| |
| |||||||
Log-Analyse und Auswertung: Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.03.2013, 15:15
| #1 |
| |  Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte gutentag, es mag spekulation sein dennoch bin ich mir relativ sicher das hier etwas nich mit rechten dingen zugeht! avira hat nichts gefunden.. laptop startet, reagiert & fährt immer langsamer herunter der pc verhält sich ähnlich. ich fürchte um meine anonymität und hab angst das ich überwacht werde! habe den pc jetzt neu aufgesetzt das wlan am router abgeklemmt und am laptop deaktiviert. um mir sicher zu sein das mein frisch aufgesetzter pc sicher ist bitte ich um eine überprüfung der angehängten logs. dankend, diaz OTL: OTL logfile created on: 17.03.2013 14:13:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free 12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe PRC - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe PRC - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe PRC - [2011.08.21 17:47:28 | 000,596,992 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe PRC - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe PRC - [2009.07.07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013.02.13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.06.11 21:14:26 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\C2DtoG15\LgLcdLibWrapper.dll MOD - [2009.07.30 14:54:04 | 000,170,496 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2013.03.15 18:02:47 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2006.11.02 12:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc) SRV - [2013.03.16 00:14:05 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013.03.16 00:12:25 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013.03.16 00:10:36 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2013.03.15 18:00:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2013.03.07 15:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.28 14:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.06.16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2011.01.26 20:51:34 | 000,059,392 | ---- | M] (Andreas Sammann) [Auto | Running] -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe -- (SystoG15Svc) SRV - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.15 23:24:47 | 000,093,784 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID) DRV:64bit: - [2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.03.15 18:02:50 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MCfilt64.sys -- (MCfilt) DRV:64bit: - [2013.03.15 18:02:47 | 000,478,208 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2013.03.15 17:56:22 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor) DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.07.06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SRTSPX64.SYS -- (SRTSPX) DRV:64bit: - [2012.07.06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SRTSP64.SYS -- (SRTSP) DRV:64bit: - [2012.06.07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.05.22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMEFA64.SYS -- (SymEFA) DRV:64bit: - [2012.04.18 03:13:32 | 000,445,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1309010.00E\SYMTDIV.SYS -- (SYMTDIv) DRV:64bit: - [2012.04.18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Ironx64.SYS -- (SymIRON) DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.16 21:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\SYMDS64.SYS -- (SymDS) DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2008.09.19 09:04:00 | 000,395,776 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2008.07.16 10:11:00 | 000,092,672 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64l.sys -- (SkLaggProtocol) DRV:64bit: - [2008.07.10 10:11:00 | 000,024,576 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64v.sys -- (SkVlanProtocol) DRV - [2013.03.15 14:47:37 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\ex64.sys -- (NAVEX15) DRV - [2013.03.15 14:47:37 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013.03.15 14:47:37 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013.03.15 14:47:37 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130316.006\eng64.sys -- (NAVENG) DRV - [2013.03.13 15:58:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130313.003\IDSviA64.sys -- (IDSVia64) DRV - [2013.03.01 02:09:56 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.11.16 16:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2008.07.26 22:30:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys -- (WinRing0_1_2_0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 25 C3 B8 E7 21 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013.03.15 17:53:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013.03.17 13:31:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.16 18:10:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 14:47:41 | 000,000,000 | ---D | M] [2013.03.15 14:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Extensions [2013.03.15 17:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\Firefox\Profiles\k8pqwaiq.default\extensions [2013.03.15 17:23:09 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2013.03.15 17:22:09 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.15 14:47:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.16 18:10:24 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - Startup: C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E0E366-63D4-44E8-ABB1-952021989F07}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\gopher - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.03.17 14:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe [2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software [2013.03.17 04:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software [2013.03.16 18:10:19 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\DivX [2013.03.16 18:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013.03.16 18:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2013.03.16 18:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2013.03.16 18:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2013.03.16 18:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2013.03.16 17:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamSpy [2013.03.16 17:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamSpy [2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DivX [2013.03.16 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Playa [2013.03.16 16:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivXCodec [2013.03.16 16:18:45 | 001,200,640 | ---- | C] (Fath Software ( www.fathsoft.com )) -- C:\Windows\SysWow64\csCapx.ocx [2013.03.16 16:16:57 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\vlc [2013.03.16 16:11:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam [2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam [2013.03.16 16:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam [2013.03.16 05:22:02 | 000,000,000 | ---D | C] -- C:\Users\diaz\Desktop\Perry Rhodan - Silber Edition 02 [2013.03.16 03:46:15 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\WinRAR [2013.03.16 03:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\C2DtoG15 [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C2DtoG15 [2013.03.16 02:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C2DtoG15 [2013.03.16 01:46:35 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Logitech [2013.03.16 01:46:34 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\NVIDIA [2013.03.16 01:46:30 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Leadertech [2013.03.16 01:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.16 01:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.16 01:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logitech [2013.03.16 01:39:52 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Logishrd [2013.03.16 00:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2013.03.16 00:14:15 | 002,873,823 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll [2013.03.16 00:14:15 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.16 00:14:15 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.16 00:14:14 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll [2013.03.16 00:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center [2013.03.16 00:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2013.03.16 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2013.03.16 00:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2013.03.16 00:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2013.03.16 00:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell [2013.03.15 23:59:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Marvell [2013.03.15 23:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 4.0 [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Windows\Profiles [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.15 23:51:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.15 23:35:57 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2013.03.15 23:35:57 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2013.03.15 23:35:57 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2013.03.15 23:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2013.03.15 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\TuneUp Software [2013.03.15 23:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.03.15 23:33:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.03.15 23:33:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.03.15 