidusb - ok
16:43:16.0711 4508 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:43:16.0790 4508 AntiVirSchedulerService - ok
16:43:16.0821 4508 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:43:16.0852 4508 AntiVirService - ok
16:43:16.0915 4508 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:43:17.0102 4508 AppID - ok
16:43:17.0133 4508 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:43:17.0196 4508 AppIDSvc - ok
16:43:17.0258 4508 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:43:17.0352 4508 Appinfo - ok
16:43:17.0430 4508 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:17.0477 4508 Apple Mobile Device - ok
16:43:17.0555 4508 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:43:17.0680 4508 AppMgmt - ok
16:43:17.0727 4508 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:43:17.0758 4508 arc - ok
16:43:17.0805 4508 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:43:17.0883 4508 arcsas - ok
16:43:17.0930 4508 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:18.0071 4508 AsyncMac - ok
16:43:18.0102 4508 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:43:18.0118 4508 atapi - ok
16:43:18.0352 4508 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:18.0493 4508 AudioEndpointBuilder - ok
16:43:18.0524 4508 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:43:18.0555 4508 Audiosrv - ok
16:43:18.0618 4508 [ C44BDD77E06053CF5AFE046F3A47C16B ] Avc C:\Windows\system32\DRIVERS\avc.sys
16:43:18.0665 4508 Avc - ok
16:43:18.0696 4508 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:43:18.0743 4508 avgntflt - ok
16:43:18.0790 4508 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:43:18.0821 4508 avipbb - ok
16:43:18.0836 4508 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:43:18.0899 4508 avkmgr - ok
16:43:18.0953 4508 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:43:19.0062 4508 AxInstSV - ok
16:43:19.0218 4508 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:43:19.0359 4508 b06bdrv - ok
16:43:19.0390 4508 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:43:19.0421 4508 b57nd60x - ok
16:43:19.0453 4508 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:43:19.0546 4508 BDESVC - ok
16:43:19.0593 4508 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:43:19.0656 4508 Beep - ok
16:43:19.0781 4508 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:43:19.0859 4508 BFE - ok
16:43:20.0110 4508 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:43:20.0266 4508 BITS - ok
16:43:20.0282 4508 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:20.0344 4508 blbdrive - ok
16:43:20.0454 4508 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:43:20.0532 4508 Bonjour Service - ok
16:43:20.0641 4508 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:43:20.0719 4508 bowser - ok
16:43:20.0766 4508 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:20.0875 4508 BrFiltLo - ok
16:43:20.0891 4508 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:20.0969 4508 BrFiltUp - ok
16:43:20.0985 4508 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:43:21.0047 4508 BridgeMP - ok
16:43:21.0125 4508 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:43:21.0219 4508 Browser - ok
16:43:21.0266 4508 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:43:21.0391 4508 Brserid - ok
16:43:21.0422 4508 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:21.0485 4508 BrSerWdm - ok
16:43:21.0516 4508 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:21.0579 4508 BrUsbMdm - ok
16:43:21.0610 4508 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:21.0672 4508 BrUsbSer - ok
16:43:21.0704 4508 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:43:21.0797 4508 BthEnum - ok
16:43:21.0813 4508 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:21.0891 4508 BTHMODEM - ok
16:43:21.0969 4508 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:43:22.0047 4508 BthPan - ok
16:43:22.0141 4508 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:43:22.0282 4508 BTHPORT - ok
16:43:22.0313 4508 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:43:22.0407 4508 bthserv - ok
16:43:22.0469 4508 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:43:22.0500 4508 BTHUSB - ok
16:43:22.0563 4508 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
16:43:22.0594 4508 CCALib8 ( UnsignedFile.Multi.Generic ) - warning
16:43:22.0594 4508 CCALib8 - detected UnsignedFile.Multi.Generic (1)
16:43:22.0625 4508 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:43:22.0704 4508 cdfs - ok
16:43:22.0813 4508 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
16:43:22.0875 4508 cdrom - ok
16:43:22.0938 4508 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:43:23.0032 4508 CertPropSvc - ok
16:43:23.0110 4508 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:43:23.0204 4508 circlass - ok
16:43:23.0282 4508 [ 3E2AFAFA158C9ED670C106842BDCC81E ] CISVC C:\Windows\system32\CISVC.EXE
16:43:23.0329 4508 CISVC - ok
16:43:23.0375 4508 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:43:23.0469 4508 CLFS - ok
16:43:23.0688 4508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:23.0735 4508 clr_optimization_v2.0.50727_32 - ok
16:43:24.0454 4508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:24.0547 4508 clr_optimization_v4.0.30319_32 - ok
16:43:24.0579 4508 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:24.0610 4508 CmBatt - ok
16:43:24.0641 4508 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:43:24.0750 4508 cmdide - ok
16:43:24.0907 4508 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:43:25.0204 4508 CNG - ok
16:43:25.0235 4508 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:43:25.0329 4508 Compbatt - ok
16:43:25.0407 4508 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:43:25.0500 4508 CompositeBus - ok
16:43:25.0516 4508 COMSysApp - ok
16:43:25.0672 4508 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:25.0735 4508 crcdisk - ok
16:43:25.0875 4508 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:43:26.0032 4508 CryptSvc - ok
16:43:26.0157 4508 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:43:26.0375 4508 CSC - ok
16:43:26.0547 4508 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:43:27.0360 4508 CscService - ok
16:43:27.0454 4508 [ 0D11A47BD3380A5BD671DEA5C794F46C ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
16:43:27.0547 4508 dc3d - ok
16:43:27.0735 4508 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:43:27.0813 4508 DcomLaunch - ok
16:43:27.0922 4508 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:43:28.0219 4508 defragsvc - ok
16:43:28.0266 4508 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:43:28.0329 4508 DfsC - ok
16:43:28.0485 4508 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:43:28.0704 4508 Dhcp - ok
16:43:28.0766 4508 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:43:28.0829 4508 discache - ok
16:43:28.0844 4508 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:43:28.0891 4508 Disk - ok
16:43:28.0938 4508 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:43:29.0018 4508 Dnscache - ok
16:43:29.0065 4508 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:43:29.0221 4508 dot3svc - ok
16:43:29.0299 4508 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:43:29.0377 4508 DPS - ok
16:43:29.0409 4508 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:43:29.0487 4508 drmkaud - ok
