| |
| |||||||
Log-Analyse und Auswertung: Trojaner ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2013, 18:41
| #1 |
 |  Trojaner Problem Hallo, ich habe höchstwahrscheinlich ein Trojaner-Problem. Als ich heute den Rechner einschaltete, arbeitete ständig die Festplatte(Geräusche als ob sich Antivir aktualisiert) und plötzlich war das Windows-Sicherheitscenter ausgeschaltet sowie die Helligkeit des Notebooks empfindlich schwächer... Ich konnte natürlich auch nicht auf das Internet zugreifen und allgemein war die Windows-Funktionalität stark eingeschränkt. Was ich schon vorgenommen habe: Antivir- Suchlauf, hat etwas gefunden, befindet sich in Quarantäne. Neustart brachte wieder dasselbe Problem. Malwarebytes fand im Quick-Scan gar nichts. Mit der Windows 7 DVD gestartet und System auf den letzten Wiederherstellungspunkt zurückgesetzt. Danach kam eine Fehlermeldung, dass die Systemwiederherstellung nicht richtig funktioniert hat. Trotzdem ließ sich danach das System scheinbar normal starten. Daher kann ich diesen Zeilen hier schreiben. Ich hätte als nächstes vor, einen Malwarbytes Full-Scan vorzunehmen. Ich lasse mich aber gerne eines besseren belehren und einen besseren Weg zeigen. Die Formatierungsoption möchte ich als Letztes nutzen, da ich das System erst vor einigen Monaten neu aufgesetzt habe. Ich danke Euch im voraus... |
|
21.02.2013, 19:05
| #2 |
| /// TB-Ausbilder  | Trojaner Problem Und das MBAM-Log soll ich mir ausdenken?
__________________ Poste es bitte hier damit ich weiß worum es geht.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.02.2013, 20:48
| #3 |
| | Trojaner ProblemCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.21.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PhilundPepi :: PHIL-PC [limited] 21.02.2013 19:13:01 mbam-log-2013-02-21 (19-13-01).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 313097 Time elapsed: 1 hour(s), 20 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
21.02.2013, 20:57
| #4 |
| /// TB-Ausbilder | Trojaner Problem Alles klar, dann schauen wir mal:  Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.02.2013, 22:16
| #5 |
| | Trojaner Problem Ich bin die Schritte der Reihe nach durch....aber ich habe ein Problem: Ich habe die aswMBR.txt wie oben beschrieben auf dem Desktop abgespeichert-nur : ich finde sie nicht! Bei der Suche mit der Suchfunktion bekomme ich die Datei mit fehlender Verknüpfung. Hätte ich vielleicht bei Schritt 4 dieses Programm nicht schließen sollen? Soll ich die Schritte wiederholen? Die anderen logfiles liegen vor. Guten Morgen, ich denke obiger Beitrag von mir kann gelöscht werden. Ich habe heute alles vom Administratorkonto versucht. Also Schritt 1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:36 on 22/02/2013 (Phil)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-22 10:37:00
-----------------------------
10:37:00.292 OS Version: Windows 6.1.7601 Service Pack 1
10:37:00.292 Number of processors: 2 586 0x1706
10:37:00.293 ComputerName: PHIL-PC UserName: Phil
10:37:36.257 Initialize success
10:37:45.567 AVAST engine defs: 13022102
10:38:49.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:38:49.792 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 11
10:38:49.798 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
10:38:49.801 Disk 1 Vendor: ( Size: 1898MB BusType: 12
10:38:49.804 Disk 2 \Device\Harddisk2\DR1 -> \Device\0000006f
10:38:49.808 Disk 2 Vendor: RICOH 02 Size: 1898MB BusType: 0
10:38:49.820 Disk 0 MBR read successfully
10:38:49.824 Disk 0 MBR scan
10:38:49.842 Disk 0 Windows 7 default MBR code
10:38:49.857 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:38:49.868 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
10:38:49.883 Disk 0 scanning sectors +625139712
10:38:49.973 Disk 0 scanning C:\Windows\system32\drivers
10:39:12.191 Service scanning
10:39:53.699 Modules scanning
10:40:11.243 Disk 0 trace - called modules:
10:40:11.255 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:40:11.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e61778]
10:40:11.267 3 CLASSPNP.SYS[893a759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d8f030]
10:40:12.937 AVAST engine scan C:\Windows
10:40:18.786 AVAST engine scan C:\Windows\system32
10:46:27.888 AVAST engine scan C:\Windows\system32\drivers
10:46:49.512 AVAST engine scan C:\Users\Phil
11:01:28.148 AVAST engine scan C:\ProgramData
11:04:18.209 Scan finished successfully
11:05:25.797 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat"
11:05:25.806 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"
Code:
ATTFilter 11:06:06.0566 5348 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:06:06.0808 5348 ============================================================
11:06:06.0808 5348 Current date / time: 2013/02/22 11:06:06.0808
11:06:06.0808 5348 SystemInfo:
11:06:06.0808 5348
11:06:06.0808 5348 OS Version: 6.1.7601 ServicePack: 1.0
11:06:06.0808 5348 Product type: Workstation
11:06:06.0808 5348 ComputerName: PHIL-PC
11:06:06.0808 5348 UserName: Phil
11:06:06.0808 5348 Windows directory: C:\Windows
11:06:06.0808 5348 System windows directory: C:\Windows
11:06:06.0808 5348 Processor architecture: Intel x86
11:06:06.0808 5348 Number of processors: 2
11:06:06.0808 5348 Page size: 0x1000
11:06:06.0808 5348 Boot type: Normal boot
11:06:06.0808 5348 ============================================================
11:06:08.0482 5348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:06:08.0485 5348 ============================================================
11:06:08.0485 5348 \Device\Harddisk0\DR0:
11:06:08.0493 5348 MBR partitions:
11:06:08.0493 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:06:08.0493 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
11:06:08.0493 5348 ============================================================
11:06:08.0546 5348 C: <-> \Device\Harddisk0\DR0\Partition2
11:06:08.0546 5348 ============================================================
11:06:08.0546 5348 Initialize success
11:06:08.0546 5348 ============================================================
11:06:23.0952 0192 ============================================================
11:06:23.0952 0192 Scan started
11:06:23.0952 0192 Mode: Manual; TDLFS;
11:06:23.0952 0192 ============================================================
11:06:25.0543 0192 ================ Scan system memory ========================
11:06:25.0543 0192 System memory - ok
11:06:25.0544 0192 ================ Scan services =============================
11:06:25.0770 0192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:06:25.0776 0192 1394ohci - ok
11:06:25.0904 0192 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
11:06:25.0918 0192 a2acc - ok
11:06:26.0064 0192 [ EF54559757DFB88CADACC095B83173DE ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe
11:06:26.0107 0192 a2AntiMalware - ok
11:06:26.0147 0192 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
11:06:26.0149 0192 A2DDA - ok
11:06:26.0205 0192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:06:26.0211 0192 ACPI - ok
11:06:26.0246 0192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:06:26.0248 0192 AcpiPmi - ok
11:06:26.0591 0192 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:06:26.0632 0192 AdobeARMservice - ok
11:06:26.0740 0192 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:06:26.0779 0192 AdobeFlashPlayerUpdateSvc - ok
11:06:26.0858 0192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:06:26.0870 0192 adp94xx - ok
11:06:26.0900 0192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:06:26.0911 0192 adpahci - ok
11:06:26.0936 0192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:06:26.0942 0192 adpu320 - ok
11:06:26.0980 0192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:06:26.0983 0192 AeLookupSvc - ok
11:06:27.0052 0192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:06:27.0063 0192 AFD - ok
11:06:27.0100 0192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:06:27.0104 0192 agp440 - ok
11:06:27.0144 0192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
11:06:27.0148 0192 aic78xx - ok
11:06:27.0190 0192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:06:27.0193 0192 ALG - ok
11:06:27.0237 0192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:06:27.0240 0192 aliide - ok
11:06:27.0289 0192 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:06:27.0295 0192 AMD External Events Utility - ok
11:06:27.0320 0192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:06:27.0323 0192 amdagp - ok
11:06:27.0337 0192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:06:27.0339 0192 amdide - ok
11:06:27.0385 0192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:06:27.0388 0192 AmdK8 - ok
11:06:27.0420 0192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:06:27.0422 0192 AmdPPM - ok
11:06:27.0469 0192 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:06:27.0473 0192 amdsata - ok
11:06:27.0496 0192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:06:27.0503 0192 amdsbs - ok
11:06:27.0523 0192 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:06:27.0527 0192 amdxata - ok
11:06:27.0697 0192 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:06:27.0701 0192 AntiVirSchedulerService - ok
11:06:27.0770 0192 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:06:27.0772 0192 AntiVirService - ok
11:06:27.0827 0192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:06:27.0829 0192 AppID - ok
11:06:27.0880 0192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:06:27.0883 0192 AppIDSvc - ok
11:06:27.0932 0192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:06:27.0935 0192 Appinfo - ok
11:06:28.0056 0192 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:06:28.0060 0192 Apple Mobile Device - ok
11:06:28.0096 0192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:06:28.0100 0192 arc - ok
11:06:28.0113 0192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:06:28.0116 0192 arcsas - ok
11:06:28.0162 0192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:06:28.0165 0192 AsyncMac - ok
11:06:28.0202 0192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:06:28.0203 0192 atapi - ok
11:06:28.0376 0192 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:06:28.0449 0192 atikmdag - ok
11:06:28.0504 0192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:06:28.0517 0192 AudioEndpointBuilder - ok
11:06:28.0529 0192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:06:28.0532 0192 Audiosrv - ok
11:06:28.0593 0192 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
11:06:28.0596 0192 avgntflt - ok
11:06:28.0702 0192 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
11:06:28.0706 0192 avipbb - ok
11:06:28.0763 0192 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
11:06:28.0765 0192 avkmgr - ok
11:06:28.0815 0192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:06:28.0820 0192 AxInstSV - ok
11:06:28.0886 0192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
11:06:28.0898 0192 b06bdrv - ok
11:06:28.0949 0192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:06:28.0957 0192 b57nd60x - ok
11:06:29.0016 0192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:06:29.0051 0192 BDESVC - ok
11:06:29.0071 0192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:06:29.0072 0192 Beep - ok
11:06:29.0133 0192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
11:06:29.0146 0192 BFE - ok
11:06:29.0206 0192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
11:06:29.0237 0192 BITS - ok
11:06:29.0255 0192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:06:29.0257 0192 blbdrive - ok
11:06:29.0388 0192 [ D7A7C2A64F7103CD1A1DE6DF7FAFA63E ] BlueSoleilCS C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
11:06:29.0410 0192 BlueSoleilCS - ok
11:06:29.0503 0192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:06:29.0515 0192 Bonjour Service - ok
11:06:29.0568 0192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:06:29.0571 0192 bowser - ok
11:06:29.0588 0192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:06:29.0589 0192 BrFiltLo - ok
11:06:29.0619 0192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:06:29.0620 0192 BrFiltUp - ok