23:27:34 | 000,000,000 | ---D | C] -- C:\RaidTool [2013.03.15 23:25:59 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2013.03.15 23:00:50 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.15 23:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.03.15 22:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.15 22:44:49 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.03.15 22:44:49 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.03.15 22:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.03.15 22:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.15 22:02:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.03.15 21:29:47 | 001,129,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys [2013.03.15 21:29:47 | 000,737,952 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys [2013.03.15 21:29:47 | 000,451,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys [2013.03.15 21:29:47 | 000,445,560 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symtdiv.sys [2013.03.15 21:29:47 | 000,405,624 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys [2013.03.15 21:29:47 | 000,190,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys [2013.03.15 21:29:47 | 000,167,072 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys [2013.03.15 21:29:47 | 000,037,536 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys [2013.03.15 21:29:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E [2013.03.15 20:42:01 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\LolClient [2013.03.15 18:56:41 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\PMB Files [2013.03.15 18:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.15 18:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2013.03.15 18:36:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2013.03.15 18:36:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2013.03.15 18:20:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.03.15 18:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Analog Devices [2013.03.15 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\InstallShield [2013.03.15 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2013.03.15 17:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2013.03.15 17:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.15 17:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.15 17:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.15 17:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.15 17:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.15 17:34:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.15 16:56:36 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\ElevatedDiagnostics [2013.03.15 16:55:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2013.03.15 16:55:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2013.03.15 16:55:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell 1.0 [2013.03.15 16:37:46 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\CrashDumps [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Macromedia [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Macromedia [2013.03.15 16:23:31 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Adobe [2013.03.15 16:23:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.15 16:23:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.15 15:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Mozilla [2013.03.15 14:48:06 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Mozilla [2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.15 14:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.15 14:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.15 14:32:53 | 000,175,736 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.03.15 14:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.03.15 14:32:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.03.15 14:32:16 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.03.15 14:32:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.03.15 14:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.15 14:30:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite [2013.03.15 14:30:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.15 14:29:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.03.15 14:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.15 14:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adjustment Pattern software [2013.03.15 14:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adjustment Pattern software [2013.03.15 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.03.15 14:22:02 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\Searches [2013.03.15 14:14:52 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.15 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Identities [2013.03.15 14:14:42 | 000,000,000 | R--D | C] -- C:\Users\diaz\Contacts [2013.03.15 14:14:42 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\VirtualStore [2013.03.15 14:14:39 | 000,000,000 | --SD | C] -- C:\Users\diaz\AppData\Roaming\Microsoft [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Videos [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Saved Games [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Pictures [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Music [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Links [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Favorites [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop\Downloads [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Documents [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\Desktop [2013.03.15 14:14:39 | 000,000,000 | R--D | C] -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Vorlagen [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Verlauf [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Temporary Internet Files [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Startmenü [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\SendTo [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Recent [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Netzwerkumgebung [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Lokale Einstellungen [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Videos [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Musik [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Eigene Dateien [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Documents\Eigene Bilder [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Druckumgebung [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Cookies [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\AppData\Local\Anwendungsdaten [2013.03.15 14:14:39 | 000,000,000 | -HSD | C] -- C:\Users\diaz\Anwendungsdaten [2013.03.15 14:14:39 | 000,000,000 | -H-D | C] -- C:\Users\diaz\AppData [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Temp [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Local\Microsoft [2013.03.15 14:14:39 | 000,000,000 | ---D | C] -- C:\Users\diaz\AppData\Roaming\Media Center Programs [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.15 14:13:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.15 14:10:30 | 000,000,000 | ---D | C] -- C:\Windows\Debug [2013.03.15 14:01:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.15 13:59:27 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2013.03.15 13:57:49 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.15 13:57:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.15 13:56:56 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.03.15 13:56:42 | 000,000,000 | -HSD | C] -- C:\Boot ========== Files - Modified Within 30 Days ========== [2013.03.17 14:12:22 | 000,000,000 | ---- | M] () -- C:\Users\diaz\defogger_reenable [2013.03.17 14:11:06 | 000,377,856 | ---- | M] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe [2013.03.17 14:09:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\diaz\Desktop\OTL.exe [2013.03.17 14:09:35 | 000,050,477 | ---- | M] () -- C:\Users\diaz\Desktop\Defogger.exe [2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 14:01:20 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.17 13:36:59 | 001,418,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.17 13:36:59 | 000,618,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.17 13:36:59 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.17 13:36:59 | 000,122,636 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.17 13:36:59 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.17 13:31:34 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.03.17 13:31:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.16 16:24:25 | 000,228,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.16 16:24:08 | 002,416,886 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB [2013.03.16 02:10:03 | 000,249,856 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.exe [2013.03.16 02:10:03 | 000,000,922 | ---- | M] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp [2013.03.16 02:03:07 | 000,000,882 | ---- | M] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.03.16 00:14:18 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2013.03.16 00:14:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2013.03.16 00:14:15 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2013.03.16 00:11:12 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2013.03.15 22:44:35 | 000,001,460 | ---- | M] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat [2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat [2013.03.15 