16:43:29.0518 4508 [ 1FC1EED3EA0C3A0ECF8A95B97E1B4831 ] dvd43llh C:\Windows\system32\DRIVERS\dvd43llh.sys
16:43:29.0565 4508 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
16:43:29.0565 4508 dvd43llh - detected UnsignedFile.Multi.Generic (1)
16:43:29.0674 4508 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:43:29.0752 4508 DXGKrnl - ok
16:43:29.0784 4508 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:43:29.0877 4508 EapHost - ok
16:43:30.0707 4508 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:43:30.0863 4508 ebdrv - ok
16:43:30.0878 4508 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:43:30.0988 4508 EFS - ok
16:43:31.0175 4508 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:43:31.0253 4508 elxstor - ok
16:43:31.0316 4508 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:43:31.0394 4508 ErrDev - ok
16:43:31.0519 4508 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:43:31.0597 4508 EventSystem - ok
16:43:31.0644 4508 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:43:31.0707 4508 exfat - ok
16:43:31.0785 4508 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:43:31.0894 4508 fastfat - ok
16:43:31.0910 4508 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:43:31.0972 4508 fdc - ok
16:43:32.0009 4508 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:43:32.0072 4508 fdPHost - ok
16:43:32.0103 4508 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:43:32.0181 4508 FDResPub - ok
16:43:32.0228 4508 [ F5CB6CB6D12F495516BE27CFFCCDE4BF ] FETNDIS C:\Windows\system32\DRIVERS\fetnd6.sys
16:43:32.0259 4508 FETNDIS - ok
16:43:32.0275 4508 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:43:32.0322 4508 FileInfo - ok
16:43:32.0337 4508 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:43:32.0447 4508 Filetrace - ok
16:43:32.0509 4508 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:43:32.0603 4508 FLEXnet Licensing Service - ok
16:43:32.0697 4508 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:32.0775 4508 flpydisk - ok
16:43:32.0791 4508 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:43:32.0837 4508 FltMgr - ok
16:43:33.0213 4508 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:43:33.0370 4508 FontCache - ok
16:43:33.0588 4508 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:33.0588 4508 FontCache3.0.0.0 - ok
16:43:33.0620 4508 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:43:33.0698 4508 FsDepends - ok
16:43:33.0745 4508 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:43:33.0791 4508 Fs_Rec - ok
16:43:33.0854 4508 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:43:33.0932 4508 fvevol - ok
16:43:33.0979 4508 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:34.0026 4508 gagp30kx - ok
16:43:34.0073 4508 [ 997527391DEC418DC62D784D848D73BE ] GigasetGenericUSB C:\Windows\system32\DRIVERS\GigasetGenericUSB.sys
16:43:34.0151 4508 GigasetGenericUSB - ok
16:43:34.0291 4508 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:43:34.0401 4508 gpsvc - ok
16:43:34.0448 4508 [ CEC45180029F1012054A41CEEEA9CEAB ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
16:43:34.0495 4508 grmnusb - ok
16:43:34.0588 4508 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:34.0635 4508 gupdate - ok
16:43:34.0651 4508 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:34.0666 4508 gupdatem - ok
16:43:34.0729 4508 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:43:34.0838 4508 hcw85cir - ok
16:43:34.0870 4508 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:34.0948 4508 HdAudAddService - ok
16:43:34.0979 4508 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:43:34.0995 4508 HDAudBus - ok
16:43:35.0044 4508 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:35.0138 4508 HidBatt - ok
16:43:35.0154 4508 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:43:35.0216 4508 HidBth - ok
16:43:35.0248 4508 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:43:35.0310 4508 HidIr - ok
16:43:35.0373 4508 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:43:35.0435 4508 hidserv - ok
16:43:35.0482 4508 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:43:35.0529 4508 HidUsb - ok
16:43:35.0576 4508 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:43:35.0654 4508 hkmsvc - ok
16:43:35.0763 4508 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:35.0826 4508 HomeGroupListener - ok
16:43:35.0935 4508 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:36.0061 4508 HomeGroupProvider - ok
16:43:36.0108 4508 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:43:36.0170 4508 HpSAMD - ok
16:43:36.0483 4508 [ 44452F7A09D00573DC6E714874257CC9 ] hshld C:\Program Files\Hotspot Shield\bin\openvpnas.exe
16:43:36.0561 4508 hshld - ok
16:43:36.0577 4508 [ 4F28652EC514FA1BA473BC1A695A5C98 ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
16:43:36.0639 4508 HssDrv - ok
16:43:36.0858 4508 [ 2CFEA9C337B699ACA38487E8A7438F35 ] HssSrv C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
16:43:36.0983 4508 HssSrv - ok
16:43:36.0999 4508 [ 6B1DC08D22231C9E508A715F07FCE7FB ] HssTrayService C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
16:43:37.0014 4508 HssTrayService - ok
16:43:37.0030 4508 HssWd - ok
16:43:37.0170 4508 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:43:37.0311 4508 HTTP - ok
16:43:37.0374 4508 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:43:37.0420 4508 hwpolicy - ok
16:43:37.0452 4508 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:43:37.0483 4508 i8042prt - ok
16:43:37.0499 4508 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:43:37.0545 4508 iaStorV - ok
16:43:37.0983 4508 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:38.0140 4508 idsvc - ok
16:43:38.0171 4508 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:43:38.0250 4508 iirsp - ok
16:43:38.0484 4508 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:43:38.0609 4508 IKEEXT - ok
16:43:38.0625 4508 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:43:38.0671 4508 intelide - ok
16:43:38.0734 4508 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:43:38.0781 4508 intelppm - ok
16:43:38.0812 4508 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:43:38.0890 4508 IPBusEnum - ok
16:43:38.0906 4508 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:38.0953 4508 IpFilterDriver - ok
16:43:39.0093 4508 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:43:39.0265 4508 iphlpsvc - ok
16:43:39.0296 4508 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:43:39.0343 4508 IPMIDRV - ok
16:43:39.0390 4508 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:43:39.0453 4508 IPNAT - ok
16:43:39.0484 4508 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:43:39.0562 4508 IRENUM - ok
16:43:39.0593 4508 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:43:39.0625 4508 isapnp - ok
16:43:39.0640 4508 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:43:39.0671 4508 iScsiPrt - ok
16:43:39.0703 4508 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:39.0718 4508 kbdclass - ok
16:43:39.0734 4508 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:39.0765 4508 kbdhid - ok
16:43:39.0781 4508 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:43:39.0796 4508 KeyIso - ok
16:43:39.0828 4508 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:43:39.0843 4508 KSecDD - ok
16:43:39.0906 4508 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:43:39.0953 4508 KSecPkg - ok
16:43:40.0015 4508 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:43:40.0062 4508 KtmRm - ok