11:06:29.0664 0192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:06:29.0668 0192 Browser - ok
11:06:29.0701 0192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:06:29.0707 0192 Brserid - ok
11:06:29.0721 0192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:06:29.0724 0192 BrSerWdm - ok
11:06:29.0738 0192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:06:29.0740 0192 BrUsbMdm - ok
11:06:29.0749 0192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:06:29.0750 0192 BrUsbSer - ok
11:06:29.0816 0192 [ 257183456C159D85F5568D3E97AFB7A8 ] BsHelpCS C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
11:06:29.0820 0192 BsHelpCS - ok
11:06:29.0864 0192 [ 6BEFFADB2F6834E78B531E40142832E8 ] BsMobileCS C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
11:06:29.0868 0192 BsMobileCS - ok
11:06:29.0904 0192 [ 33A331BD56AEAEF290E175E926D52C57 ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys
11:06:29.0907 0192 BT - ok
11:06:29.0955 0192 [ E5FDCB01AF073A653C55A77AD8AC8ECB ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys
11:06:29.0959 0192 Btcsrusb - ok
11:06:30.0030 0192 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:06:30.0034 0192 BthEnum - ok
11:06:30.0093 0192 [ 00D4EE3EA6F2713B2314A000BA3232DC ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys
11:06:30.0096 0192 BtHidBus - ok
11:06:30.0114 0192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:06:30.0118 0192 BTHMODEM - ok
11:06:30.0150 0192 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:06:30.0155 0192 BthPan - ok
11:06:30.0212 0192 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:06:30.0225 0192 BTHPORT - ok
11:06:30.0270 0192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:06:30.0274 0192 bthserv - ok
11:06:30.0311 0192 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:06:30.0315 0192 BTHUSB - ok
11:06:30.0344 0192 [ A57E73C28CCEF938BA096ACA63183388 ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys
11:06:30.0346 0192 btnetBUs - ok
11:06:30.0406 0192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:06:30.0411 0192 cdfs - ok
11:06:30.0483 0192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:06:30.0488 0192 cdrom - ok
11:06:30.0543 0192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:06:30.0547 0192 CertPropSvc - ok
11:06:30.0571 0192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:06:30.0575 0192 circlass - ok
11:06:30.0604 0192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:06:30.0612 0192 CLFS - ok
11:06:30.0737 0192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:06:30.0756 0192 clr_optimization_v2.0.50727_32 - ok
11:06:30.0880 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:30.0932 0192 clr_optimization_v4.0.30319_32 - ok
11:06:30.0961 0192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:06:30.0964 0192 CmBatt - ok
11:06:31.0001 0192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:06:31.0004 0192 cmdide - ok
11:06:31.0059 0192 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
11:06:31.0071 0192 CNG - ok
11:06:31.0114 0192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:06:31.0115 0192 Compbatt - ok
11:06:31.0161 0192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:06:31.0165 0192 CompositeBus - ok
11:06:31.0191 0192 COMSysApp - ok
11:06:31.0216 0192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:06:31.0218 0192 crcdisk - ok
11:06:31.0290 0192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:06:31.0296 0192 CryptSvc - ok
11:06:31.0360 0192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
11:06:31.0375 0192 DcomLaunch - ok
11:06:31.0418 0192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:06:31.0426 0192 defragsvc - ok
11:06:31.0485 0192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:06:31.0490 0192 DfsC - ok
11:06:31.0535 0192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:06:31.0540 0192 Dhcp - ok
11:06:31.0555 0192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:06:31.0558 0192 discache - ok
11:06:31.0612 0192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:06:31.0616 0192 Disk - ok
11:06:31.0726 0192 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
11:06:31.0728 0192 DMICall - ok
11:06:31.0771 0192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:06:31.0777 0192 Dnscache - ok
11:06:31.0827 0192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
11:06:31.0857 0192 dot3svc - ok
11:06:31.0904 0192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:06:31.0911 0192 DPS - ok
11:06:31.0962 0192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:06:31.0964 0192 drmkaud - ok
11:06:32.0031 0192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:06:32.0050 0192 DXGKrnl - ok
11:06:32.0083 0192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:06:32.0087 0192 EapHost - ok
11:06:32.0220 0192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
11:06:32.0271 0192 ebdrv - ok
11:06:32.0309 0192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
11:06:32.0312 0192 EFS - ok
11:06:32.0458 0192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:06:32.0506 0192 ehRecvr - ok
11:06:32.0538 0192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:06:32.0576 0192 ehSched - ok
11:06:32.0643 0192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:06:32.0656 0192 elxstor - ok
11:06:32.0703 0192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:06:32.0706 0192 ErrDev - ok
11:06:32.0771 0192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:06:32.0776 0192 EventSystem - ok
11:06:32.0934 0192 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:06:32.0955 0192 EvtEng - ok
11:06:32.0984 0192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:06:32.0990 0192 exfat - ok
11:06:33.0015 0192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:06:33.0020 0192 fastfat - ok
11:06:33.0088 0192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:06:33.0104 0192 Fax - ok
11:06:33.0123 0192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:06:33.0126 0192 fdc - ok
11:06:33.0143 0192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:06:33.0146 0192 fdPHost - ok
11:06:33.0167 0192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:06:33.0170 0192 FDResPub - ok
11:06:33.0185 0192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:06:33.0188 0192 FileInfo - ok
11:06:33.0205 0192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:06:33.0207 0192 Filetrace - ok
11:06:33.0321 0192 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:06:33.0383 0192 FLEXnet Licensing Service - ok
11:06:33.0398 0192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:06:33.0400 0192 flpydisk - ok
11:06:33.0439 0192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:06:33.0446 0192 FltMgr - ok
11:06:33.0524 0192 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:06:33.0546 0192 FontCache - ok
11:06:33.0628 0192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:06:33.0668 0192 FontCache3.0.0.0 - ok
11:06:33.0696 0192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:06:33.0698 0192 FsDepends - ok
11:06:33.0739 0192 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:06:33.0742 0192 fssfltr - ok
11:06:33.0883 0192 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:06:33.0962 0192 fsssvc - ok
11:06:33.0999 0192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:06:34.0001 0192 Fs_Rec - ok
11:06:34.0056 0192 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:06:34.0061 0192 fvevol - ok
11:06:34.0122 0192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:06:34.0126 0192 gagp30kx - ok
11:06:34.0192 0192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:06:34.0195 0192 GEARAspiWDM - ok
11:06:34.0252 0192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:06:34.0264 0192 gpsvc - ok
11:06:34.0391 0192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:34.0394 0192 gupdate - ok
11:06:34.0421 0192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:06:34.0422 0192 gupdatem - ok
11:06:34.0444 0192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:06:34.0446 0192 hcw85cir - ok
11:06:34.0505 0192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:06:34.0515 0192 HdAudAddService - ok
11:06:34.0551 0192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:06:34.0556 0192 HDAudBus - ok
11:06:34.0578 0192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:06:34.0581 0192 HidBatt - ok
11:06:34.0622 0192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:06:34.0624 0192 HidBth - ok
11:06:34.0662 0192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:06:34.0666 0192 HidIr - ok
11:06:34.0696 0192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
11:06:34.0701 0192 hidserv - ok
11:06:34.0744 0192 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:06:34.0746 0192 HidUsb - ok
11:06:34.0780 0192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:06:34.0786 0192 hkmsvc - ok
11:06:34.0836 0192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:06:34.0845 0192 HomeGroupListener - ok
11:06:34.0892 0192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:06:34.0902 0192 HomeGroupProvider - ok
11:06:34.0951 0192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:06:34.0955 0192 HpSAMD - ok
11:06:35.0053 0192 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:06:35.0078 0192 HSF_DPV - ok
11:06:35.0104 0192 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:06:35.0108 0192 HSXHWAZL - ok
11:06:35.0176 0192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:06:35.0190 0192 HTTP - ok
11:06:35.0245 0192 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:06:35.0250 0192 hwdatacard - ok
11:06:35.0286 0192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:06:35.0289 0192 hwpolicy - ok
11:06:35.0357 0192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:06:35.0361 0192 i8042prt - ok
11:06:35.0411 0192 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:06:35.0417 0192 iaStorV - ok
11:06:35.0483 0192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:06:35.0556 0192 idsvc - ok
11:06:35.0587 0192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:06:35.0589 0192 iirsp - ok
11:06:35.0661 0192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
11:06:35.0681 0192 IKEEXT - ok
11:06:35.0865 0192 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:06:35.0936 0192 IntcAzAudAddService - ok
11:06:35.0951 0192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:06:35.0952 0192 intelide - ok
11:06:36.0005 0192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:06:36.0009 0192 intelppm - ok
11:06:36.0036 0192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:06:36.0039 0192 IPBusEnum - ok
11:06:36.0060 0192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:06:36.0062 0192 IpFilterDriver - ok
11:06:36.0133 0192 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:06:36.0149 0192 iphlpsvc - ok
11:06:36.0192 0192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:06:36.0194 0192 IPMIDRV - ok
11:06:36.0217 0192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:06:36.0221 0192 IPNAT - ok
11:06:36.0319 0192 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:06:36.0334 0192 iPod Service - ok
11:06:36.0373 0192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:06:36.0376 0192 IRENUM - ok
11:06:36.0432 0192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:06:36.0436 0192 isapnp - ok
11:06:36.0464 0192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:06:36.0473 0192 iScsiPrt - ok
11:06:36.0509 0192 [ 981C005C2389BA1DE8575CDDB2829340 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys
11:06:36.0511 0192 IvtBtBUs - ok
11:06:36.0556 0192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:06:36.0560 0192 kbdclass - ok
11:06:36.0620 0192 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:06:36.0624 0192 kbdhid - ok
11:06:36.0643 0192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
11:06:36.0648 0192 KeyIso - ok
11:06:36.0682 0192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:06:36.0685 0192 KSecDD - ok
11:06:36.0721 0192 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:06:36.0724 0192 KSecPkg - ok