19:51:15 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat [2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat [2013.03.15 19:51:15 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat [2013.03.15 19:51:04 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.15 19:51:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.15 18:35:50 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.03.15 18:35:50 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.15 18:35:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.15 17:56:22 | 000,015,680 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys [2013.03.15 17:43:18 | 000,024,576 | ---- | M] () -- C:\Windows\SysWow64\AsIO.dll [2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2013.03.15 17:43:18 | 000,013,368 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.03.15 16:54:44 | 002,686,976 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2013.03.15 16:54:44 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2013.03.15 16:54:44 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2013.03.15 14:04:06 | 000,060,826 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.03.15 13:56:43 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK ========== Files Created - No Company Name ========== [2013.03.17 14:12:22 | 000,000,000 | ---- | C] () -- C:\Users\diaz\defogger_reenable [2013.03.17 14:10:13 | 000,377,856 | ---- | C] () -- C:\Users\diaz\Desktop\gmer_2.1.19155.exe [2013.03.17 14:09:34 | 000,050,477 | ---- | C] () -- C:\Users\diaz\Desktop\Defogger.exe [2013.03.16 16:18:45 | 000,999,424 | ---- | C] () -- C:\Windows\SysWow64\fathmail.dll [2013.03.16 02:03:07 | 000,000,882 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.03.16 00:14:24 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini [2013.03.16 00:14:24 | 000,002,773 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2013.03.16 00:14:24 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2013.03.16 00:14:24 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2013.03.16 00:14:18 | 000,219,136 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2013.03.16 00:14:18 | 000,170,496 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.03.16 00:14:18 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2013.03.16 00:14:18 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.03.16 00:14:18 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2013.03.16 00:09:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013.03.16 00:09:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2013.03.15 23:35:41 | 000,000,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2013.03.15 22:38:12 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.15 22:04:30 | 002,416,886 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\Cat.DB [2013.03.15 21:29:47 | 000,007,877 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv64.cat [2013.03.15 21:29:47 | 000,007,496 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.cat [2013.03.15 21:29:47 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet64.cat [2013.03.15 21:29:47 | 000,007,450 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.cat [2013.03.15 21:29:47 | 000,007,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.cat [2013.03.15 21:29:47 | 000,007,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.cat [2013.03.15 21:29:47 | 000,007,406 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.cat [2013.03.15 21:29:47 | 000,007,402 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.cat [2013.03.15 21:29:47 | 000,003,435 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa.inf [2013.03.15 21:29:47 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds.inf [2013.03.15 21:29:47 | 000,001,469 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnetv.inf [2013.03.15 21:29:47 | 000,001,441 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnet.inf [2013.03.15 21:29:47 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.inf [2013.03.15 21:29:47 | 000,001,419 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.inf [2013.03.15 21:29:47 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.inf [2013.03.15 21:29:47 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\iron.inf [2013.03.15 21:29:43 | 000,008,942 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symvtcer.dat [2013.03.15 21:29:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\isolate.ini [2013.03.15 19:51:04 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.15 19:51:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.15 18:19:27 | 000,121,856 | ---- | C] () -- C:\Windows\SysNative\EhStorAuthn.dll [2013.03.15 18:19:27 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2013.03.15 18:19:22 | 000,262,552 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.03.15 18:19:15 | 000,471,992 | ---- | C] () -- C:\Windows\SysNative\dot3.tmf [2013.03.15 18:19:14 | 000,700,507 | ---- | C] () -- C:\Windows\SysNative\eaphost.tmf [2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2013.03.15 18:19:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchema.bin [2013.03.15 18:19:10 | 000,395,723 | ---- | C] () -- C:\Windows\SysNative\onex.tmf [2013.03.15 18:19:03 | 000,207,968 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF [2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2013.03.15 18:19:00 | 000,092,918 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs [2013.03.15 18:18:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysWow64\spcinstrumentation.man [2013.03.15 18:18:47 | 000,009,239 | ---- | C] () -- C:\Windows\SysNative\spcinstrumentation.man [2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysWow64\RacUR.xml [2013.03.15 18:18:40 | 000,009,212 | ---- | C] () -- C:\Windows\SysNative\RacUR.xml [2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysWow64\RacUREx.xml [2013.03.15 18:18:38 | 000,000,153 | ---- | C] () -- C:\Windows\SysNative\RacUREx.xml [2013.03.15 17:44:14 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2013.03.15 17:44:07 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2013.03.15 17:44:07 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.03.15 17:43:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2013.03.15 17:10:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysNative\StructuredQuerySchemaTrivial.bin [2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysWow64\korwbrkr.lex [2013.03.15 17:10:03 | 011,967,524 | ---- | C] () -- C:\Windows\SysNative\korwbrkr.lex [2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2013.03.15 17:07:38 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2013.03.15 17:07:38 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2013.03.15 17:07:38 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2013.03.15 16:54:42 | 002,686,976 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2013.03.15 16:54:42 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2013.03.15 16:54:42 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2013.03.15 15:01:35 | 002,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf [2013.03.15 14:47:42 | 000,000,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.15 14:32:53 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.03.15 14:32:53 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.03.15 14:14:55 | 000,000,949 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.03.15 14:14:53 | 000,000,979 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.15 14:14:52 | 000,000,974 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.03.15 14:14:42 | 000,000,915 | ---- | C] () -- C:\Users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2013.03.15 14:14:40 | 000,001,460 | ---- | C] () -- C:\Users\diaz\AppData\Local\d3d9caps64.dat [2013.03.15 14:03:23 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [2013.03.15 13:56:43 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK [2013.03.15 13:56:42 | 000,333,257 | RHS- | C] () -- C:\bootmgr [2009.05.20 01:08:44 | 000,249,856 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.exe [2009.05.12 13:21:30 | 000,000,922 | ---- | C] () -- C:\Users\diaz\AppData\Local\SystoG15.bmp ========== ZeroAccess Check ========== [2006.11.02 16:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.16 01:46:30 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\Leadertech [2013.03.15 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\LolClient [2013.03.15 23:35:31 | 000,000,000 | ---D | M] -- C:\Users\diaz\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 17.03.2013 14:13:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\diaz\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,99 Gb Total Physical Memory | 4,37 Gb Available Physical Memory | 72,95% Memory free 12,09 Gb Paging File | 10,51 Gb Available in Paging File | 86,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147,33 Gb Total Space | 104,52 Gb Free Space | 70,94% Space Free | Partition Type: NTFS Drive D: | 245,12 Gb Total Space | 241,14 Gb Free Space | 98,38% Space Free | Partition Type: NTFS Drive F: | 539,06 Gb Total Space | 538,89 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: DIAZ-PC | User Name: diaz | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 37 7B DB 41 A5 21 CE 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0987D816-F1FA-40E5-A878-E076692987F2}" = lport=57295 | protocol=6 | dir=in | name=pando media booster | "{0B572DD7-4FAE-4B86-949E-C5591C76F821}" = lport=57295 | protocol=6 | dir=in | name=pando media booster | "{0CB60C75-5F55-4474-B2F4-D12BE4EACD38}" = rport=138 | protocol=17 | dir=out | app=system | "{0F2B3D97-CCC6-4147-99CF-1819C839347B}" = lport=138 | protocol=17 | dir=in | app=system | "{20945B7B-A2E6-4C47-9629-441193CC563F}" = lport=57295 | protocol=17 | dir=in | name=pando media booster | "{2D11DF45-CD6F-4A66-B4CF-5714D12546F9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{33588CC5-4B60-48D1-A8AE-960B0478495B}" = rport=2869 | protocol=6 | dir=out | app=system | "{4783F460-6428-4938-AF27-9CBAE0BE3BE6}" = lport=139 | protocol=6 | dir=in | app=system | "{50457261-10B7-4D92-AF99-FAD0758EBB81}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{50E7328B-4873-4873-B1DA-C2F4AC4ADAF8}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5C255983-0BC8-41A2-B413-C665D77EDE3F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5C38391C-96E3-4306-9FC9-BA3D1DBC7BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5D01F0A9-33A9-4B25-B664-D746E6FDD6DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FEEDB73-1BEC-4480-8AF2-C19C41D7853C}" = lport=2869 | protocol=6 | dir=in | app=system | "{6F1595C8-DC81-4E77-88B2-265D79AF1E87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{71825774-A525-4687-A5CC-5F64B363F314}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{75A94D37-8299-4436-B685-D93FD58DC329}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{78BE65F4-8444-4C7E-8E2F-26E28A14AA48}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{9024F2C6-A6C5-4139-B52A-88877B77FAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9396CC3E-FB14-4255-8C5F-491ECB790797}" = rport=139 | protocol=6 | dir=out | app=system | "{97AFE8E0-46B0-4B47-AC8D-D080EB60A070}" = rport=137 | protocol=17 | dir=out | app=system | "{9EA1BD84-E86A-4096-B87E-A375F42318B6}" = lport=445 | protocol=6 | dir=in | app=system | "{B0E4D813-5C1C-439C-A4A0-937B378AFE44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B7F11CBC-C568-4F46-B97B-8A5B9FFF876A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{B96D8156-D411-4EAC-A4AA-4C71510FB8EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF6CAB99-935A-4985-87B0-3EC14B14F1EF}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{DFC026F5-F886-4699-A6D2-91E5631E603B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E5073BDC-78EF-49D6-A4FD-AB090C82B24A}" = lport=57295 | protocol=17 | dir=in | name=pando media booster | "{FB2B6968-6E2D-4267-9163-045C06AF90DA}" = lport=137 | protocol=17 | dir=in | app=system | "{FC79926B-24B0-4BF0-A45E-C6B18A8CE2DA}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{13C39439-66DA-4DE7-ACF8-D2DA26645A17}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{16B4D10D-598A-4D9D-9DC7-8AF002394F9E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1CD994E6-C4AA-43B8-85C5-B8500E4B3E5E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3B3C6A21-62F1-4EDE-8F67-A8EDDAFB6A82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{3B83B249-8C4C-4191-B3AA-D5DBA3DA9B49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{46A6BA27-5CFD-4E1E-810B-ABC3F684AB7F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{6245CFA6-16DA-40BA-82AB-001D2B179261}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{6A18A6A3-27DE-47A1-965F-C6E4B43A82CC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7DFCB4E9-CF5B-49E1-A76C-9A689F5B0285}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{8221BF91-4616-436E-B570-31750CB189E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{82296784-2B7F-4636-BBF9-E8A52CA80176}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{94EB5FB1-8995-4D7F-9F3A-59A2D4152763}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{9B19B7B0-98B3-4372-BFF3-ACE747DF35AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{BB718295-B2CD-442C-9FB2-534709679D76}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CC5BBB16-C340-4E40-A4AF-21BC304D92C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CCB6D13F-47D1-4A63-9FEB-57A76D3E1396}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{CE3C28B7-4E07-43C4-AB96-8E8F95C203B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CE6E0C82-F68D-4740-928E-A6E92B891AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{D62C958C-1E5E-4D8A-A873-34C1B3E05992}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EDB510E5-0F7C-433B-BAEC-341D1274D941}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{FED8ED2E-7437-46CA-988B-B9BC68FC4361}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.2.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer "{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate "{7A351AAA-E651-41B1-89B6-972A676FF78B}" = Marvell Network Configuration Utility "{818690C7-8DA5-4623-BBA8-A73CFBD44077}" = Sound Blaster X-Fi MB "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{922A36F5-6663-45C0-A515-B63C4E585195}" = TweakIt "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{C312984C-E386-4C2D-B33E-7B54355FB16E}" = AI Direct Link "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II "{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin "Adjustment Pattern software utility" = Adjustment Pattern software utility "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CamSpy_is1" = CamSpy V.5.0.5 "DivX Setup" = DivX-Setup "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 8 "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "ThePlaya" = The Playa "TuneUp Utilities 2013" = TuneUp Utilities 2013 "VLC media player" = VLC media player 2.0.5 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 15.03.2013 19:29:45 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 15.03.2013 19:42:02 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 15.03.2013 23:51:05 | Computer Name = diaz-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung LolClient.exe, Version 2.0.2.12610, Zeitstempel 0x4c00573a, fehlerhaftes Modul Adobe AIR.dll, Version 3.6.0.5920, Zeitstempel 0x510610d1, Ausnahmecode 0xc0000005, Fehleroffset 0x001cf816, Prozess-ID 0x1224, Anwendungsstartzeit 01ce21d88a9c9813. Error - 16.03.2013 08:45:18 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 11:09:30 | Computer Name = diaz-PC | Source = System Restore | ID = 8193 Description = Error - 16.03.2013 11:25:19 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 12:18:48 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 16.03.2013 13:09:36 | Computer Name = diaz-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.03.2013 18:12:24 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = Error - 17.03.2013 08:31:53 | Computer Name = diaz-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:06:53 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:13:01 | Computer Name = diaz-PC | Source = HTTP | ID = 15016 Description = Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{65E0E366-63D4-44E8-ABB1-952021989F07} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:16:38 | Computer Name = diaz-PC | Source = netbt | ID = 4321 Description = Der Name "DIAZ-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23 registriert werden. Der Computer mit IP-Adresse 169.254.118.141 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 15.03.2013 12:53:20 | Computer Name = diaz-PC | Source = HTTP | ID = 15016 Description = < End of report > Gmer: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-17 14:43:36 Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 ST31000524AS rev.JC4B 931,51GB Running: gmer_2.1.19155.exe; Driver: C:\Users\diaz\AppData\Local\Temp\kxldapow.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification ---- EOF - GMER 2.1 ---- |
|
18.03.2013, 12:27
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
18.03.2013, 13:59
| #3 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte hallo und vielen dank!
__________________habe mir damals die ultimate version gekauft da ich dachte das sie evtl features enthält die ich für meinen heim-pc noch brauchen kann. mit weiteren logs kann ich leider nicht aufwarten. edit: habe mit norton internet security einen vollständigen systemscan gemacht jedoch ohne befund. dieser wurde bereits vor 2 tagen vor thread erstellung durchgeführt. |
|
18.03.2013, 13:59
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.03.2013, 18:22
| #5 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte hallo, hier die erforderlichen logs der scanner. dankend diaz log mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.19.04
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
diaz :: DIAZ-PC [administrator]
19.03.2013 18:16:16
mbar-log-2013-03-19 (18-16-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27745
Time elapsed: 4 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-19 18:30:35
-----------------------------
18:30:35.958 OS Version: Windows x64 6.0.6002 Service Pack 2
18:30:35.958 Number of processors: 8 586 0x1A04
18:30:35.958 ComputerName: DIAZ-PC UserName: diaz
18:30:37.640 Initialize success
18:36:11.766 AVAST engine defs: 13031900
18:37:45.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
18:37:45.656 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 3
18:37:45.718 Disk 0 MBR read successfully
18:37:45.718 Disk 0 MBR scan
18:37:45.734 Disk 0 Windows VISTA default MBR code
18:37:45.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150868 MB offset 2048
18:37:45.749 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 250999 MB offset 308979712
18:37:45.765 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 551999 MB offset 823025664
18:37:45.796 Disk 0 scanning C:\Windows\system32\drivers
18:37:51.708 Service scanning
18:38:03.081 Modules scanning
18:38:03.081 Disk 0 trace - called modules:
18:38:03.096 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:38:03.596 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80079c5060]