16:43:40.0125 4508 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:43:40.0187 4508 LanmanServer - ok
16:43:40.0218 4508 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:40.0312 4508 LanmanWorkstation - ok
16:43:40.0359 4508 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:43:40.0437 4508 lltdio - ok
16:43:40.0484 4508 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:43:40.0593 4508 lltdsvc - ok
16:43:40.0609 4508 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:43:40.0656 4508 lmhosts - ok
16:43:40.0687 4508 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:40.0734 4508 LSI_FC - ok
16:43:40.0781 4508 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:40.0843 4508 LSI_SAS - ok
16:43:40.0875 4508 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:40.0921 4508 LSI_SAS2 - ok
16:43:40.0937 4508 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:40.0968 4508 LSI_SCSI - ok
16:43:41.0000 4508 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:43:41.0062 4508 luafv - ok
16:43:41.0328 4508 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
16:43:41.0421 4508 MDM - ok
16:43:41.0468 4508 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:43:41.0515 4508 megasas - ok
16:43:41.0546 4508 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:41.0593 4508 MegaSR - ok
16:43:41.0625 4508 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:43:41.0687 4508 MMCSS - ok
16:43:41.0734 4508 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:43:42.0031 4508 Modem - ok
16:43:42.0062 4508 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:43:42.0094 4508 monitor - ok
16:43:42.0125 4508 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:43:42.0141 4508 mouclass - ok
16:43:42.0172 4508 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:43:42.0235 4508 mouhid - ok
16:43:42.0282 4508 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:43:42.0344 4508 mountmgr - ok
16:43:42.0391 4508 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:43:42.0454 4508 mpio - ok
16:43:42.0500 4508 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:43:42.0594 4508 mpsdrv - ok
16:43:42.0641 4508 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:43:42.0750 4508 MpsSvc - ok
16:43:42.0782 4508 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:43:42.0829 4508 MRxDAV - ok
16:43:42.0860 4508 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:42.0922 4508 mrxsmb - ok
16:43:42.0954 4508 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:43.0000 4508 mrxsmb10 - ok
16:43:43.0016 4508 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:43.0063 4508 mrxsmb20 - ok
16:43:43.0094 4508 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:43:43.0172 4508 msahci - ok
16:43:43.0219 4508 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:43:43.0266 4508 msdsm - ok
16:43:43.0297 4508 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:43:43.0329 4508 MSDTC - ok
16:43:43.0375 4508 [ 114B67C324D64C8195FD3BF93B4DF02A ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
16:43:43.0438 4508 MSDV - ok
16:43:43.0469 4508 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:43:43.0532 4508 Msfs - ok
16:43:43.0579 4508 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:43:43.0672 4508 mshidkmdf - ok
16:43:43.0719 4508 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:43:43.0797 4508 msisadrv - ok
16:43:43.0860 4508 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:43:43.0969 4508 MSiSCSI - ok
16:43:43.0985 4508 msiserver - ok
16:43:44.0047 4508 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:43:44.0144 4508 MSKSSRV - ok
16:43:44.0191 4508 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:44.0238 4508 MSPCLOCK - ok
16:43:44.0269 4508 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:43:44.0363 4508 MSPQM - ok
16:43:44.0457 4508 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:43:44.0503 4508 MsRPC - ok
16:43:44.0535 4508 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:43:44.0550 4508 mssmbios - ok
16:43:44.0597 4508 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:43:44.0691 4508 MSTEE - ok
16:43:44.0722 4508 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:44.0816 4508 MTConfig - ok
16:43:44.0832 4508 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:43:44.0863 4508 Mup - ok
16:43:45.0003 4508 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:43:45.0114 4508 napagent - ok
16:43:45.0161 4508 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:43:45.0208 4508 NativeWifiP - ok
16:43:45.0286 4508 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:43:45.0317 4508 NDIS - ok
16:43:45.0411 4508 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:45.0536 4508 NdisCap - ok
16:43:45.0551 4508 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:45.0629 4508 NdisTapi - ok
16:43:45.0723 4508 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:45.0801 4508 Ndisuio - ok
16:43:45.0848 4508 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:45.0895 4508 NdisWan - ok
16:43:45.0926 4508 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:43:45.0973 4508 NDProxy - ok
16:43:46.0004 4508 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:43:46.0083 4508 NetBIOS - ok
16:43:46.0129 4508 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:43:46.0208 4508 NetBT - ok
16:43:46.0239 4508 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:43:46.0254 4508 Netlogon - ok
16:43:46.0348 4508 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:43:46.0458 4508 Netman - ok
16:43:46.0567 4508 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:43:46.0645 4508 netprofm - ok
16:43:46.0676 4508 [ B8DEE9E7E8F55138F9BC886519C617C4 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
16:43:46.0739 4508 netr73 - ok
16:43:46.0786 4508 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:46.0864 4508 NetTcpPortSharing - ok
16:43:46.0911 4508 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:46.0942 4508 nfrd960 - ok
16:43:46.0989 4508 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:43:47.0020 4508 NlaSvc - ok
16:43:47.0067 4508 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:43:47.0098 4508 Npfs - ok
16:43:47.0176 4508 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:43:47.0254 4508 nsi - ok
16:43:47.0270 4508 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:43:47.0348 4508 nsiproxy - ok
16:43:47.0458 4508 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:43:47.0567 4508 Ntfs - ok
16:43:47.0629 4508 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:43:47.0723 4508 Null - ok
16:43:48.0637 4508 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:43:49.0231 4508 nvlddmkm - ok
16:43:49.0262 4508 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:43:49.0356 4508 nvraid - ok
16:43:49.0387 4508 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:43:49.0434 4508 nvstor - ok
16:43:49.0465 4508 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:43:49.0481 4508 nvsvc - ok
16:43:49.0497 4508 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:43:49.0559 4508 nv_agp - ok
16:43:49.0575 4508 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:43:49.0653 4508 ohci1394 - ok
16:43:49.0684 4508 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:49.0700 4508 ose - ok
16:43:50.0560 4508 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:43:50.0935 4508 osppsvc - ok