11:06:36.0751 0192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:06:36.0759 0192 KtmRm - ok
11:06:36.0781 0192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
11:06:36.0788 0192 LanmanServer - ok
11:06:36.0838 0192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:06:36.0848 0192 LanmanWorkstation - ok
11:06:36.0899 0192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:06:36.0903 0192 lltdio - ok
11:06:36.0938 0192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:06:36.0948 0192 lltdsvc - ok
11:06:36.0974 0192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:06:36.0980 0192 lmhosts - ok
11:06:37.0030 0192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:06:37.0035 0192 LSI_FC - ok
11:06:37.0058 0192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:06:37.0062 0192 LSI_SAS - ok
11:06:37.0087 0192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:06:37.0089 0192 LSI_SAS2 - ok
11:06:37.0109 0192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:06:37.0113 0192 LSI_SCSI - ok
11:06:37.0130 0192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:06:37.0133 0192 luafv - ok
11:06:37.0176 0192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:06:37.0180 0192 Mcx2Svc - ok
11:06:37.0215 0192 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:06:37.0217 0192 mdmxsdk - ok
11:06:37.0234 0192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:06:37.0237 0192 megasas - ok
11:06:37.0269 0192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:06:37.0274 0192 MegaSR - ok
11:06:37.0291 0192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:06:37.0295 0192 MMCSS - ok
11:06:37.0307 0192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:06:37.0309 0192 Modem - ok
11:06:37.0355 0192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:06:37.0357 0192 monitor - ok
11:06:37.0398 0192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:06:37.0401 0192 mouclass - ok
11:06:37.0447 0192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:06:37.0450 0192 mouhid - ok
11:06:37.0495 0192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:06:37.0499 0192 mountmgr - ok
11:06:37.0521 0192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
11:06:37.0527 0192 mpio - ok
11:06:37.0546 0192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:06:37.0550 0192 mpsdrv - ok
11:06:37.0616 0192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:06:37.0634 0192 MpsSvc - ok
11:06:37.0671 0192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:06:37.0677 0192 MRxDAV - ok
11:06:37.0741 0192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:06:37.0782 0192 mrxsmb - ok
11:06:37.0830 0192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:06:37.0835 0192 mrxsmb10 - ok
11:06:37.0847 0192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:06:37.0850 0192 mrxsmb20 - ok
11:06:37.0881 0192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:06:37.0884 0192 msahci - ok
11:06:37.0923 0192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:06:37.0926 0192 msdsm - ok
11:06:37.0952 0192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:06:37.0958 0192 MSDTC - ok
11:06:37.0978 0192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:06:37.0980 0192 Msfs - ok
11:06:37.0997 0192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:06:37.0999 0192 mshidkmdf - ok
11:06:38.0016 0192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:06:38.0018 0192 msisadrv - ok
11:06:38.0072 0192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:06:38.0079 0192 MSiSCSI - ok
11:06:38.0088 0192 msiserver - ok
11:06:38.0126 0192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:06:38.0130 0192 MSKSSRV - ok
11:06:38.0154 0192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:06:38.0157 0192 MSPCLOCK - ok
11:06:38.0166 0192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:06:38.0170 0192 MSPQM - ok
11:06:38.0191 0192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:06:38.0195 0192 MsRPC - ok
11:06:38.0211 0192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:06:38.0213 0192 mssmbios - ok
11:06:38.0227 0192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:06:38.0228 0192 MSTEE - ok
11:06:38.0246 0192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:06:38.0247 0192 MTConfig - ok
11:06:38.0262 0192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:06:38.0264 0192 Mup - ok
11:06:38.0311 0192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:06:38.0325 0192 napagent - ok
11:06:38.0388 0192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:06:38.0397 0192 NativeWifiP - ok
11:06:38.0475 0192 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:06:38.0494 0192 NDIS - ok
11:06:38.0531 0192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:06:38.0533 0192 NdisCap - ok
11:06:38.0565 0192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:06:38.0568 0192 NdisTapi - ok
11:06:38.0609 0192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:06:38.0613 0192 Ndisuio - ok
11:06:38.0655 0192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:06:38.0660 0192 NdisWan - ok
11:06:38.0699 0192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:06:38.0703 0192 NDProxy - ok
11:06:38.0729 0192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:06:38.0732 0192 NetBIOS - ok
11:06:38.0768 0192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:06:38.0773 0192 NetBT - ok
11:06:38.0782 0192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
11:06:38.0784 0192 Netlogon - ok
11:06:38.0846 0192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:06:38.0858 0192 Netman - ok
11:06:38.0885 0192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:06:38.0894 0192 netprofm - ok
11:06:38.0912 0192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:06:38.0945 0192 NetTcpPortSharing - ok
11:06:39.0096 0192 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
11:06:39.0181 0192 netw5v32 - ok
11:06:39.0235 0192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:06:39.0239 0192 nfrd960 - ok
11:06:39.0283 0192 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
11:06:39.0294 0192 NlaSvc - ok
11:06:39.0314 0192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:06:39.0318 0192 Npfs - ok
11:06:39.0341 0192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:06:39.0344 0192 nsi - ok
11:06:39.0360 0192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:06:39.0362 0192 nsiproxy - ok
11:06:39.0499 0192 [ 42CE5E77721E60F39858FF2A35450342 ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
11:06:39.0509 0192 NSUService - ok
11:06:39.0605 0192 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:06:39.0636 0192 Ntfs - ok
11:06:39.0692 0192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:06:39.0717 0192 Null - ok
11:06:39.0832 0192 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:06:39.0836 0192 nvraid - ok
11:06:39.0858 0192 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:06:39.0863 0192 nvstor - ok
11:06:39.0900 0192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:06:39.0903 0192 nv_agp - ok
11:06:39.0925 0192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:06:39.0927 0192 ohci1394 - ok
11:06:39.0965 0192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:06:39.0972 0192 p2pimsvc - ok
11:06:39.0991 0192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
11:06:39.0999 0192 p2psvc - ok
11:06:40.0015 0192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:06:40.0018 0192 Parport - ok
11:06:40.0060 0192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:06:40.0063 0192 partmgr - ok
11:06:40.0079 0192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
11:06:40.0081 0192 Parvdm - ok
11:06:40.0099 0192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:06:40.0105 0192 PcaSvc - ok
11:06:40.0121 0192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
11:06:40.0125 0192 pci - ok
11:06:40.0139 0192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:06:40.0141 0192 pciide - ok
11:06:40.0160 0192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:06:40.0165 0192 pcmcia - ok
11:06:40.0178 0192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:06:40.0181 0192 pcw - ok
11:06:40.0229 0192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:06:40.0245 0192 PEAUTH - ok
11:06:40.0334 0192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
11:06:40.0364 0192 pla - ok
11:06:40.0425 0192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:06:40.0436 0192 PlugPlay - ok
11:06:40.0456 0192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:06:40.0460 0192 PNRPAutoReg - ok
11:06:40.0483 0192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:06:40.0488 0192 PNRPsvc - ok
11:06:40.0507 0192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:06:40.0514 0192 PolicyAgent - ok
11:06:40.0530 0192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
11:06:40.0536 0192 Power - ok
11:06:40.0582 0192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:06:40.0587 0192 PptpMiniport - ok
11:06:40.0611 0192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:06:40.0614 0192 Processor - ok
11:06:40.0662 0192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
11:06:40.0671 0192 ProfSvc - ok
11:06:40.0690 0192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:06:40.0695 0192 ProtectedStorage - ok
11:06:40.0741 0192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:06:40.0744 0192 Psched - ok
11:06:40.0806 0192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:06:40.0840 0192 ql2300 - ok
11:06:40.0872 0192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:06:40.0875 0192 ql40xx - ok
11:06:40.0911 0192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:06:40.0923 0192 QWAVE - ok
11:06:40.0938 0192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:06:40.0941 0192 QWAVEdrv - ok
11:06:40.0960 0192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:06:40.0962 0192 RasAcd - ok
11:06:41.0005 0192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:06:41.0008 0192 RasAgileVpn - ok
11:06:41.0033 0192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:06:41.0043 0192 RasAuto - ok
11:06:41.0060 0192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:06:41.0063 0192 Rasl2tp - ok
11:06:41.0118 0192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:06:41.0127 0192 RasMan - ok
11:06:41.0149 0192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:06:41.0154 0192 RasPppoe - ok
11:06:41.0179 0192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:06:41.0192 0192 RasSstp - ok
11:06:41.0242 0192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:06:41.0250 0192 rdbss - ok
11:06:41.0276 0192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:06:41.0281 0192 rdpbus - ok
11:06:41.0322 0192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:06:41.0324 0192 RDPCDD - ok
11:06:41.0371 0192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:06:41.0375 0192 RDPENCDD - ok
11:06:41.0400 0192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:06:41.0403 0192 RDPREFMP - ok
11:06:41.0480 0192 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:06:41.0485 0192 RdpVideoMiniport - ok
11:06:41.0560 0192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:06:41.0580 0192 RDPWD - ok
11:06:41.0632 0192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:06:41.0639 0192 rdyboost - ok
11:06:41.0763 0192 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:06:41.0799 0192 RegSrvc - ok
11:06:41.0826 0192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:06:41.0834 0192 RemoteAccess - ok
11:06:41.0862 0192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:06:41.0872 0192 RemoteRegistry - ok
11:06:41.0928 0192 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:06:41.0942 0192 RFCOMM - ok
11:06:41.0984 0192 [ F2993908BE03181C781228DAADC55230 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
11:06:41.0989 0192 rimsptsk - ok
11:06:42.0004 0192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:06:42.0012 0192 RpcEptMapper - ok
11:06:42.0037 0192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:06:42.0040 0192 RpcLocator - ok
11:06:42.0065 0192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
11:06:42.0071 0192 RpcSs - ok