18:38:03.596 3 CLASSPNP.SYS[fffffa6000fcac33] -> nt!IofCallDriver -> [0xfffffa80065a8520]
18:38:03.596 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0xfffffa80065a44b0]
18:38:09.602 AVAST engine scan C:\Windows
18:38:16.310 AVAST engine scan C:\Windows\system32
18:40:08.427 AVAST engine scan C:\Windows\system32\drivers
18:40:15.509 AVAST engine scan C:\Users\diaz
18:43:33.239 AVAST engine scan C:\ProgramData
18:43:52.895 Scan finished successfully
18:44:14.876 Disk 0 MBR has been saved successfully to "C:\Users\diaz\Documents\MBR.dat"
18:44:14.876 The log file has been saved successfully to "C:\Users\diaz\Documents\aswMBR.txt"
log TDSSKiller: Code:
ATTFilter 18:49:09.0589 2828 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:49:10.0322 2828 ============================================================
18:49:10.0322 2828 Current date / time: 2013/03/19 18:49:10.0322
18:49:10.0322 2828 SystemInfo:
18:49:10.0322 2828
18:49:10.0322 2828 OS Version: 6.0.6002 ServicePack: 2.0
18:49:10.0322 2828 Product type: Workstation
18:49:10.0322 2828 ComputerName: DIAZ-PC
18:49:10.0322 2828 UserName: diaz
18:49:10.0322 2828 Windows directory: C:\Windows
18:49:10.0322 2828 System windows directory: C:\Windows
18:49:10.0322 2828 Running under WOW64
18:49:10.0322 2828 Processor architecture: Intel x64
18:49:10.0322 2828 Number of processors: 8
18:49:10.0322 2828 Page size: 0x1000
18:49:10.0322 2828 Boot type: Normal boot
18:49:10.0322 2828 ============================================================
18:49:11.0320 2828 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:49:11.0320 2828 ============================================================
18:49:11.0320 2828 \Device\Harddisk0\DR0:
18:49:11.0320 2828 MBR partitions:
18:49:11.0320 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x126AA000
18:49:11.0320 2828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x126AA800, BlocksNum 0x1EA3B800
18:49:11.0320 2828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x310E6000, BlocksNum 0x4361F800
18:49:11.0320 2828 ============================================================
18:49:11.0336 2828 C: <-> \Device\Harddisk0\DR0\Partition1
18:49:11.0367 2828 D: <-> \Device\Harddisk0\DR0\Partition2
18:49:11.0398 2828 F: <-> \Device\Harddisk0\DR0\Partition3
18:49:11.0398 2828 ============================================================
18:49:11.0398 2828 Initialize success
18:49:11.0398 2828 ============================================================
18:50:18.0809 4392 ============================================================
18:50:18.0809 4392 Scan started
18:50:18.0809 4392 Mode: Manual; SigCheck; TDLFS;
18:50:18.0809 4392 ============================================================
18:50:19.0370 4392 ================ Scan system memory ========================
18:50:19.0370 4392 System memory - ok
18:50:19.0370 4392 ================ Scan services =============================
18:50:19.0448 4392 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:50:19.0495 4392 ACPI - ok
18:50:19.0526 4392 [ 71C577ED817C6D8E13F890CD9A2D3EE6 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
18:50:19.0542 4392 ADIHdAudAddService - ok
18:50:19.0573 4392 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:50:19.0589 4392 adp94xx - ok
18:50:19.0589 4392 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:50:19.0604 4392 adpahci - ok
18:50:19.0604 4392 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:50:19.0620 4392 adpu160m - ok
18:50:19.0620 4392 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:50:19.0620 4392 adpu320 - ok
18:50:19.0636 4392 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
18:50:19.0651 4392 AEADIFilters - ok
18:50:19.0667 4392 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:50:19.0745 4392 AeLookupSvc - ok
18:50:19.0760 4392 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
18:50:19.0776 4392 AFD - ok
18:50:19.0776 4392 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:50:19.0776 4392 agp440 - ok
18:50:19.0792 4392 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:50:19.0807 4392 aic78xx - ok
18:50:19.0823 4392 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
18:50:19.0932 4392 ALG - ok
18:50:19.0948 4392 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
18:50:19.0948 4392 aliide - ok
18:50:19.0948 4392 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
18:50:19.0963 4392 amdide - ok
18:50:19.0979 4392 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:50:19.0994 4392 AmdK8 - ok
18:50:20.0010 4392 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
18:50:20.0026 4392 Appinfo - ok
18:50:20.0041 4392 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:50:20.0057 4392 AppMgmt - ok
18:50:20.0057 4392 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
18:50:20.0072 4392 arc - ok
18:50:20.0072 4392 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:50:20.0072 4392 arcsas - ok
18:50:20.0150 4392 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
18:50:20.0166 4392 AsIO - ok
18:50:20.0197 4392 [ E781164C7D47950E3D218C84B2901CB2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
18:50:20.0197 4392 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
18:50:20.0197 4392 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
18:50:20.0197 4392 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
18:50:20.0213 4392 AsUpIO - ok
18:50:20.0213 4392 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:20.0228 4392 AsyncMac - ok
18:50:20.0260 4392 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
18:50:20.0275 4392 atapi - ok
18:50:20.0291 4392 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:50:20.0306 4392 AudioEndpointBuilder - ok
18:50:20.0306 4392 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:50:20.0322 4392 AudioSrv - ok
18:50:20.0369 4392 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
18:50:20.0384 4392 BFE - ok
18:50:20.0462 4392 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
18:50:20.0494 4392 BHDrvx64 - ok
18:50:20.0540 4392 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
18:50:20.0556 4392 BITS - ok
18:50:20.0556 4392 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:50:20.0572 4392 blbdrive - ok
18:50:20.0587 4392 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:50:20.0618 4392 bowser - ok
18:50:20.0618 4392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:50:20.0634 4392 BrFiltLo - ok
18:50:20.0634 4392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:50:20.0650 4392 BrFiltUp - ok
18:50:20.0665 4392 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
18:50:20.0681 4392 Browser - ok
18:50:20.0696 4392 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
18:50:20.0774 4392 Brserid - ok
18:50:20.0790 4392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:50:20.0806 4392 BrSerWdm - ok
18:50:20.0806 4392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:50:20.0837 4392 BrUsbMdm - ok
18:50:20.0837 4392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:50:20.0868 4392 BrUsbSer - ok
18:50:20.0868 4392 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:50:20.0899 4392 BTHMODEM - ok
18:50:20.0946 4392 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
18:50:20.0962 4392 ccSet_NIS - ok
18:50:20.0962 4392 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:50:20.0977 4392 cdfs - ok
18:50:20.0993 4392 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:50:21.0008 4392 cdrom - ok
18:50:21.0040 4392 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
18:50:21.0040 4392 CertPropSvc - ok
18:50:21.0055 4392 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
18:50:21.0071 4392 circlass - ok
18:50:21.0086 4392 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
18:50:21.0102 4392 CLFS - ok
18:50:21.0149 4392 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:21.0164 4392 clr_optimization_v2.0.50727_32 - ok
18:50:21.0180 4392 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:50:21.0196 4392 clr_optimization_v2.0.50727_64 - ok
18:50:21.0196 4392 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:50:21.0196 4392 cmdide - ok
18:50:21.0196 4392 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:50:21.0211 4392 Compbatt - ok
18:50:21.0211 4392 COMSysApp - ok
18:50:21.0211 4392 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:50:21.0211 4392 crcdisk - ok
18:50:21.0274 4392 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:50:21.0274 4392 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:50:21.0274 4392 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:50:21.0289 4392 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:50:21.0289 4392 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:50:21.0289 4392 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:50:21.0305 4392 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:50:21.0320 4392 CryptSvc - ok
18:50:21.0352 4392 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
18:50:21.0367 4392 CSC - ok
18:50:21.0383 4392 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
18:50:21.0398 4392 CscService - ok
18:50:21.0430 4392 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:50:21.0445 4392 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
18:50:21.0445 4392 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
18:50:21.0476 4392 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:50:21.0492 4392 DcomLaunch - ok
18:50:21.0523 4392 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:50:21.0523 4392 DfsC - ok
18:50:21.0617 4392 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