16:43:51.0076 4508 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:43:51.0154 4508 p2pimsvc - ok
16:43:51.0169 4508 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:43:51.0201 4508 p2psvc - ok
16:43:51.0232 4508 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:43:51.0263 4508 Parport - ok
16:43:51.0279 4508 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:43:51.0326 4508 partmgr - ok
16:43:51.0373 4508 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:43:51.0419 4508 Parvdm - ok
16:43:51.0451 4508 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:43:51.0498 4508 PcaSvc - ok
16:43:51.0576 4508 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:43:51.0638 4508 pci - ok
16:43:51.0685 4508 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:43:51.0732 4508 pciide - ok
16:43:51.0810 4508 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:51.0966 4508 pcmcia - ok
16:43:51.0982 4508 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:43:52.0060 4508 pcw - ok
16:43:52.0154 4508 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:43:52.0310 4508 PEAUTH - ok
16:43:52.0763 4508 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:43:52.0998 4508 PeerDistSvc - ok
16:43:53.0216 4508 [ 8B7AEC0ABA77DE5D2FEAC1824C15A3FA ] Ph3xIB32 C:\Windows\system32\DRIVERS\Ph3xIB32.sys
16:43:53.0341 4508 Ph3xIB32 - ok
16:43:53.0685 4508 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:43:53.0841 4508 pla - ok
16:43:53.0998 4508 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:43:54.0138 4508 PlugPlay - ok
16:43:54.0185 4508 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:43:54.0232 4508 PNRPAutoReg - ok
16:43:54.0294 4508 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:43:54.0326 4508 PNRPsvc - ok
16:43:54.0388 4508 [ 4B30EE7037EA1529F5FC80DE5DC42A30 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
16:43:54.0451 4508 Point32 - ok
16:43:57.0483 4508 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:43:57.0530 4508 PolicyAgent - ok
16:43:57.0639 4508 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:43:57.0749 4508 Power - ok
16:43:57.0858 4508 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:43:57.0983 4508 PptpMiniport - ok
16:43:58.0014 4508 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:43:58.0061 4508 Processor - ok
16:43:58.0108 4508 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:43:58.0217 4508 ProfSvc - ok
16:43:58.0217 4508 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:58.0249 4508 ProtectedStorage - ok
16:43:58.0327 4508 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:43:58.0420 4508 Psched - ok
16:43:58.0780 4508 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:43:58.0889 4508 ql2300 - ok
16:43:58.0920 4508 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:58.0983 4508 ql40xx - ok
16:43:59.0092 4508 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:43:59.0155 4508 QWAVE - ok
16:43:59.0186 4508 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:43:59.0233 4508 QWAVEdrv - ok
16:43:59.0264 4508 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:43:59.0311 4508 RasAcd - ok
16:43:59.0405 4508 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:59.0499 4508 RasAgileVpn - ok
16:43:59.0545 4508 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:43:59.0624 4508 RasAuto - ok
16:43:59.0670 4508 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:59.0764 4508 Rasl2tp - ok
16:43:59.0967 4508 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:44:00.0061 4508 RasMan - ok
16:44:00.0092 4508 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:44:00.0186 4508 RasPppoe - ok
16:44:00.0217 4508 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:44:00.0296 4508 RasSstp - ok
16:44:00.0375 4508 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:44:00.0484 4508 rdbss - ok
16:44:00.0515 4508 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:44:00.0609 4508 rdpbus - ok
16:44:00.0640 4508 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:44:00.0671 4508 RDPCDD - ok
16:44:00.0750 4508 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:44:00.0843 4508 RDPDR - ok
16:44:00.0875 4508 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:44:00.0968 4508 RDPENCDD - ok
16:44:01.0015 4508 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:44:01.0187 4508 RDPREFMP - ok
16:44:01.0265 4508 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:44:01.0406 4508 RDPWD - ok
16:44:01.0453 4508 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:44:01.0515 4508 rdyboost - ok
16:44:01.0562 4508 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:44:01.0640 4508 RemoteAccess - ok
16:44:01.0671 4508 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:44:01.0750 4508 RemoteRegistry - ok
16:44:01.0781 4508 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:44:01.0828 4508 RFCOMM - ok
16:44:01.0859 4508 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:44:01.0953 4508 RpcEptMapper - ok
16:44:02.0015 4508 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:44:02.0093 4508 RpcLocator - ok
16:44:02.0125 4508 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:44:02.0171 4508 RpcSs - ok
16:44:02.0250 4508 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:44:02.0359 4508 rspndr - ok
16:44:02.0421 4508 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:44:02.0531 4508 s3cap - ok
16:44:02.0546 4508 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:44:02.0562 4508 SamSs - ok
16:44:02.0609 4508 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:44:02.0687 4508 sbp2port - ok
16:44:02.0796 4508 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:44:02.0890 4508 SCardSvr - ok
16:44:02.0921 4508 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:44:03.0093 4508 scfilter - ok
16:44:03.0359 4508 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:44:03.0515 4508 Schedule - ok
16:44:03.0531 4508 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:44:03.0562 4508 SCPolicySvc - ok
16:44:03.0687 4508 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:44:03.0781 4508 SDRSVC - ok
16:44:03.0812 4508 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:44:03.0859 4508 secdrv - ok
16:44:03.0890 4508 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:44:03.0984 4508 seclogon - ok
16:44:04.0000 4508 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:44:04.0046 4508 SENS - ok
16:44:04.0109 4508 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:44:04.0234 4508 SensrSvc - ok
16:44:04.0281 4508 [ 49385C352CBFA45E6DAF0F3545A5F798 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl.sys
16:44:04.0359 4508 Ser2pl - ok
16:44:04.0437 4508 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:44:04.0515 4508 Serenum - ok
16:44:04.0546 4508 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:44:04.0625 4508 Serial - ok
16:44:04.0656 4508 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:44:04.0703 4508 sermouse - ok
16:44:04.0781 4508 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:44:04.0890 4508 SessionEnv - ok
16:44:04.0937 4508 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:44:05.0015 4508 sffdisk - ok
16:44:05.0031 4508 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:44:05.0078 4508 sffp_mmc - ok
16:44:05.0109 4508 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:44:05.0125 4508 sffp_sd - ok
16:44:05.0218 4508 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:44:05.0266 4508 sfloppy - ok