11:06:42.0119 0192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:06:42.0132 0192 rspndr - ok
11:06:42.0217 0192 [ 79C8488DFA2AA377441645123CB73845 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
11:06:42.0225 0192 RTHDMIAzAudService - ok
11:06:42.0285 0192 [ DF1970AB067B4BA4221F0AD0AB9EBB30 ] RtkAudioService C:\Windows\RtkAudioService.exe
11:06:42.0309 0192 RtkAudioService - ok
11:06:42.0333 0192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
11:06:42.0336 0192 SamSs - ok
11:06:42.0386 0192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:06:42.0404 0192 sbp2port - ok
11:06:42.0634 0192 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:06:42.0664 0192 SBSDWSCService - ok
11:06:42.0705 0192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:06:42.0710 0192 SCardSvr - ok
11:06:42.0728 0192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:06:42.0730 0192 scfilter - ok
11:06:42.0789 0192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:06:42.0813 0192 Schedule - ok
11:06:42.0838 0192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:06:42.0840 0192 SCPolicySvc - ok
11:06:42.0902 0192 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:06:42.0907 0192 sdbus - ok
11:06:42.0953 0192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:06:42.0963 0192 SDRSVC - ok
11:06:43.0009 0192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:06:43.0027 0192 secdrv - ok
11:06:43.0058 0192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:06:43.0063 0192 seclogon - ok
11:06:43.0078 0192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
11:06:43.0082 0192 SENS - ok
11:06:43.0111 0192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:06:43.0116 0192 SensrSvc - ok
11:06:43.0130 0192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:06:43.0132 0192 Serenum - ok
11:06:43.0178 0192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:06:43.0181 0192 Serial - ok
11:06:43.0192 0192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:06:43.0194 0192 sermouse - ok
11:06:43.0240 0192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:06:43.0252 0192 SessionEnv - ok
11:06:43.0314 0192 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
11:06:43.0316 0192 SFEP - ok
11:06:43.0353 0192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:06:43.0358 0192 sffdisk - ok
11:06:43.0373 0192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:06:43.0375 0192 sffp_mmc - ok
11:06:43.0397 0192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:06:43.0399 0192 sffp_sd - ok
11:06:43.0414 0192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:06:43.0416 0192 sfloppy - ok
11:06:43.0458 0192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:06:43.0467 0192 SharedAccess - ok
11:06:43.0566 0192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:06:43.0575 0192 ShellHWDetection - ok
11:06:43.0603 0192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
11:06:43.0605 0192 sisagp - ok
11:06:43.0639 0192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:06:43.0644 0192 SiSRaid2 - ok
11:06:43.0667 0192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:06:43.0672 0192 SiSRaid4 - ok
11:06:43.0890 0192 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:06:43.0939 0192 Skype C2C Service - ok
11:06:44.0008 0192 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:06:44.0076 0192 SkypeUpdate - ok
11:06:44.0115 0192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:06:44.0117 0192 Smb - ok
11:06:44.0178 0192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:06:44.0183 0192 SNMPTRAP - ok
11:06:44.0209 0192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:06:44.0210 0192 spldr - ok
11:06:44.0254 0192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
11:06:44.0269 0192 Spooler - ok
11:06:44.0375 0192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:06:44.0425 0192 sppsvc - ok
11:06:44.0458 0192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:06:44.0461 0192 sppuinotify - ok
11:06:44.0508 0192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:06:44.0514 0192 srv - ok
11:06:44.0532 0192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:06:44.0538 0192 srv2 - ok
11:06:44.0596 0192 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:06:44.0604 0192 SrvHsfHDA - ok
11:06:44.0666 0192 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:06:44.0691 0192 SrvHsfV92 - ok
11:06:44.0725 0192 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:06:44.0737 0192 SrvHsfWinac - ok
11:06:44.0756 0192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:06:44.0759 0192 srvnet - ok
11:06:44.0792 0192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:06:44.0798 0192 SSDPSRV - ok
11:06:44.0867 0192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
11:06:44.0868 0192 ssmdrv - ok
11:06:44.0884 0192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:06:44.0894 0192 SstpSvc - ok
11:06:44.0926 0192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:06:44.0927 0192 stexstor - ok
11:06:44.0989 0192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:06:45.0001 0192 StiSvc - ok
11:06:45.0042 0192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
11:06:45.0044 0192 swenum - ok
11:06:45.0064 0192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:06:45.0074 0192 swprv - ok
11:06:45.0148 0192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:06:45.0177 0192 SysMain - ok
11:06:45.0196 0192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:06:45.0201 0192 TabletInputService - ok
11:06:45.0250 0192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:06:45.0257 0192 TapiSrv - ok
11:06:45.0288 0192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:06:45.0294 0192 TBS - ok
11:06:45.0385 0192 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:06:45.0415 0192 Tcpip - ok
11:06:45.0461 0192 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:06:45.0471 0192 TCPIP6 - ok
11:06:45.0528 0192 [ 9B05AA8089F4EA1BC31208EDE33969F3 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
11:06:45.0530 0192 tcpipBM - ok
11:06:45.0577 0192 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:06:45.0581 0192 tcpipreg - ok
11:06:45.0634 0192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:06:45.0637 0192 TDPIPE - ok
11:06:45.0679 0192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:06:45.0682 0192 TDTCP - ok
11:06:45.0742 0192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:06:45.0746 0192 tdx - ok
11:06:45.0779 0192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:06:45.0783 0192 TermDD - ok
11:06:45.0847 0192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
11:06:45.0866 0192 TermService - ok
11:06:45.0894 0192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:06:45.0902 0192 Themes - ok
11:06:45.0925 0192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:06:45.0932 0192 THREADORDER - ok
11:06:45.0955 0192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:06:45.0965 0192 TrkWks - ok
11:06:46.0009 0192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:06:46.0041 0192 TrustedInstaller - ok
11:06:46.0076 0192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:06:46.0078 0192 tssecsrv - ok
11:06:46.0114 0192 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:06:46.0116 0192 TsUsbFlt - ok
11:06:46.0179 0192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:06:46.0182 0192 tunnel - ok
11:06:46.0207 0192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:06:46.0210 0192 uagp35 - ok
11:06:46.0249 0192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:06:46.0257 0192 udfs - ok
11:06:46.0284 0192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:06:46.0289 0192 UI0Detect - ok
11:06:46.0342 0192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:06:46.0345 0192 uliagpkx - ok
11:06:46.0391 0192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
11:06:46.0393 0192 umbus - ok
11:06:46.0435 0192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:06:46.0437 0192 UmPass - ok
11:06:46.0474 0192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:06:46.0482 0192 upnphost - ok
11:06:46.0560 0192 [ 56B0B784E0ED3B6A9BEB67F63CD6D4A2 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys
11:06:46.0574 0192 USB28xxBGA - ok
11:06:46.0595 0192 [ D74634509E22EA69692EA173586DB8E6 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys
11:06:46.0597 0192 USB28xxOEM - ok
11:06:46.0640 0192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
11:06:46.0644 0192 USBAAPL - ok
11:06:46.0690 0192 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:06:46.0694 0192 usbccgp - ok
11:06:46.0740 0192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:06:46.0745 0192 usbcir - ok
11:06:46.0762 0192 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:06:46.0765 0192 usbehci - ok
11:06:46.0814 0192 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:06:46.0822 0192 usbhub - ok
11:06:46.0851 0192 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:06:46.0853 0192 usbohci - ok
11:06:46.0908 0192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:06:46.0910 0192 usbprint - ok
11:06:46.0937 0192 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:06:46.0941 0192 USBSTOR - ok
11:06:46.0971 0192 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:06:46.0974 0192 usbuhci - ok
11:06:47.0026 0192 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:06:47.0033 0192 usbvideo - ok
11:06:47.0053 0192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:06:47.0062 0192 UxSms - ok
11:06:47.0135 0192 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
11:06:47.0141 0192 VAIO Event Service - ok
11:06:47.0250 0192 [ 2A6565981B46BBDBEDD7AE99C106DE87 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
11:06:47.0261 0192 VAIO Power Management - ok
11:06:47.0284 0192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
11:06:47.0286 0192 VaultSvc - ok
11:06:47.0329 0192 [ 3042933A8C350150A9EF48800746C0A3 ] VComm C:\Windows\system32\DRIVERS\VComm.sys
11:06:47.0331 0192 VComm - ok
11:06:47.0375 0192 [ 882F488458587CBAD92671E45259002A ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys
11:06:47.0378 0192 VcommMgr - ok
11:06:47.0416 0192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:06:47.0420 0192 vdrvroot - ok
11:06:47.0482 0192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:06:47.0501 0192 vds - ok
11:06:47.0544 0192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:06:47.0548 0192 vga - ok
11:06:47.0571 0192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:06:47.0573 0192 VgaSave - ok
11:06:47.0611 0192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:06:47.0614 0192 vhdmp - ok
11:06:47.0659 0192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:06:47.0664 0192 viaagp - ok
11:06:47.0682 0192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
11:06:47.0687 0192 ViaC7 - ok
11:06:47.0724 0192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:06:47.0727 0192 viaide - ok
11:06:47.0766 0192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:06:47.0771 0192 volmgr - ok
11:06:47.0798 0192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:06:47.0808 0192 volmgrx - ok
11:06:47.0849 0192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:06:47.0858 0192 volsnap - ok
11:06:47.0905 0192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:06:47.0912 0192 vsmraid - ok
11:06:47.0987 0192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:06:48.0019 0192 VSS - ok
11:06:48.0040 0192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
11:06:48.0042 0192 vwifibus - ok
11:06:48.0075 0192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:06:48.0083 0192 W32Time - ok
11:06:48.0108 0192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:06:48.0110 0192 WacomPen - ok
11:06:48.0154 0192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:06:48.0157 0192 WANARP - ok
11:06:48.0161 0192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:06:48.0163 0192 Wanarpv6 - ok
11:06:48.0204 0192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
11:06:48.0228 0192 wbengine - ok
11:06:48.0246 0192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:06:48.0252 0192 WbioSrvc - ok