18:50:21.0726 4392 DFSR - ok
18:50:21.0773 4392 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:50:21.0788 4392 Dhcp - ok
18:50:21.0804 4392 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
18:50:21.0820 4392 disk - ok
18:50:21.0835 4392 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:50:21.0866 4392 Dnscache - ok
18:50:21.0882 4392 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
18:50:21.0898 4392 dot3svc - ok
18:50:21.0929 4392 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
18:50:21.0944 4392 DPS - ok
18:50:21.0944 4392 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:50:21.0960 4392 drmkaud - ok
18:50:21.0991 4392 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:50:22.0007 4392 DXGKrnl - ok
18:50:22.0054 4392 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
18:50:22.0069 4392 E1G60 - ok
18:50:22.0085 4392 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
18:50:22.0100 4392 EapHost - ok
18:50:22.0100 4392 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
18:50:22.0100 4392 Ecache - ok
18:50:22.0132 4392 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:50:22.0132 4392 eeCtrl - ok
18:50:22.0178 4392 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:50:22.0194 4392 ehRecvr - ok
18:50:22.0210 4392 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
18:50:22.0210 4392 ehSched - ok
18:50:22.0225 4392 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
18:50:22.0241 4392 ehstart - ok
18:50:22.0256 4392 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:50:22.0256 4392 elxstor - ok
18:50:22.0288 4392 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:50:22.0303 4392 EMDMgmt - ok
18:50:22.0334 4392 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:50:22.0334 4392 EraserUtilRebootDrv - ok
18:50:22.0350 4392 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:50:22.0366 4392 ErrDev - ok
18:50:22.0412 4392 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
18:50:22.0428 4392 EventSystem - ok
18:50:22.0459 4392 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
18:50:22.0475 4392 exfat - ok
18:50:22.0490 4392 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:50:22.0506 4392 fastfat - ok
18:50:22.0522 4392 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
18:50:22.0553 4392 Fax - ok
18:50:22.0553 4392 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:50:22.0568 4392 fdc - ok
18:50:22.0600 4392 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
18:50:22.0615 4392 fdPHost - ok
18:50:22.0631 4392 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
18:50:22.0662 4392 FDResPub - ok
18:50:22.0678 4392 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:50:22.0693 4392 FileInfo - ok
18:50:22.0693 4392 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:50:22.0709 4392 Filetrace - ok
18:50:22.0709 4392 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:50:22.0724 4392 flpydisk - ok
18:50:22.0740 4392 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:50:22.0756 4392 FltMgr - ok
18:50:22.0787 4392 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
18:50:22.0834 4392 FontCache - ok
18:50:22.0880 4392 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:50:22.0880 4392 FontCache3.0.0.0 - ok
18:50:22.0896 4392 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:50:22.0896 4392 Fs_Rec - ok
18:50:22.0927 4392 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:50:22.0927 4392 fvevol - ok
18:50:22.0943 4392 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:50:22.0943 4392 gagp30kx - ok
18:50:22.0974 4392 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
18:50:22.0990 4392 gpsvc - ok
18:50:23.0021 4392 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:50:23.0052 4392 HdAudAddService - ok
18:50:23.0099 4392 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:50:23.0114 4392 HDAudBus - ok
18:50:23.0130 4392 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:50:23.0161 4392 HidBth - ok
18:50:23.0161 4392 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:50:23.0192 4392 HidIr - ok
18:50:23.0208 4392 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
18:50:23.0224 4392 hidserv - ok
18:50:23.0224 4392 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:50:23.0239 4392 HidUsb - ok
18:50:23.0255 4392 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
18:50:23.0270 4392 hkmsvc - ok
18:50:23.0302 4392 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:50:23.0302 4392 HpCISSs - ok
18:50:23.0333 4392 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:50:23.0348 4392 HTTP - ok
18:50:23.0364 4392 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:50:23.0364 4392 i2omp - ok
18:50:23.0380 4392 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:50:23.0395 4392 i8042prt - ok
18:50:23.0411 4392 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:50:23.0426 4392 iaStorV - ok
18:50:23.0458 4392 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:50:23.0473 4392 idsvc - ok
18:50:23.0551 4392 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130316.001\IDSvia64.sys
18:50:23.0551 4392 IDSVia64 - ok
18:50:23.0567 4392 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:50:23.0567 4392 iirsp - ok
18:50:23.0598 4392 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
18:50:23.0614 4392 IKEEXT - ok
18:50:23.0614 4392 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
18:50:23.0629 4392 intelide - ok
18:50:23.0629 4392 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:50:23.0645 4392 intelppm - ok
18:50:23.0660 4392 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:50:23.0676 4392 IPBusEnum - ok
18:50:23.0707 4392 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:23.0707 4392 IpFilterDriver - ok
18:50:23.0738 4392 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:50:23.0754 4392 iphlpsvc - ok
18:50:23.0754 4392 IpInIp - ok
18:50:23.0770 4392 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:50:23.0785 4392 IPMIDRV - ok
18:50:23.0801 4392 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:50:23.0816 4392 IPNAT - ok
18:50:23.0816 4392 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:50:23.0832 4392 IRENUM - ok
18:50:23.0832 4392 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:50:23.0848 4392 isapnp - ok
18:50:23.0863 4392 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:50:23.0863 4392 iScsiPrt - ok
18:50:23.0863 4392 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:50:23.0879 4392 iteatapi - ok
18:50:23.0894 4392 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:50:23.0894 4392 iteraid - ok
18:50:23.0926 4392 [ 3CE8227864A5C4574F5FD99658D69885 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
18:50:23.0941 4392 JRAID - ok
18:50:23.0957 4392 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:50:23.0957 4392 kbdclass - ok
18:50:23.0988 4392 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:50:23.0988 4392 kbdhid - ok
18:50:24.0004 4392 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
18:50:24.0019 4392 KeyIso - ok
18:50:24.0050 4392 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:50:24.0050 4392 KSecDD - ok
18:50:24.0066 4392 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:50:24.0082 4392 ksthunk - ok
18:50:24.0097 4392 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
18:50:24.0128 4392 KtmRm - ok
18:50:24.0160 4392 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:50:24.0191 4392 LanmanServer - ok
18:50:24.0206 4392 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:50:24.0238 4392 LanmanWorkstation - ok
18:50:24.0269 4392 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
18:50:24.0269 4392 LGBusEnum - ok
18:50:24.0284 4392 [ F7205E939F50B1C8D16F895916BE6756 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
18:50:24.0284 4392 LGSHidFilt - ok
18:50:24.0316 4392 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
18:50:24.0316 4392 LGVirHid - ok
18:50:24.0331 4392 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:50:24.0347 4392 lltdio - ok
18:50:24.0362 4392 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:50:24.0378 4392 lltdsvc - ok
18:50:24.0394 4392 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:50:24.0409 4392 lmhosts - ok
18:50:24.0425 4392 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:50:24.0440 4392 LSI_FC - ok
18:50:24.0440 4392 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:50:24.0440 4392 LSI_SAS - ok
18:50:24.0440 4392 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:50:24.0456 4392 LSI_SCSI - ok
18:50:24.0456 4392 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
18:50:24.0472 4392 luafv - ok
18:50:24.0503 4392 [ 0F5BCDD3CC11C520C14BDA986996FD8D ] MCfilt C:\Windows\system32\drivers\MCfilt64.sys
18:50:24.0518 4392 MCfilt - ok
18:50:24.0534 4392 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:50:24.0550 4392 Mcx2Svc - ok
18:50:24.0550 4392 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
18:50:24.0565 4392 megasas - ok
18:50:24.0565 4392 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:50:24.0581 4392 MegaSR - ok
18:50:24.0596 4392 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
18:50:24.0612 4392 MMCSS - ok
18:50:24.0612 4392 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
18:50:24.0628 4392 Modem - ok
18:50:24.0643 4392 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:50:24.0659 4392 monitor - ok
18:50:24.0674 4392 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:50:24.0674 4392 mouclass - ok
18:50:24.0690 4392 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:50:24.0706 4392 mouhid - ok