16:44:05.0313 4508 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:44:05.0375 4508 SharedAccess - ok
16:44:05.0438 4508 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:44:05.0547 4508 ShellHWDetection - ok
16:44:05.0579 4508 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:44:05.0641 4508 sisagp - ok
16:44:05.0688 4508 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:44:05.0735 4508 SiSRaid2 - ok
16:44:05.0797 4508 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:44:05.0891 4508 SiSRaid4 - ok
16:44:06.0407 4508 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files\SMART Technologies\Education Software\SMARTHelperService.exe
16:44:06.0500 4508 SMARTHelperService - ok
16:44:06.0547 4508 [ A4C659F9692E7695CFDD23B9EF9F035D ] SMARTMouseFilterx86 C:\Windows\system32\DRIVERS\SMARTMouseFilterx86.sys
16:44:06.0594 4508 SMARTMouseFilterx86 - ok
16:44:06.0641 4508 [ 45954C46F3FCAE82AC7ACF58F2B421BD ] SMARTVHidMini2000x86 C:\Windows\system32\DRIVERS\SMARTVHidMini2000x86.sys
16:44:06.0688 4508 SMARTVHidMini2000x86 - ok
16:44:06.0750 4508 [ BD6F2C43F591A93D3D987A404DB3D62D ] SMARTVTabletPCx86 C:\Windows\system32\DRIVERS\SMARTVTabletPCx86.sys
16:44:06.0766 4508 SMARTVTabletPCx86 - ok
16:44:06.0797 4508 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:44:06.0844 4508 Smb - ok
16:44:06.0891 4508 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:44:06.0938 4508 SNMPTRAP - ok
16:44:06.0954 4508 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:44:06.0985 4508 spldr - ok
16:44:07.0032 4508 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:44:07.0157 4508 Spooler - ok
16:44:08.0172 4508 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:44:08.0297 4508 sppsvc - ok
16:44:08.0360 4508 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:44:08.0422 4508 sppuinotify - ok
16:44:08.0625 4508 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:44:08.0766 4508 srv - ok
16:44:08.0813 4508 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:44:08.0875 4508 srv2 - ok
16:44:08.0907 4508 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:44:08.0954 4508 srvnet - ok
16:44:09.0000 4508 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
16:44:09.0125 4508 ssadbus - ok
16:44:09.0172 4508 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:44:09.0235 4508 ssadmdfl - ok
16:44:09.0266 4508 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
16:44:09.0313 4508 ssadmdm - ok
16:44:09.0360 4508 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:44:09.0438 4508 SSDPSRV - ok
16:44:09.0469 4508 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:44:09.0516 4508 ssmdrv - ok
16:44:09.0563 4508 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:44:09.0610 4508 SstpSvc - ok
16:44:09.0688 4508 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:44:09.0750 4508 stexstor - ok
16:44:09.0922 4508 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:44:10.0079 4508 StiSvc - ok
16:44:10.0110 4508 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:44:10.0125 4508 storflt - ok
16:44:10.0157 4508 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:44:10.0219 4508 StorSvc - ok
16:44:10.0235 4508 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:44:10.0282 4508 storvsc - ok
16:44:10.0313 4508 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:44:10.0360 4508 swenum - ok
16:44:10.0469 4508 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:44:10.0610 4508 swprv - ok
16:44:10.0860 4508 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:44:11.0063 4508 SysMain - ok
16:44:11.0125 4508 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:44:11.0188 4508 TabletInputService - ok
16:44:11.0235 4508 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
16:44:11.0282 4508 taphss - ok
16:44:11.0360 4508 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:44:11.0469 4508 TapiSrv - ok
16:44:11.0547 4508 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:44:11.0625 4508 TBS - ok
16:44:11.0891 4508 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:44:12.0079 4508 Tcpip - ok
16:44:12.0125 4508 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:44:12.0172 4508 TCPIP6 - ok
16:44:12.0235 4508 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:44:12.0297 4508 tcpipreg - ok
16:44:12.0344 4508 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:44:12.0407 4508 TDPIPE - ok
16:44:12.0454 4508 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:44:12.0516 4508 TDTCP - ok
16:44:12.0563 4508 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:44:12.0641 4508 tdx - ok
16:44:12.0672 4508 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:44:12.0719 4508 TermDD - ok
16:44:12.0766 4508 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:44:12.0860 4508 TermService - ok
16:44:12.0907 4508 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:44:13.0000 4508 Themes - ok
16:44:13.0016 4508 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:44:13.0047 4508 THREADORDER - ok
16:44:13.0125 4508 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:44:13.0204 4508 TrkWks - ok
16:44:13.0266 4508 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:44:13.0329 4508 TrustedInstaller - ok
16:44:13.0391 4508 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:44:13.0485 4508 tssecsrv - ok
16:44:13.0547 4508 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:44:13.0625 4508 TsUsbFlt - ok
16:44:13.0657 4508 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:44:13.0719 4508 tunnel - ok
16:44:13.0782 4508 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:44:13.0860 4508 uagp35 - ok
16:44:13.0907 4508 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:44:13.0969 4508 udfs - ok
16:44:14.0016 4508 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:44:14.0063 4508 UI0Detect - ok
16:44:14.0125 4508 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:44:14.0157 4508 uliagpkx - ok
16:44:14.0188 4508 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:44:14.0250 4508 umbus - ok
16:44:14.0297 4508 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:44:14.0345 4508 UmPass - ok
16:44:14.0392 4508 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:44:14.0455 4508 UmRdpService - ok
16:44:14.0486 4508 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:44:14.0548 4508 upnphost - ok
16:44:14.0611 4508 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:44:14.0720 4508 USBAAPL - ok
16:44:14.0751 4508 [ 9419FAAC6552A51542DBBA02971C841C ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
16:44:14.0830 4508 usbbus - ok
16:44:14.0861 4508 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:44:14.0955 4508 usbccgp - ok
16:44:14.0970 4508 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:44:15.0017 4508 usbcir - ok
16:44:15.0048 4508 [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys
16:44:15.0111 4508 UsbDiag - ok
16:44:15.0126 4508 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:44:15.0173 4508 usbehci - ok
16:44:15.0220 4508 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:44:15.0267 4508 usbhub - ok
16:44:15.0314 4508 [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys
16:44:15.0392 4508 USBModem - ok
16:44:15.0439 4508 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:44:15.0501 4508 usbohci - ok
16:44:15.0533 4508 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:44:15.0580 4508 usbprint - ok
16:44:15.0611 4508 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:44:15.0705 4508 usbscan - ok