11:06:48.0295 0192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:06:48.0310 0192 wcncsvc - ok
11:06:48.0328 0192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:06:48.0332 0192 WcsPlugInService - ok
11:06:48.0348 0192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:06:48.0350 0192 Wd - ok
11:06:48.0399 0192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:06:48.0409 0192 Wdf01000 - ok
11:06:48.0428 0192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:06:48.0432 0192 WdiServiceHost - ok
11:06:48.0436 0192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:06:48.0439 0192 WdiSystemHost - ok
11:06:48.0491 0192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
11:06:48.0504 0192 WebClient - ok
11:06:48.0518 0192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:06:48.0530 0192 Wecsvc - ok
11:06:48.0550 0192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:06:48.0554 0192 wercplsupport - ok
11:06:48.0595 0192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:06:48.0599 0192 WerSvc - ok
11:06:48.0640 0192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:06:48.0642 0192 WfpLwf - ok
11:06:48.0656 0192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:06:48.0657 0192 WIMMount - ok
11:06:48.0709 0192 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:06:48.0727 0192 winachsf - ok
11:06:48.0797 0192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:06:48.0836 0192 WinDefend - ok
11:06:48.0842 0192 WinHttpAutoProxySvc - ok
11:06:48.0912 0192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:06:48.0953 0192 Winmgmt - ok
11:06:49.0022 0192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
11:06:49.0051 0192 WinRM - ok
11:06:49.0116 0192 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:06:49.0120 0192 WinUsb - ok
11:06:49.0177 0192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:06:49.0204 0192 Wlansvc - ok
11:06:49.0393 0192 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:06:49.0420 0192 wlidsvc - ok
11:06:49.0459 0192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:06:49.0462 0192 WmiAcpi - ok
11:06:49.0511 0192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:06:49.0523 0192 wmiApSrv - ok
11:06:49.0632 0192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:06:49.0660 0192 WMPNetworkSvc - ok
11:06:49.0686 0192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:06:49.0690 0192 WPCSvc - ok
11:06:49.0727 0192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:06:49.0732 0192 WPDBusEnum - ok
11:06:49.0765 0192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:06:49.0768 0192 ws2ifsl - ok
11:06:49.0795 0192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
11:06:49.0805 0192 wscsvc - ok
11:06:49.0813 0192 WSearch - ok
11:06:49.0912 0192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:06:49.0999 0192 wuauserv - ok
11:06:50.0081 0192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:06:50.0149 0192 WudfPf - ok
11:06:50.0260 0192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:06:50.0264 0192 WUDFRd - ok
11:06:50.0306 0192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:06:50.0316 0192 wudfsvc - ok
11:06:50.0348 0192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:06:50.0384 0192 WwanSvc - ok
11:06:50.0415 0192 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
11:06:50.0417 0192 XAudio - ok
11:06:50.0469 0192 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
11:06:50.0481 0192 XAudioService - ok
11:06:50.0535 0192 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
11:06:50.0545 0192 yukonw7 - ok
11:06:50.0584 0192 ================ Scan global ===============================
11:06:50.0615 0192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:06:50.0662 0192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
11:06:50.0684 0192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
11:06:50.0721 0192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:06:50.0746 0192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:06:50.0754 0192 [Global] - ok
11:06:50.0754 0192 ================ Scan MBR ==================================
11:06:50.0771 0192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:06:51.0169 0192 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:06:51.0170 0192 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:06:51.0170 0192 ================ Scan VBR ==================================
11:06:51.0206 0192 [ C0811C2CBF4C4D7752D9293A84863923 ] \Device\Harddisk0\DR0\Partition1
11:06:51.0210 0192 \Device\Harddisk0\DR0\Partition1 - ok
11:06:51.0228 0192 [ E55B4D65E3A25B179D5B0A9CC138DEDC ] \Device\Harddisk0\DR0\Partition2
11:06:51.0232 0192 \Device\Harddisk0\DR0\Partition2 - ok
11:06:51.0233 0192 ============================================================
11:06:51.0233 0192 Scan finished
11:06:51.0233 0192 ============================================================
11:06:51.0258 4272 Detected object count: 1
11:06:51.0258 4272 Actual detected object count: 1
11:07:00.0075 4272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:07:00.0075 4272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2
Run by Phil at 11:10:56 on 2013-02-22
#Option MBR scan is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.890 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
mRun: [DataCardMonitor] c:\program files\t-mobile\web'n'walk manager\DataCardMonitor.exe
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - c:\users\phil\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\47D6F62696C656 : DHCPNameServer = 10.120.136.116
TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\64259445A51224F6870264F6E60275C414E40273134313 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\B4F4354554E4C4F435F575C414E4 : DHCPNameServer = 172.23.235.1
Handler: AutorunsDisabled - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-9-27 17904]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-11 36552]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-9-27 3082640]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-11-11 86752]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-11-11 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-11 83944]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2010-3-9 143467]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-12-20 299008]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2009-12-20 102400]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-14 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-12-20 411488]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 29192]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-8-26 25480]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-10-21 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-9-27 54072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-23 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-23 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-23 49664]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
FileExt: .txt: opendocument.WriterDocument.1="c:\program files\openoffice.org 3\program\swriter.exe" -o "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-21 23:13:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-21 23:13:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-21 23:13:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-02-21 23:13:01 149528 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-02-21 23:13:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-02-21 23:13:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-21 23:13:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 23:12:59 757280 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-02-21 23:12:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-02-21 23:12:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-02-21 23:12:59 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 23:12:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-21 23:12:51 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-02-21 22:06:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-21 17:52:26 -------- d-----w- c:\program files\iPod
2013-02-21 17:52:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 17:52:25 -------- d-----w- c:\program files\iTunes
2013-02-21 17:50:26 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38790f8-9c51-4adb-8e9c-fc632d26ff60}\offreg.dll
2013-02-21 17:38:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-21 17:38:38 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-21 17:38:28 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-21 17:38:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-21 17:38:23 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-21 17:36:28 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38790f8-9c51-4adb-8e9c-fc632d26ff60}\mpengine.dll
2013-02-13 05:48:36 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-24 21:42:18 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2013-01-24 21:41:59 91488 ----a-w- c:\windows\system32\R4EEA32A.dll
2013-01-24 21:29:29 -------- d-----w- c:\program files\AMD APP
2013-01-24 21:27:52 -------- d-----w- C:\AMD
.
==================== Find3M ====================
.
2013-02-21 22:06:13 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-21 22:03:05 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 22:03:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-06 18:13:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-19 14:45:04 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44:42 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-19 14:44:32 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-19 14:38:48 28732928 ----a-w- c:\windows\system32\amdocl.dll
2012-12-19 14:34:38 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-11 12:36:00 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 11:11:47,82 ===============
--- --- --- --- --- --- Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 19.12.2009 23:58:33 System Uptime: 22.02.2013 10:33:53 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | N/A | 793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 206,822 GiB free. D: is Removable E: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP456: 04.02.2013 18:53:23 - Geplanter Prüfpunkt RP457: 06.02.2013 19:12:44 - Installed Java 7 Update 13 RP458: 13.02.2013 08:02:45 - Windows Update RP459: 21.02.2013 18:35:29 - Windows Update RP460: 21.02.2013 23:04:52 - Installed Java 7 Update 15 RP461: 22.02.2013 00:10:15 - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Adobe Shockwave Player 12.0 Akamai NetSession Interface Akamai NetSession Interface Service AMD APP SDK Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Autodesk Material Library 2011 Autodesk Material Library 2011 Base Image library Avira Free Antivirus Bing Maps 3D BlueSoleil 6.4.305.0 Bonjour CCleaner D3DX10 DivX Plus Media Foundation Components DivX Version Checker Dolby Control Center EA Download Manager Emsisoft Anti-Malware eType FIFA 11 Fotogalerie Free YouTube Download version 3.1.42.1212 Google Chrome Google Earth Google Update Helper HDAUDIO SoftV92 Data Fax Modem with SmartCP iCloud Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software IsoBuster 3.0 iTunes Java 7 Update 15 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware Version 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 ooVoo OpenOffice.org 3.4 Photo Common Photo Gallery Printer Pro Desktop QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Setting Utility Series Skype Click to Call Skype™ 6.1 Smart File Advisor 1.1.1 SopCast 3.4.8 Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy Sunny Design swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Updater Service VAIO Control Center VAIO Energie Verwaltung VAIO Event Service VAIO Smart Network VAIO Update VC80CRTRedist - 8.0.50727.4053 Veetle TV 0.9.18 VLC media player 1.1.7 web'n'walk Manager Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR . ==== End Of File =========================== |
|
22.02.2013, 11:54
| #6 |
| /// TB-Ausbilder | Trojaner Problem Bevor es weitergeht: Hattest du auf diesem Rechner schon mal eine Infektion? Ist dir da noch was bekannt?