18:50:24.0706 4392 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:50:24.0721 4392 MountMgr - ok
18:50:24.0752 4392 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:50:24.0752 4392 MozillaMaintenance - ok
18:50:24.0752 4392 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
18:50:24.0768 4392 mpio - ok
18:50:24.0768 4392 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:50:24.0784 4392 mpsdrv - ok
18:50:24.0815 4392 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:50:24.0830 4392 MpsSvc - ok
18:50:24.0846 4392 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:50:24.0862 4392 Mraid35x - ok
18:50:24.0862 4392 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:50:24.0877 4392 MRxDAV - ok
18:50:24.0893 4392 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:50:24.0908 4392 mrxsmb - ok
18:50:24.0908 4392 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:50:24.0924 4392 mrxsmb10 - ok
18:50:24.0924 4392 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:50:24.0924 4392 mrxsmb20 - ok
18:50:24.0924 4392 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
18:50:24.0940 4392 msahci - ok
18:50:24.0971 4392 [ 41FB1D61DF09C36CCAB0B04EEC66F6D5 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
18:50:24.0986 4392 MSCamSvc - ok
18:50:24.0986 4392 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:50:25.0002 4392 msdsm - ok
18:50:25.0002 4392 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
18:50:25.0033 4392 MSDTC - ok
18:50:25.0033 4392 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:50:25.0049 4392 Msfs - ok
18:50:25.0064 4392 [ BB590070D606AE6F008341FC9A7B2AD7 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
18:50:25.0064 4392 MSHUSBVideo - ok
18:50:25.0064 4392 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:50:25.0064 4392 msisadrv - ok
18:50:25.0080 4392 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:50:25.0096 4392 MSiSCSI - ok
18:50:25.0096 4392 msiserver - ok
18:50:25.0127 4392 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:50:25.0142 4392 MSKSSRV - ok
18:50:25.0142 4392 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:50:25.0158 4392 MSPCLOCK - ok
18:50:25.0174 4392 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:50:25.0189 4392 MSPQM - ok
18:50:25.0205 4392 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:50:25.0205 4392 MsRPC - ok
18:50:25.0220 4392 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:50:25.0220 4392 mssmbios - ok
18:50:25.0220 4392 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:50:25.0252 4392 MSTEE - ok
18:50:25.0267 4392 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:50:25.0267 4392 MTsensor - ok
18:50:25.0267 4392 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
18:50:25.0267 4392 Mup - ok
18:50:25.0283 4392 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
18:50:25.0298 4392 napagent - ok
18:50:25.0330 4392 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:50:25.0345 4392 NativeWifiP - ok
18:50:25.0376 4392 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130318.025\ENG64.SYS
18:50:25.0392 4392 NAVENG - ok
18:50:25.0423 4392 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130318.025\EX64.SYS
18:50:25.0470 4392 NAVEX15 - ok
18:50:25.0501 4392 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:50:25.0517 4392 NDIS - ok
18:50:25.0532 4392 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:50:25.0532 4392 NdisTapi - ok
18:50:25.0564 4392 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:50:25.0579 4392 Ndisuio - ok
18:50:25.0595 4392 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:50:25.0610 4392 NdisWan - ok
18:50:25.0610 4392 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:50:25.0626 4392 NDProxy - ok
18:50:25.0626 4392 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:50:25.0642 4392 NetBIOS - ok
18:50:25.0657 4392 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:50:25.0673 4392 netbt - ok
18:50:25.0673 4392 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
18:50:25.0688 4392 Netlogon - ok
18:50:25.0704 4392 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
18:50:25.0720 4392 Netman - ok
18:50:25.0751 4392 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
18:50:25.0766 4392 netprofm - ok
18:50:25.0782 4392 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:50:25.0782 4392 NetTcpPortSharing - ok
18:50:25.0798 4392 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:50:25.0813 4392 nfrd960 - ok
18:50:25.0844 4392 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
18:50:25.0844 4392 NIS - ok
18:50:25.0860 4392 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
18:50:25.0876 4392 NlaSvc - ok
18:50:25.0876 4392 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:50:25.0891 4392 Npfs - ok
18:50:25.0907 4392 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
18:50:25.0922 4392 nsi - ok
18:50:25.0938 4392 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:50:25.0954 4392 nsiproxy - ok
18:50:25.0985 4392 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:50:26.0016 4392 Ntfs - ok
18:50:26.0016 4392 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
18:50:26.0032 4392 Null - ok
18:50:26.0172 4392 [ 0A2F27B5BCC45B64E152DD6AE0815198 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:50:26.0359 4392 nvlddmkm - ok
18:50:26.0390 4392 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:50:26.0390 4392 nvraid - ok
18:50:26.0406 4392 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:50:26.0406 4392 nvstor - ok
18:50:26.0437 4392 [ 574087EA9105F23FB522A4FDDD5292D9 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:50:26.0453 4392 nvsvc - ok
18:50:26.0484 4392 [ ABA5A88740635D37A2B6CEB27DBC738A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:50:26.0515 4392 nvUpdatusService - ok
18:50:26.0515 4392 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:50:26.0531 4392 nv_agp - ok
18:50:26.0531 4392 NwlnkFlt - ok
18:50:26.0531 4392 NwlnkFwd - ok
18:50:26.0546 4392 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:50:26.0562 4392 ohci1394 - ok
18:50:26.0578 4392 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:50:26.0609 4392 p2pimsvc - ok
18:50:26.0624 4392 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
18:50:26.0640 4392 p2psvc - ok
18:50:26.0671 4392 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
18:50:26.0687 4392 Parport - ok
18:50:26.0734 4392 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:50:26.0749 4392 partmgr - ok
18:50:26.0765 4392 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
18:50:26.0796 4392 PcaSvc - ok
18:50:26.0796 4392 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
18:50:26.0812 4392 pci - ok
18:50:26.0812 4392 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
18:50:26.0827 4392 pciide - ok
18:50:26.0827 4392 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:50:26.0843 4392 pcmcia - ok
18:50:26.0858 4392 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:50:26.0890 4392 PEAUTH - ok
18:50:26.0936 4392 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:50:26.0952 4392 PerfHost - ok
18:50:26.0999 4392 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
18:50:27.0030 4392 pla - ok
18:50:27.0046 4392 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:50:27.0061 4392 PlugPlay - ok
18:50:27.0077 4392 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:50:27.0092 4392 PNRPAutoReg - ok
18:50:27.0108 4392 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:50:27.0124 4392 PNRPsvc - ok
18:50:27.0139 4392 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:50:27.0155 4392 PolicyAgent - ok
18:50:27.0186 4392 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:50:27.0186 4392 PptpMiniport - ok
18:50:27.0202 4392 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
18:50:27.0217 4392 Processor - ok
18:50:27.0217 4392 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
18:50:27.0233 4392 ProfSvc - ok
18:50:27.0248 4392 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
18:50:27.0248 4392 ProtectedStorage - ok
18:50:27.0264 4392 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:50:27.0280 4392 PSched - ok
18:50:27.0295 4392 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:50:27.0326 4392 ql2300 - ok
18:50:27.0326 4392 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:50:27.0326 4392 ql40xx - ok
18:50:27.0373 4392 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
18:50:27.0373 4392 QWAVE - ok
18:50:27.0389 4392 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:50:27.0389 4392 QWAVEdrv - ok
18:50:27.0404 4392 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:50:27.0420 4392 RasAcd - ok
18:50:27.0436 4392 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
18:50:27.0451 4392 RasAuto - ok
18:50:27.0482 4392 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:50:27.0482 4392 Rasl2tp - ok
18:50:27.0498 4392 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
18:50:27.0514 4392 RasMan - ok
18:50:27.0514 4392 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:50:27.0529 4392 RasPppoe - ok
18:50:27.0545 4392 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:50:27.0560 4392 RasSstp - ok
18:50:27.0576 4392 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:50:27.0592 4392 rdbss - ok
18:50:27.0592 4392 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:50:27.0607 4392 RDPCDD - ok
18:50:27.0623 4392 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
18:50:27.0623 4392 rdpdr - ok
18:50:27.0638 4392 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:50:27.0654 4392 RDPENCDD - ok
18:50:27.0685 4392 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:50:27.0701 4392 RDPWD - ok