16:44:15.0720 4508 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:44:15.0814 4508 USBSTOR - ok
16:44:15.0861 4508 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:44:15.0908 4508 usbuhci - ok
16:44:15.0939 4508 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
16:44:16.0001 4508 usb_rndisx - ok
16:44:16.0033 4508 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:44:16.0111 4508 UxSms - ok
16:44:16.0126 4508 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:44:16.0142 4508 VaultSvc - ok
16:44:16.0158 4508 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:44:16.0220 4508 vdrvroot - ok
16:44:16.0283 4508 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:44:16.0361 4508 vds - ok
16:44:16.0392 4508 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:44:16.0455 4508 vga - ok
16:44:16.0486 4508 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:44:16.0548 4508 VgaSave - ok
16:44:16.0580 4508 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:44:16.0642 4508 vhdmp - ok
16:44:16.0658 4508 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:44:16.0705 4508 viaagp - ok
16:44:16.0736 4508 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:44:16.0767 4508 ViaC7 - ok
16:44:16.0798 4508 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:44:16.0830 4508 viaide - ok
16:44:16.0923 4508 [ F307DA7E96BC760B4628E204E234DCD0 ] Virtual Router C:\Program Files\Virtual Router\VirtualRouterService.exe
16:44:16.0986 4508 Virtual Router ( UnsignedFile.Multi.Generic ) - warning
16:44:16.0986 4508 Virtual Router - detected UnsignedFile.Multi.Generic (1)
16:44:17.0017 4508 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:44:17.0064 4508 vmbus - ok
16:44:17.0095 4508 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:44:17.0173 4508 VMBusHID - ok
16:44:17.0205 4508 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:44:17.0220 4508 volmgr - ok
16:44:17.0251 4508 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:44:17.0298 4508 volmgrx - ok
16:44:17.0330 4508 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:44:17.0408 4508 volsnap - ok
16:44:17.0423 4508 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:44:17.0470 4508 vsmraid - ok
16:44:17.0595 4508 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:44:17.0720 4508 VSS - ok
16:44:17.0736 4508 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:44:17.0814 4508 vwifibus - ok
16:44:17.0830 4508 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:44:17.0908 4508 vwififlt - ok
16:44:17.0939 4508 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:44:18.0048 4508 vwifimp - ok
16:44:18.0080 4508 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:44:18.0189 4508 W32Time - ok
16:44:18.0220 4508 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:44:18.0267 4508 WacomPen - ok
16:44:18.0314 4508 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:44:18.0424 4508 WANARP - ok
16:44:18.0424 4508 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:44:18.0456 4508 Wanarpv6 - ok
16:44:18.0612 4508 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:44:18.0768 4508 wbengine - ok
16:44:18.0815 4508 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:44:18.0893 4508 WbioSrvc - ok
16:44:18.0987 4508 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:44:19.0081 4508 wcncsvc - ok
16:44:19.0112 4508 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:44:19.0221 4508 WcsPlugInService - ok
16:44:19.0268 4508 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:44:19.0284 4508 Wd - ok
16:44:19.0346 4508 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:44:19.0440 4508 Wdf01000 - ok
16:44:19.0502 4508 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:44:19.0581 4508 WdiServiceHost - ok
16:44:19.0581 4508 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:44:19.0612 4508 WdiSystemHost - ok
16:44:19.0659 4508 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:44:19.0721 4508 WebClient - ok
16:44:19.0768 4508 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:44:19.0815 4508 Wecsvc - ok
16:44:19.0831 4508 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:44:19.0893 4508 wercplsupport - ok
16:44:19.0924 4508 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:44:20.0034 4508 WerSvc - ok
16:44:20.0049 4508 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:44:20.0127 4508 WfpLwf - ok
16:44:20.0159 4508 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:44:20.0174 4508 WIMMount - ok
16:44:20.0252 4508 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:44:20.0346 4508 WinDefend - ok
16:44:20.0346 4508 WinHttpAutoProxySvc - ok
16:44:20.0502 4508 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:44:20.0596 4508 Winmgmt - ok
16:44:20.0737 4508 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:44:20.0877 4508 WinRM - ok
16:44:20.0924 4508 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
16:44:20.0987 4508 WinUSB - ok
16:44:21.0049 4508 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:44:21.0159 4508 Wlansvc - ok
16:44:21.0284 4508 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:21.0377 4508 wlidsvc - ok
16:44:21.0424 4508 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:44:21.0471 4508 WmiAcpi - ok
16:44:21.0518 4508 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:44:21.0549 4508 wmiApSrv - ok
16:44:21.0674 4508 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:44:21.0799 4508 WMPNetworkSvc - ok
16:44:21.0831 4508 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:44:21.0909 4508 WPCSvc - ok
16:44:21.0956 4508 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:44:22.0018 4508 WPDBusEnum - ok
16:44:22.0065 4508 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:44:22.0112 4508 ws2ifsl - ok
16:44:22.0159 4508 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:44:22.0221 4508 wscsvc - ok
16:44:22.0221 4508 WSearch - ok
16:44:22.0346 4508 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:44:22.0456 4508 wuauserv - ok
16:44:22.0487 4508 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:44:22.0549 4508 WudfPf - ok
16:44:22.0565 4508 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:44:22.0627 4508 WUDFRd - ok
16:44:22.0659 4508 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:44:22.0706 4508 wudfsvc - ok
16:44:22.0768 4508 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:44:22.0893 4508 WwanSvc - ok
16:44:22.0940 4508 [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys
16:44:22.0956 4508 XUIF - ok
16:44:22.0971 4508 ================ Scan global ===============================
16:44:23.0034 4508 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:44:23.0081 4508 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:44:23.0112 4508 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
16:44:23.0143 4508 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:44:23.0237 4508 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:44:23.0299 4508 [Global] - ok
16:44:23.0299 4508 ================ Scan MBR ==================================
16:44:23.0331 4508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:44:23.0752 4508 \Device\Harddisk0\DR0 - ok
16:44:23.0784 4508 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
16:44:23.0831 4508 \Device\Harddisk1\DR1 - ok
16:44:23.0831 4508 ================ Scan VBR ==================================
16:44:23.0846 4508 [ DD5E1D07617DB2452771982D820DC68A ] \Device\Harddisk0\DR0\Partition1