__________________ --> Trojaner Problem |
|
22.02.2013, 12:44
| #7 |
| | Trojaner Problem Ich hatte den Ukash/BKA-Trojaner vor 6 Monaten... Ansonsten nichts mit diesem System |
|
22.02.2013, 14:44
| #8 |
| /// TB-Ausbilder | Trojaner Problem Hm, ich möchte dennoch auf Nummer "Sicher" gehen und brauche einen weiteren Scan. Scan mit Farbar's Recovery Scan Tool
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.02.2013, 15:17
| #9 |
| | Trojaner Problem Vielen Dank nochmal an dieser Stelle für deine Unterstützung. Hier der Logfile... Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01
Ran by SYSTEM at 22-02-2013 15:10:54
Running from E:\
Windows 7 Home Premium (X86) OS Language: German Standard
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [253952 2010-04-29] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-02-06] (Avira Operations GmbH & Co. KG)
HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation)
HKU\Default User\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation)
HKU\Gast\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation)
HKU\Gast\...\Run: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [1248208 2013-01-26] (Google Inc.)
HKU\PhilundPepi\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation)
HKU\PhilundPepi\...\Run: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [1248208 2013-01-26] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Startup: C:\Users\PhilundPepi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> X:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
==================== Services (Whitelisted) ===================
2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [3082640 2012-09-19] (Emsisoft GmbH)
2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86752 2013-02-06] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110816 2013-02-06] (Avira Operations GmbH & Co. KG)
2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [926720 2010-03-10] (IVT Corporation)
3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2010-03-08] (IVT Corporation)
2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2010-03-09] (IVT Corporation)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3064000 2012-10-02] (Skype Technologies S.A.)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH)
1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [17904 2011-05-19] (Emsi Software GmbH)
2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-12-11] (Avira Operations GmbH & Co. KG)
1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-12-11] (Avira Operations GmbH & Co. KG)
1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-13] (Avira Operations GmbH & Co. KG)
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36616 2010-02-25] (IVT Corporation.)
0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [19592 2009-09-24] (IVT Corporation.)
3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-09-24] ()
3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-08-26] (IVT Corporation.)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.)
1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.)
3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.)
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-08-26] (IVT Corporation.)
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-08-28] (IVT Corporation.)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-12-20] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-02-22 14:55 - 2013-02-22 14:57 - 00001472 ____A C:\Users\PhilundPepi\Desktop\Scan.txt
2013-02-22 13:35 - 2013-02-22 13:35 - 00000000 ____D C:\Windows\LastGood
2013-02-22 11:33 - 2013-02-22 11:33 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-02-22 11:24 - 2013-02-22 11:26 - 152249762 ____A C:\Users\Phil\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-02-22 11:12 - 2013-02-22 11:12 - 00005914 ____A C:\Users\Phil\Desktop\attach.txt
2013-02-22 11:12 - 2013-02-22 11:11 - 00015776 ____A C:\Users\Phil\Desktop\dds.txt
2013-02-22 11:05 - 2013-02-22 11:05 - 00002122 ____A C:\Users\Phil\Desktop\aswMBR.txt
2013-02-22 11:05 - 2013-02-22 11:05 - 00000512 ____A C:\Users\Phil\Desktop\MBR.dat
2013-02-22 10:36 - 2013-02-22 10:36 - 00000470 ____A C:\Users\Phil\Downloads\defogger_disable.log
2013-02-22 10:25 - 2013-02-22 10:26 - 04732416 ____A (AVAST Software) C:\Users\Phil\Desktop\aswMBR.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Phil\Downloads\tdsskiller.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 00700783 ____R (Swearware) C:\Users\Phil\Downloads\dds+.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 00050477 ____A C:\Users\Phil\Downloads\Defogger.exe
2013-02-22 10:19 - 2013-02-22 10:19 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Phil\Downloads\Shockwave_Installer_Slim.exe
2013-02-22 08:30 - 2013-02-22 08:30 - 00000512 ____A C:\Users\Phil\Downloads\MBR.dat
2013-02-22 00:13 - 2013-01-08 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-22 00:13 - 2013-01-08 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-22 00:13 - 2013-01-08 22:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-02-22 00:13 - 2013-01-08 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-02-22 00:13 - 2013-01-08 22:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-02-22 00:13 - 2013-01-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-22 00:13 - 2013-01-08 22:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-22 00:13 - 2013-01-08 22:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-22 00:13 - 2013-01-08 22:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-22 00:12 - 2013-01-08 23:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-22 00:12 - 2013-01-08 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-02-22 00:12 - 2013-01-08 23:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-22 00:12 - 2013-01-08 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-02-22 00:12 - 2013-01-08 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-22 00:12 - 2013-01-08 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-22 00:12 - 2013-01-08 22:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-21 23:13 - 2013-02-21 23:14 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\vlc
2013-02-21 23:06 - 2013-02-21 23:07 - 07781072 ____A (Adobe Systems Inc.) C:\Users\PhilundPepi\Desktop\Shockwave_Installer_Slim.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-02-21 22:03 - 2013-02-21 22:04 - 00700783 ____R (Swearware) C:\Users\PhilundPepi\Desktop\dds+.exe
2013-02-21 21:09 - 2013-02-21 21:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\PhilundPepi\Desktop\tdsskiller.exe
2013-02-21 21:06 - 2013-02-22 07:46 - 00000470 ____A C:\Users\PhilundPepi\Desktop\defogger_disable.log
2013-02-21 21:06 - 2013-02-21 21:06 - 00000000 ____A C:\Users\Phil\defogger_reenable
2013-02-21 21:02 - 2013-02-21 21:03 - 04732416 ____A (AVAST Software) C:\Users\PhilundPepi\Desktop\aswMBR.exe
2013-02-21 21:00 - 2013-02-21 21:00 - 00050477 ____A C:\Users\PhilundPepi\Desktop\Defogger.exe
2013-02-21 18:53 - 2013-02-21 18:53 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-21 18:52 - 2013-02-21 18:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 18:52 - 2013-02-21 18:53 - 00000000 ____D C:\Program Files\iTunes
2013-02-21 18:52 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iPod
2013-02-21 18:38 - 2013-01-05 06:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-02-21 18:38 - 2013-01-05 06:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-02-21 18:38 - 2013-01-04 05:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-02-21 18:38 - 2013-01-03 06:05 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-02-21 18:38 - 2013-01-03 06:04 - 00187752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2013-02-21 18:15 - 2013-02-21 18:15 - 00000000 ____D C:\Users\PhilundPepi\Desktop\Nikolakis
2013-02-15 22:41 - 2013-02-18 08:04 - 00027648 ____A C:\Users\PhilundPepi\Desktop\Aufsichtsplan_März 2013.xls
2013-02-13 06:48 - 2013-01-04 04:00 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-02-11 18:38 - 2013-02-16 17:57 - 00015872 ____A C:\Users\PhilundPepi\Desktop\Klausuraufsichten 1.+ 2. Sem. WS 12 - Prüf.2 (Einteilung).xls
2013-02-06 06:27 - 2013-02-21 23:01 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Mozilla Firefox
2013-01-27 11:13 - 2013-01-27 11:13 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-27 11:13 - 2013-01-27 11:13 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-01-27 09:44 - 2012-12-28 08:56 - 00445037 ____A C:\Windows\System32\Drivers\etc\hosts.20130127-094456.backup
2013-01-26 18:58 - 2013-01-26 18:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-01-24 23:33 - 2013-01-24 23:33 - 04189792 ____A (Piriform Ltd) C:\Users\Phil\Downloads\ccsetup327.exe
2013-01-24 22:50 - 2012-06-05 13:45 - 00204432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtHDMIV.sys
2013-01-24 22:50 - 2012-05-17 11:29 - 07161696 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP32H.dll
2013-01-24 22:50 - 2012-05-17 11:29 - 00351072 ____A (Dolby Laboratories) C:\Windows\System32\R4EED32H.dll
2013-01-24 22:50 - 2012-05-17 11:29 - 00105824 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL32H.dll
2013-01-24 22:50 - 2012-05-17 11:29 - 00091488 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA32H.dll
2013-01-24 22:50 - 2012-05-17 11:29 - 00061792 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG32H.dll
2013-01-24 22:50 - 2011-12-02 14:20 - 03320936 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkHDMI.dll
2013-01-24 22:50 - 2011-09-27 14:04 - 02275432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHDMIExt.dll
2013-01-24 22:50 - 2011-07-06 13:27 - 00076392 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHCoInst.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00357720 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32H.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DHT32.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DAA32.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00170840 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32H.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00076120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32H.dll
2013-01-24 22:50 - 2010-11-08 07:31 - 00064856 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32H.dll
2013-01-24 22:42 - 2012-06-19 16:54 - 03240400 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHDA.sys
2013-01-24 22:42 - 2012-06-19 13:30 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-01-24 22:42 - 2012-06-08 16:18 - 03173008 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO.dll
2013-01-24 22:42 - 2012-06-06 10:44 - 00645776 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll
2013-01-24 22:42 - 2012-06-01 09:37 - 02417808 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll
2013-01-24 22:42 - 2012-05-31 18:08 - 00087696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInstII.dll
2013-01-24 22:42 - 2012-02-21 19:45 - 01725784 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-01-24 22:42 - 2012-01-30 11:42 - 00819648 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo2.dll
2013-01-24 22:42 - 2012-01-10 10:20 - 00058264 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\TepeqAPO.dll
2013-01-24 22:42 - 2011-12-20 05:43 - 00192104 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-01-24 22:42 - 2011-12-13 16:58 - 01497704 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl
2013-01-24 22:42 - 2011-11-22 16:28 - 00013416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR.dll
2013-01-24 22:42 - 2011-09-02 14:21 - 00214368 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK.dll