16:44:23.0862 4508 \Device\Harddisk0\DR0\Partition1 - ok
16:44:23.0893 4508 [ E9ED5AFE0638C3603C764C36B83709F4 ] \Device\Harddisk0\DR0\Partition2
16:44:23.0924 4508 \Device\Harddisk0\DR0\Partition2 - ok
16:44:23.0924 4508 [ AA76959256255F519FD0A7AC15BBB1ED ] \Device\Harddisk1\DR1\Partition1
16:44:23.0924 4508 \Device\Harddisk1\DR1\Partition1 - ok
16:44:23.0924 4508 ============================================================
16:44:23.0924 4508 Scan finished
16:44:23.0924 4508 ============================================================
16:44:23.0940 4500 Detected object count: 4
16:44:23.0940 4500 Actual detected object count: 4
16:44:34.0592 4500 ACEDRV05 ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:34.0592 4500 ACEDRV05 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:34.0592 4500 CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:34.0592 4500 CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:34.0592 4500 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:34.0592 4500 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:34.0592 4500 Virtual Router ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:34.0592 4500 Virtual Router ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.01.2013, 21:37
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar auf Ist schon ok Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 23:14
| #13 |
| | Rechner langsam, tlw. hängt er sich sogar aufCode:
ATTFilter ComboFix 13-01-14.01 - Chef 14.01.2013 22:33:55.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1022.281 [GMT 1:00]
ausgeführt von:: c:\users\Nadine\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-14 21:46 . 2013-01-14 21:46 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-14 21:46 . 2013-01-14 21:46 -------- d-----w- c:\users\Marc\AppData\Local\temp
2013-01-14 21:45 . 2013-01-14 21:46 -------- d-----w- c:\users\Chef\AppData\Local\temp
2013-01-14 21:45 . 2013-01-14 21:45 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2013-01-14 21:45 . 2013-01-14 21:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 15:39 . 2013-01-14 15:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-13 10:51 . 2013-01-14 21:38 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9709DD02-4A59-4DF7-BD61-071A83DEA6E9}\offreg.dll
2013-01-11 14:24 . 2013-01-11 14:25 -------- d-----w- c:\program files\FileZilla FTP Client
2013-01-11 14:03 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9709DD02-4A59-4DF7-BD61-071A83DEA6E9}\mpengine.dll
2013-01-10 13:09 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-10 13:08 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 16:10 . 2013-01-07 16:10 -------- d-----w- c:\users\Chef\AppData\Local\libimobiledevice
2012-12-26 20:18 . 2012-12-26 20:18 -------- d-----w- c:\program files\MarkAny
2012-12-26 20:14 . 2012-12-26 20:14 -------- d-----w- c:\users\Marc\AppData\Local\Samsung
2012-12-26 20:14 . 2012-12-26 20:15 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung
2012-12-26 20:12 . 2012-06-27 08:37 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-12-26 20:12 . 2012-06-27 08:37 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-12-26 20:12 . 2012-06-27 08:37 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-12-26 20:12 . 2012-06-27 08:37 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-12-26 20:12 . 2012-06-27 08:37 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-12-26 20:12 . 2012-06-27 08:37 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-12-26 20:10 . 2012-11-28 13:18 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-26 20:10 . 2012-11-28 13:17 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-26 20:09 . 2012-12-26 20:10 -------- d-----w- c:\programdata\Samsung
2012-12-24 15:27 . 2012-12-24 19:47 -------- d-----w- c:\users\Marc\AppData\Roaming\dvdcss
2012-12-24 10:22 . 2012-12-24 10:34 -------- d-----w- c:\program files\ratDVD
2012-12-22 15:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 15:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 13:17 . 2012-11-28 13:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 13:17 . 2012-11-28 13:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 13:17 . 2012-11-28 13:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 13:17 . 2012-11-28 13:17 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-11-28 13:17 . 2012-11-28 13:17 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-11-16 14:26 . 2012-04-17 18:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 14:26 . 2012-02-14 16:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09 . 2012-12-12 20:06 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 15:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 15:10 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-17 13:02 . 2012-10-17 13:01 249856 ------w- c:\windows\Setup1.exe
2012-10-17 13:02 . 2012-10-17 13:01 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-08 20:31 . 2012-02-14 15:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-03 967608]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-28 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 1629280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-03 309688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 360448]
"Z1"="c:\users\Nadine\Desktop\mbar\mbar.exe" [2013-01-09 1356360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-02-13 280576]
.
c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-11-13 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 18:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-12-16 11:54 220744 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service]
2012-03-21 13:25 2186096 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
2012-03-09 07:14 10132336 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Ink]
2012-03-21 14:17 94064 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTInk.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files\Virtual Router\VirtualRouterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-19 20:45]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-19 20:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb117?a=1&i=26
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\ef7c128s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ziebm000.bplaced.net/wordpress/
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14 22:50:07
ComboFix-quarantined-files.txt 2013-01-14 21:50
.
Vor Suchlauf: 19 Verzeichnis(se), 113.985.183.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 115.051.450.368 Bytes frei
.
- - End Of File - - 45947C6953AD4D5D7C13AC03C95A9F86
|
|
15.01.2013, 00:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner langsam, tlw. hängt er sich sogar auf Hm..ich muss da mal was checken: Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter Filelook::
c:\windows\system32\csrr.rs
c:\windows\system32\taskhost.exe
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 20:03
| #15 |
| | Rechner langsam, tlw. hängt er sich sogar auf Hallo. Ich wurde nicht gefragt, ob ich neustarten will, habe manuell neugestartet. Code:
ATTFilter ComboFix 13-01-15.02 - Chef 15.01.2013 18:57:25.3.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1022.214 [GMT 1:00]
ausgeführt von:: c:\users\Nadine\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Nadine\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-15 bis 2013-01-15 ))))))))))))))))))))))))))))))
.
.
2013-01-15 18:06 . 2013-01-15 18:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-15 18:06 . 2013-01-15 18:06 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2013-01-15 18:06 . 2013-01-15 18:06 -------- d-----w- c:\users\Marc\AppData\Local\temp
2013-01-15 18:06 . 2013-01-15 18:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-15 17:34 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A828FF6A-B319-46B4-A068-B0E791C1C771}\mpengine.dll
2013-01-14 21:50 . 2013-01-15 18:06 -------- d-----w- c:\users\Chef\AppData\Local\temp
2013-01-14 15:39 . 2013-01-14 15:39 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-11 14:24 . 2013-01-11 14:25 -------- d-----w- c:\program files\FileZilla FTP Client
2013-01-10 13:09 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-10 13:08 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-07 16:10 . 2013-01-07 16:10 -------- d-----w- c:\users\Chef\AppData\Local\libimobiledevice
2012-12-26 20:18 . 2012-12-26 20:18 -------- d-----w- c:\program files\MarkAny
2012-12-26 20:14 . 2012-12-26 20:14 -------- d-----w- c:\users\Marc\AppData\Local\Samsung
2012-12-26 20:14 . 2012-12-26 20:15 -------- d-----w- c:\users\Marc\AppData\Roaming\Samsung
2012-12-26 20:12 . 2012-06-27 08:37 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-12-26 20:12 . 2012-06-27 08:37 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-12-26 20:12 . 2012-06-27 08:37 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-12-26 20:12 . 2012-06-27 08:37 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-12-26 20:12 . 2012-06-27 08:37 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-12-26 20:12 . 2012-06-27 08:37 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-12-26 20:10 . 2012-11-28 13:18 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-12-26 20:10 . 2012-11-28 13:17 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-12-26 20:09 . 2012-12-26 20:10 -------- d-----w- c:\programdata\Samsung
2012-12-24 15:27 . 2012-12-24 19:47 -------- d-----w- c:\users\Marc\AppData\Roaming\dvdcss
2012-12-24 10:22 . 2012-12-24 10:34 -------- d-----w- c:\program files\ratDVD
2012-12-22 15:44 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 15:44 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 13:17 . 2012-11-28 13:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 13:17 . 2012-11-28 13:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 13:17 . 2012-11-28 13:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 13:17 . 2012-11-28 13:17 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-11-28 13:17 . 2012-11-28 13:17 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-11-28 13:17 . 2012-11-28 13:17 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-11-28 13:17 . 2012-11-28 13:17 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-11-28 13:17 . 2012-11-28 13:17 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-11-28 13:17 . 2012-11-28 13:17 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-11-28 13:17 . 2012-11-28 13:17 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-11-28 13:17 . 2012-11-28 13:17 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-11-28 13:17 . 2012-11-28 13:17 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-11-28 13:17 . 2012-11-28 13:17 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-11-28 13:17 . 2012-11-28 13:17 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-11-28 13:17 . 2012-11-28 13:17 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-11-28 13:17 . 2012-11-28 13:17 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-11-28 13:17 . 2012-11-28 13:17 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-11-28 13:17 . 2012-11-28 13:17 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-11-28 13:17 . 2012-11-28 13:17 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-11-28 13:17 . 2012-11-28 13:17 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-11-28 13:17 . 2012-11-28 13:17 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-11-28 13:17 . 2012-11-28 13:17 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-11-16 14:26 . 2012-04-17 18:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 14:26 . 2012-02-14 16:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-14 02:09 . 2012-12-12 20:06 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 15:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 15:10 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-02-08 20:31 . 2012-02-14 15:56 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\csrr.rs ---
Company: Microsoft
File Description: CSRR-Freigabesystem
File Version: 1.0.0.1
Product Name: CSRR-Freigabesystem
Copyright: (c) Microsoft. Alle Rechte vorbehalten.
Original Filename: csrr.rs.mui
File size: 43520
Created time: 2013-01-10 13:09
Modified time: 2012-12-07 10:46
MD5: 6EC618588447B82EA8D88719EE46F725
SHA1: D0DEA0BC294A174EDC966672AE4B9D3A7D78C67C
.
.
--- c:\windows\system32\taskhost.exe ---
Company: Microsoft Corporation
File Description: Hostprozess für Windows-Aufgaben
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: taskhost.exe.mui
File size: 49152
Created time: 2013-01-10 13:08
Modified time: 2012-11-23 02:48
MD5: 72E953215CADE1A726C04AAFDF6B463D
SHA1: D37708435E6F6CF2FD69B791FA4BE3460329B47D
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-03 967608]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-28 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1109072]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 1629280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-03 309688]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-02-13 280576]
.
c:\users\Nadine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-11-13 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chef^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 18:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-12-16 11:54 220744 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service]
2012-03-21 13:25 2186096 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Tools]
2012-03-09 07:14 10132336 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Ink]
2012-03-21 14:17 94064 ----a-w- c:\program files\SMART Technologies\Education Software\SMARTInk.exe
.
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 SMARTHelperService;SMART Helper Service;c:\program files\SMART Technologies\Education Software\SMARTHelperService.exe [x]
S2 Virtual Router;VirtualRouterService;c:\program files\Virtual Router\VirtualRouterService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-19 20:45]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-19 20:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mystart.incredibar.com/mb117?a=1&i=26
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Chef\AppData\Roaming\Mozilla\Firefox\Profiles\ef7c128s.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://ziebm000.bplaced.net/wordpress/
FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-15 19:09:30
ComboFix-quarantined-files.txt 2013-01-15 18:09
ComboFix2.txt 2013-01-14 21:50
.
Vor Suchlauf: 22 Verzeichnis(se), 114.548.662.272 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 114.496.405.504 Bytes frei
.
- - End Of File - - 9E2EE84CED4931682B4BC1A15FB9B1C0
|
|
| Themen zu Rechner langsam, tlw. hängt er sich sogar auf |
| .com, acedrv05.sys, adobe, antivir, avg, avira, bho, bonjour, canon, defender, error, explorer, firefox, format, ftp, google, home, hotspot, hängt, installation, langsam, logfile, nodrives, nvidia, plug-in, registry, scan, senden, software, windows |