2013-01-24 22:42 - 2011-09-02 14:21 - 00074080 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM.dll
2013-01-24 22:42 - 2011-09-02 14:21 - 00068960 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO.dll
2013-01-24 22:42 - 2011-03-17 12:16 - 01379760 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-01-24 22:42 - 2011-03-07 17:03 - 00134584 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00359768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00170840 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll
2013-01-24 22:42 - 2010-11-08 07:31 - 00064856 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll
2013-01-24 22:42 - 2009-11-24 09:55 - 00345328 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll
2013-01-24 22:42 - 2009-11-24 09:55 - 00185584 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSHD.dll
2013-01-24 22:42 - 2009-11-24 09:55 - 00173296 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP360.dll
2013-01-24 22:42 - 2009-11-24 09:55 - 00140528 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll
2013-01-24 22:42 - 2009-11-18 18:42 - 01783056 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesLib.dll
2013-01-24 22:41 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes.dat
2013-01-24 22:41 - 2012-05-17 11:29 - 07161696 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP32A.dll
2013-01-24 22:41 - 2012-05-17 11:29 - 00351072 ____A (Dolby Laboratories) C:\Windows\System32\R4EED32A.dll
2013-01-24 22:41 - 2012-05-17 11:29 - 00105824 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL32A.dll
2013-01-24 22:41 - 2012-05-17 11:29 - 00091488 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA32A.dll
2013-01-24 22:41 - 2012-05-17 11:29 - 00061792 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG32A.dll
2013-01-24 22:41 - 2012-04-10 14:40 - 02193472 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll
2013-01-24 22:41 - 2012-04-03 18:41 - 01185112 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek2.dll
2013-01-24 22:41 - 2012-04-03 18:41 - 00709976 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell.dll
2013-01-24 22:41 - 2012-03-08 11:47 - 00176736 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll
2013-01-24 22:41 - 2012-03-08 11:47 - 00095840 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll
2013-01-24 22:41 - 2012-02-17 15:54 - 00350552 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-01-24 22:41 - 2012-02-13 22:36 - 07783768 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-01-24 22:41 - 2012-01-23 22:28 - 00421744 ____A (DTS) C:\Windows\System32\DTSU2PLFX32.dll
2013-01-24 22:41 - 2012-01-23 22:28 - 00398192 ____A (DTS) C:\Windows\System32\DTSU2PGFX32.dll
2013-01-24 22:41 - 2012-01-23 22:28 - 00335216 ____A (DTS) C:\Windows\System32\DTSU2PREC32.dll
2013-01-24 22:41 - 2011-12-18 17:57 - 01836376 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-01-24 22:41 - 2011-08-23 17:00 - 00357712 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 01509480 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 01292904 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 01220200 ____A (DTS) C:\Windows\System32\DTSBoostDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00654952 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00631400 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00601704 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00458344 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00389736 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00375400 ____A (DTS) C:\Windows\System32\DTSLimiterDLL.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPONS.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPO.dll
2013-01-24 22:41 - 2011-05-31 09:42 - 00218216 ____A (DTS) C:\Windows\System32\DTSLFXAPO.dll
2013-01-24 22:41 - 2010-10-03 13:45 - 00259928 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-01-24 22:41 - 2010-09-27 09:34 - 00232792 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-01-24 22:41 - 2009-12-04 15:43 - 00132368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO.dll
2013-01-24 22:29 - 2013-01-24 22:29 - 00000000 ____D C:\Program Files\AMD APP
2013-01-24 22:27 - 2013-01-24 22:27 - 00000000 ____D C:\AMD
==================== One Month Modified Files and Folders ========
2013-02-22 15:02 - 2012-08-14 20:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-22 15:02 - 2011-12-14 09:39 - 01845353 ____A C:\Windows\WindowsUpdate.log
2013-02-22 14:57 - 2013-02-22 14:55 - 00001472 ____A C:\Users\PhilundPepi\Desktop\Scan.txt
2013-02-22 14:50 - 2009-12-20 00:02 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-22 14:48 - 2013-01-01 14:08 - 00018249 ____A C:\Windows\setupact.log
2013-02-22 14:47 - 2012-09-18 18:40 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-22 13:35 - 2013-02-22 13:35 - 00000000 ____D C:\Windows\LastGood
2013-02-22 11:41 - 2012-09-18 18:40 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-22 11:40 - 2012-08-15 22:10 - 00064024 ____A C:\Users\PhilundPepi\AppData\Local\GDIPFONTCACHEV1.DAT
2013-02-22 11:37 - 2009-12-28 17:58 - 00000000 ____D C:\Windows\pss
2013-02-22 11:33 - 2013-02-22 11:33 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2013-02-22 11:33 - 2009-12-20 13:46 - 00000000 ____D C:\Program Files\OpenOffice.org 3
2013-02-22 11:26 - 2013-02-22 11:24 - 152249762 ____A C:\Users\Phil\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe
2013-02-22 11:20 - 2012-11-23 23:14 - 00000000 ____D C:\Users\Phil\AppData\Local\Windows Live
2013-02-22 11:12 - 2013-02-22 11:12 - 00005914 ____A C:\Users\Phil\Desktop\attach.txt
2013-02-22 11:11 - 2013-02-22 11:12 - 00015776 ____A C:\Users\Phil\Desktop\dds.txt
2013-02-22 11:05 - 2013-02-22 11:05 - 00002122 ____A C:\Users\Phil\Desktop\aswMBR.txt
2013-02-22 11:05 - 2013-02-22 11:05 - 00000512 ____A C:\Users\Phil\Desktop\MBR.dat
2013-02-22 10:42 - 2009-07-14 05:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-22 10:42 - 2009-07-14 05:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-22 10:36 - 2013-02-22 10:36 - 00000470 ____A C:\Users\Phil\Downloads\defogger_disable.log
2013-02-22 10:35 - 2010-12-18 18:50 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2013-02-22 10:34 - 2010-03-10 08:45 - 00001206 ____A C:\Windows\System32\bscs.ini
2013-02-22 10:34 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-22 10:26 - 2013-02-22 10:25 - 04732416 ____A (AVAST Software) C:\Users\Phil\Desktop\aswMBR.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Phil\Downloads\tdsskiller.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 00700783 ____R (Swearware) C:\Users\Phil\Downloads\dds+.exe
2013-02-22 10:22 - 2013-02-22 10:22 - 00050477 ____A C:\Users\Phil\Downloads\Defogger.exe
2013-02-22 10:19 - 2013-02-22 10:19 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Phil\Downloads\Shockwave_Installer_Slim.exe
2013-02-22 09:57 - 2012-11-26 09:58 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Windows Live
2013-02-22 08:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-02-22 08:30 - 2013-02-22 08:30 - 00000512 ____A C:\Users\Phil\Downloads\MBR.dat
2013-02-22 07:46 - 2013-02-21 21:06 - 00000470 ____A C:\Users\PhilundPepi\Desktop\defogger_disable.log
2013-02-22 00:14 - 2009-12-20 00:01 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-21 23:14 - 2013-02-21 23:13 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\vlc
2013-02-21 23:07 - 2013-02-21 23:06 - 07781072 ____A (Adobe Systems Inc.) C:\Users\PhilundPepi\Desktop\Shockwave_Installer_Slim.exe
2013-02-21 23:07 - 2011-07-08 19:20 - 00000000 ____D C:\Windows\System32\Adobe
2013-02-21 23:06 - 2013-02-21 23:06 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-02-21 23:06 - 2013-02-21 23:06 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-02-21 23:06 - 2011-01-04 07:25 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-02-21 23:03 - 2012-03-31 09:14 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-02-21 23:03 - 2011-07-08 19:20 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-02-21 23:02 - 2009-12-20 13:44 - 00000000 ____D C:\ProgramData\Adobe
2013-02-21 23:01 - 2013-02-06 06:27 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Mozilla Firefox
2013-02-21 22:04 - 2013-02-21 22:03 - 00700783 ____R (Swearware) C:\Users\PhilundPepi\Desktop\dds+.exe
2013-02-21 21:09 - 2013-02-21 21:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\PhilundPepi\Desktop\tdsskiller.exe
2013-02-21 21:06 - 2013-02-21 21:06 - 00000000 ____A C:\Users\Phil\defogger_reenable
2013-02-21 21:06 - 2009-12-19 23:58 - 00000000 ____D C:\users\Phil
2013-02-21 21:03 - 2013-02-21 21:02 - 04732416 ____A (AVAST Software) C:\Users\PhilundPepi\Desktop\aswMBR.exe
2013-02-21 21:00 - 2013-02-21 21:00 - 00050477 ____A C:\Users\PhilundPepi\Desktop\Defogger.exe
2013-02-21 18:53 - 2013-02-21 18:53 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-02-21 18:53 - 2013-02-21 18:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 18:53 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iTunes
2013-02-21 18:52 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iPod
2013-02-21 18:52 - 2009-12-28 17:52 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-02-21 18:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-02-21 18:29 - 2009-07-14 05:33 - 00295272 ____A C:\Windows\System32\FNTCACHE.DAT
2013-02-21 18:27 - 2012-08-15 22:10 - 00000000 ____D C:\users\PhilundPepi
2013-02-21 18:27 - 2011-04-14 06:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-02-21 18:27 - 2010-04-08 16:35 - 00000000 ____D C:\Users\Phil\AppData\Local\bluesoleil
2013-02-21 18:27 - 2009-12-23 09:22 - 00000000 ____D C:\users\Gast
2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-02-21 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-02-21 18:24 - 2012-08-16 07:39 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\Skype
2013-02-21 18:24 - 2010-01-10 21:44 - 00000000 ____D C:\ProgramData\Real
2013-02-21 18:15 - 2013-02-21 18:15 - 00000000 ____D C:\Users\PhilundPepi\Desktop\Nikolakis
2013-02-20 11:35 - 2009-12-28 17:55 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Apple Computer
2013-02-18 08:04 - 2013-02-15 22:41 - 00027648 ____A C:\Users\PhilundPepi\Desktop\Aufsichtsplan_März 2013.xls
2013-02-16 17:57 - 2013-02-11 18:38 - 00015872 ____A C:\Users\PhilundPepi\Desktop\Klausuraufsichten 1.+ 2. Sem. WS 12 - Prüf.2 (Einteilung).xls
2013-02-06 19:13 - 2012-08-14 07:47 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-02-01 05:59 - 2013-01-02 06:22 - 00004236 ____A C:\Windows\PFRO.log
2013-01-27 21:04 - 2012-09-27 21:18 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2013-01-27 11:14 - 2009-12-26 09:18 - 00000000 ____D C:\ProgramData\Skype
2013-01-27 11:13 - 2013-01-27 11:13 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-27 11:13 - 2013-01-27 11:13 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-01-27 11:13 - 2009-12-26 09:18 - 00000000 ___RD C:\Program Files\Skype
2013-01-26 18:58 - 2013-01-26 18:58 - 00000000 ____D C:\Program Files\Common Files\Java
2013-01-25 07:59 - 2012-11-23 23:45 - 00000000 ____D C:\Users\PhilundPepi\Tracing
2013-01-24 23:37 - 2010-01-19 18:23 - 00000000 ____D C:\Program Files\CCleaner
2013-01-24 23:33 - 2013-01-24 23:33 - 04189792 ____A (Piriform Ltd) C:\Users\Phil\Downloads\ccsetup327.exe
2013-01-24 22:42 - 2009-12-20 11:03 - 00000000 ____D C:\Windows\System32\RTCOM
2013-01-24 22:29 - 2013-01-24 22:29 - 00000000 ____D C:\Program Files\AMD APP
2013-01-24 22:27 - 2013-01-24 22:27 - 00000000 ____D C:\AMD
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-02-13 08:03:01
Restore point made on: 2013-02-21 18:36:08
Restore point made on: 2013-02-21 23:05:12
Restore point made on: 2013-02-22 00:10:30
Restore point made on: 2013-02-22 11:31:23
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 2046.04 MB
Available physical RAM: 1603.89 MB
Total Pagefile: 2046.04 MB
Available Pagefile: 1600.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1960.7 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:297.99 GB) (Free:208.37 GB) NTFS
2 Drive e: () (Removable) (Total:7.37 GB) (Free:0.94 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 298 GB 0 B
Datentr„ger 1 Online 7560 MB 0 B
Partitions of Disk 0:
===============
Datentr„ger-ID: 7D7AD924
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 100 MB 1024 KB
Partition 2 Prim„r 297 GB 101 MB
=========================================================
Disk: 0
Partition 1
Typ : 07
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 100 MB Fehlerfre
=========================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Fehlerfre
=========================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Fehlerfre
=========================================================
Partitions of Disk 1:
===============
Datentr„ger-ID: C3072E18
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 7558 MB 1308 KB
=========================================================
Disk: 1
Partition 1
Typ : 0C
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Wechselmed 7558 MB Fehlerfre
=========================================================
Disk: 1
Partition 1
Typ : 0C
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FAT32 Wechselmed 7558 MB Fehlerfre
=========================================================
Last Boot: 2013-02-13 17:19
==================== End Of Log ============================
Geändert von conqui (22.02.2013 um 15:24 Uhr) |
|
22.02.2013, 15:54
| #10 |
| /// TB-Ausbilder | Trojaner Problem Lass dich von Avira nicht verwirren. Das meldet oft nicht richtig an Windows ob es funktioniert oder nicht. Wir hier bei TB empfehlen es eher nicht mehr. Jetzt führe bitte TDSSKiller nochmals aus wie beschrieben und lass das TDSS File System entfernen. Dann bitte ein Neustart. Danach bitte nochmals ein neues Logfile mit TDSSKiller.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.02.2013, 21:33
| #11 |
| | Trojaner Problem Hallo, ich habe eben nochmal den TDSSKiller scannen lassen und TDSS File System entfernt. Nun ist das Logfile so groß, dass ich es nicht posten kann, auch nicht als Anhang. Packen kann ich es auch nicht, da schreibgeschützt. Es ist 277kB groß, während das alte nur ca 135kB groß war...was soll ich tun? |
|
22.02.2013, 21:35
| #12 |
| | Trojaner Problem Mit deiner Erlaubnis, hab ich ein PDF draus gemacht... |
|
22.02.2013, 21:42
| #13 |
| /// TB-Ausbilder | Trojaner Problem Puh! Gut Dann hat das schon mal geklappt und wir können jetzt mit dem Rest weiter machen. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitteSchritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.02.2013, 22:37
| #14 |
| | Trojaner Problem Alle Schritte wurden der Reihe nach akribisch durchgeführt. Die beiden Logfiles: Schritt 2 Code:
ATTFilter # AdwCleaner v2.112 - Datei am 22/02/2013 um 22:02:48 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Phil - PHIL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Phil\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType
Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\extensions\staged
Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\PerformerSoft
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Schlüssel Gelöscht : HKLM\Software\ResearchNow
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\PhilundPepi\AppData\Roaming\Mozilla\Firefox\Profiles\lwh4h64n.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3y48bae2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.38] : keyword = "startsear.ch",
Gelöscht [l.41] : search_url = "hxxp://startsear.ch/?aff=1&q={searchTerms}",
Datei : C:\Users\PhilundPepi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [2813 octets] - [22/02/2013 22:02:48]
########## EOF - C:\AdwCleaner[S2].txt - [2873 octets] ##########
Code:
ATTFilter ComboFix 13-02-22.01 - Phil 22.02.2013 22:20:46.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.886 [GMT 1:00]
ausgeführt von:: c:\users\Phil\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Phil\AppData\Roaming\AcroIEHelpe.txt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-22 bis 2013-02-22 ))))))))))))))))))))))))))))))
.
.
2013-02-22 20:17 . 2013-02-22 20:17 -------- d-----w- C:\TDSSKiller_Quarantine
2013-02-22 14:19 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{903F4B5B-705E-4B87-B874-E3299C5209ED}\mpengine.dll
2013-02-22 14:10 . 2013-02-22 14:10 -------- d-----w- C:\FRST
2013-02-21 23:13 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-21 23:13 . 2013-01-08 22:42 149528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-02-21 23:13 . 2013-01-08 22:00 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-02-21 23:13 . 2013-01-08 21:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-02-21 23:13 . 2013-01-08 22:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 23:13 . 2013-01-08 22:00 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-02-21 23:13 . 2013-01-08 21:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-21 23:12 . 2013-01-08 22:42 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-02-21 23:12 . 2013-01-08 22:11 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 23:12 . 2013-01-08 22:05 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-02-21 23:12 . 2013-01-08 22:04 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-02-21 23:12 . 2013-01-08 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-21 23:12 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-21 22:13 . 2013-02-21 22:14 -------- d-----w- c:\users\PhilundPepi\AppData\Roaming\vlc
2013-02-21 22:06 . 2013-02-21 22:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-21 17:52 . 2013-02-21 17:52 -------- d-----w- c:\program files\iPod
2013-02-21 17:52 . 2013-02-21 17:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-21 17:52 . 2013-02-21 17:53 -------- d-----w- c:\program files\iTunes
2013-02-21 17:38 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-21 17:38 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-21 17:38 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-21 17:38 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-21 17:38 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 05:48 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-06 05:27 . 2013-02-21 22:01 -------- d-----w- c:\users\PhilundPepi\AppData\Local\Mozilla Firefox
2013-01-27 10:13 . 2013-01-27 10:13 -------- d-----w- c:\program files\Common Files\Skype
2013-01-26 17:58 . 2013-01-26 17:58 -------- d-----w- c:\program files\Common Files\Java
2013-01-24 21:42 . 2009-11-18 17:42 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2013-01-24 21:41 . 2012-06-14 12:43 5096448 ----a-w- c:\windows\system32\RCoRes.dat
2013-01-24 21:29 . 2013-01-24 21:29 -------- d-----w- c:\program files\AMD APP
2013-01-24 21:27 . 2013-01-24 21:27 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-21 22:06 . 2011-01-04 06:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-21 22:03 . 2012-03-31 08:14 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-21 22:03 . 2011-07-08 18:20 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-06 18:13 . 2012-08-14 06:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-17 00:28 . 2009-12-19 23:02 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-19 14:45 . 2012-12-19 14:45 180224 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\system32\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-16 14:13 . 2012-12-21 19:26 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 19:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 12:50 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-13 12:50 . 2012-12-13 12:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-12-11 12:36 . 2012-11-11 11:36 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 12:36 . 2012-11-11 11:36 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-07 12:26 . 2013-01-09 04:45 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 04:45 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 04:45 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 04:45 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 04:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 04:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 04:45 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 04:45 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 04:45 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 04:45 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 04:45 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 04:45 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 04:45 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 04:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 04:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 04:45 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 04:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 04:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-04-29 253952]
"Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-06 385248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk]
path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2011-11-14 23:39 3303000 ----a-w- c:\users\Phil\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2010-03-08 12:16 319574 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware]
2012-09-19 03:33 3363240 ----a-w- c:\program files\Emsisoft Anti-Malware\a2guard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9]
2013-01-26 02:35 1248208 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)]
2012-09-07 15:04 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-08-14 10:02 21975120 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinterProDesktop]
2012-02-02 16:22 2132992 ----a-w- c:\program files\Printer Pro Desktop\PrinterProDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-14 06:54 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 09:42 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:03]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:51]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Free YouTube Download - c:\users\Phil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
TCP: DhcpNameServer = 192.168.178.1
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-eType - c:\users\Phil\AppData\Roaming\eType\eType.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
MSConfigStartUp-Userinit - c:\users\Phil\AppData\Roaming\appconf32.exe
MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
MSConfigStartUp-{71C53565-4DB3-C671-5C01-C994463D4DC6} - c:\users\Phil\AppData\Roaming\Xeodby\asdae.exe
AddRemove-eType - c:\users\Phil\AppData\Roaming\eType\eTypeUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-22 22:32:00
ComboFix-quarantined-files.txt 2013-02-22 21:32
.
Vor Suchlauf: 13 Verzeichnis(se), 223.987.011.584 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 223.496.523.776 Bytes frei
.
- - End Of File - - 5AD44E103BC95BF5F3652767CCE79912
|
|
23.02.2013, 09:57
| #15 |
| /// TB-Ausbilder | Trojaner Problem Sehr schön, das müßte es gewesen sein! Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 3: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Trojaner Problem |
| allgemein, antivir, bessere, dvd, fehlermeldung, festplatte, funktioniert, geräusche, gestartet, heute, internet, natürlich, neustart, nutzen, platte, plötzlich, problem, rechner, stark, system, systemwiederherstellung, trojaner, trojaner problem, wahrscheinlich, windows 7 |
Linear-Darstellung