18:50:27.0716 4392 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:50:27.0732 4392 RemoteAccess - ok
18:50:27.0732 4392 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:50:27.0748 4392 RemoteRegistry - ok
18:50:27.0763 4392 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
18:50:27.0779 4392 RpcLocator - ok
18:50:27.0794 4392 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
18:50:27.0810 4392 RpcSs - ok
18:50:27.0841 4392 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:50:27.0872 4392 rspndr - ok
18:50:27.0872 4392 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
18:50:27.0888 4392 SamSs - ok
18:50:27.0888 4392 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:50:27.0904 4392 sbp2port - ok
18:50:27.0904 4392 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:50:27.0919 4392 SCardSvr - ok
18:50:27.0950 4392 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
18:50:27.0982 4392 Schedule - ok
18:50:27.0997 4392 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:50:28.0013 4392 SCPolicySvc - ok
18:50:28.0013 4392 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:50:28.0028 4392 SDRSVC - ok
18:50:28.0060 4392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:50:28.0091 4392 secdrv - ok
18:50:28.0091 4392 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
18:50:28.0106 4392 seclogon - ok
18:50:28.0138 4392 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
18:50:28.0153 4392 SENS - ok
18:50:28.0153 4392 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:50:28.0184 4392 Serenum - ok
18:50:28.0184 4392 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
18:50:28.0200 4392 Serial - ok
18:50:28.0216 4392 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:50:28.0231 4392 sermouse - ok
18:50:28.0247 4392 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
18:50:28.0262 4392 SessionEnv - ok
18:50:28.0262 4392 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:50:28.0294 4392 sffdisk - ok
18:50:28.0294 4392 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:50:28.0309 4392 sffp_mmc - ok
18:50:28.0309 4392 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:50:28.0325 4392 sffp_sd - ok
18:50:28.0325 4392 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:50:28.0356 4392 sfloppy - ok
18:50:28.0372 4392 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:50:28.0387 4392 SharedAccess - ok
18:50:28.0418 4392 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:50:28.0434 4392 ShellHWDetection - ok
18:50:28.0434 4392 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:50:28.0434 4392 SiSRaid2 - ok
18:50:28.0450 4392 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:50:28.0450 4392 SiSRaid4 - ok
18:50:28.0496 4392 [ 0222073BF49E669194269CBB729F2B52 ] SkLaggProtocol C:\Windows\system32\DRIVERS\yk60x64l.sys
18:50:28.0512 4392 SkLaggProtocol - ok
18:50:28.0543 4392 [ FCC01BFE0890059C5091883CB2314C86 ] SkVlanProtocol C:\Windows\system32\DRIVERS\yk60x64v.sys
18:50:28.0543 4392 SkVlanProtocol - ok
18:50:28.0606 4392 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
18:50:28.0637 4392 slsvc - ok
18:50:28.0668 4392 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:50:28.0684 4392 SLUINotify - ok
18:50:28.0699 4392 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:50:28.0715 4392 Smb - ok
18:50:28.0730 4392 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:50:28.0730 4392 SNMPTRAP - ok
18:50:28.0746 4392 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
18:50:28.0746 4392 spldr - ok
18:50:28.0777 4392 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
18:50:28.0793 4392 Spooler - ok
18:50:28.0840 4392 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
18:50:28.0840 4392 SRTSP - ok
18:50:28.0855 4392 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
18:50:28.0855 4392 SRTSPX - ok
18:50:28.0871 4392 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:50:28.0886 4392 srv - ok
18:50:28.0902 4392 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:50:28.0902 4392 srv2 - ok
18:50:28.0918 4392 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:50:28.0918 4392 srvnet - ok
18:50:28.0949 4392 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:50:28.0964 4392 SSDPSRV - ok
18:50:28.0980 4392 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:50:28.0996 4392 SstpSvc - ok
18:50:29.0011 4392 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
18:50:29.0027 4392 stisvc - ok
18:50:29.0042 4392 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:50:29.0042 4392 swenum - ok
18:50:29.0074 4392 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
18:50:29.0089 4392 swprv - ok
18:50:29.0105 4392 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:50:29.0105 4392 Symc8xx - ok
18:50:29.0120 4392 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
18:50:29.0136 4392 SymDS - ok
18:50:29.0152 4392 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
18:50:29.0167 4392 SymEFA - ok
18:50:29.0198 4392 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:50:29.0214 4392 SymEvent - ok
18:50:29.0214 4392 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
18:50:29.0214 4392 SymIRON - ok
18:50:29.0230 4392 [ A25FEE245C78804601D83431386A0BEE ] SYMTDIv C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMTDIV.SYS
18:50:29.0245 4392 SYMTDIv - ok
18:50:29.0245 4392 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:50:29.0245 4392 Sym_hi - ok
18:50:29.0261 4392 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:50:29.0261 4392 Sym_u3 - ok
18:50:29.0292 4392 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
18:50:29.0308 4392 SysMain - ok
18:50:29.0339 4392 [ 3E5A277622E689068D8D2C0D98316A32 ] SystoG15Svc C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe
18:50:29.0354 4392 SystoG15Svc ( UnsignedFile.Multi.Generic ) - warning
18:50:29.0354 4392 SystoG15Svc - detected UnsignedFile.Multi.Generic (1)
18:50:29.0370 4392 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:50:29.0386 4392 TabletInputService - ok
18:50:29.0401 4392 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:50:29.0417 4392 TapiSrv - ok
18:50:29.0417 4392 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
18:50:29.0448 4392 TBS - ok
18:50:29.0479 4392 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:50:29.0510 4392 Tcpip - ok
18:50:29.0542 4392 [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:50:29.0588 4392 Tcpip6 - ok
18:50:29.0604 4392 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:50:29.0620 4392 tcpipreg - ok
18:50:29.0635 4392 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:50:29.0651 4392 TDPIPE - ok
18:50:29.0651 4392 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:50:29.0666 4392 TDTCP - ok
18:50:29.0682 4392 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:50:29.0698 4392 tdx - ok
18:50:29.0729 4392 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:50:29.0729 4392 TermDD - ok
18:50:29.0744 4392 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
18:50:29.0760 4392 TermService - ok
18:50:29.0776 4392 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
18:50:29.0776 4392 Themes - ok
18:50:29.0791 4392 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
18:50:29.0807 4392 THREADORDER - ok
18:50:29.0838 4392 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
18:50:29.0854 4392 TrkWks - ok
18:50:29.0885 4392 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:50:29.0900 4392 TrustedInstaller - ok
18:50:29.0900 4392 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:50:29.0916 4392 tssecsrv - ok
18:50:30.0025 4392 [ 50D8102EECC446F160C8C31AF927242D ] TuneUp.UtilitiesSvc D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
18:50:30.0103 4392 TuneUp.UtilitiesSvc - ok
18:50:30.0119 4392 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
18:50:30.0119 4392 TuneUpUtilitiesDrv - ok
18:50:30.0150 4392 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:50:30.0166 4392 tunnel - ok
18:50:30.0166 4392 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:50:30.0166 4392 uagp35 - ok
18:50:30.0181 4392 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:50:30.0197 4392 udfs - ok
18:50:30.0212 4392 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:50:30.0244 4392 UI0Detect - ok
18:50:30.0244 4392 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:50:30.0244 4392 uliagpkx - ok
18:50:30.0259 4392 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:50:30.0259 4392 uliahci - ok
18:50:30.0259 4392 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:50:30.0275 4392 UlSata - ok
18:50:30.0275 4392 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:50:30.0290 4392 ulsata2 - ok
18:50:30.0431 4392 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:50:30.0446 4392 umbus - ok
18:50:30.0462 4392 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
18:50:30.0540 4392 UmRdpService - ok
18:50:30.0587 4392 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
18:50:30.0649 4392 upnphost - ok
18:50:30.0712 4392 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:50:30.0712 4392 usbaudio - ok
18:50:30.0774 4392 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:50:30.0790 4392 usbccgp - ok
18:50:30.0805 4392 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:50:30.0836 4392 usbcir - ok
18:50:30.0836 4392 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:50:30.0852 4392 usbehci - ok
18:50:30.0868 4392 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:50:30.0883 4392 usbhub - ok
18:50:30.0899 4392 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:50:30.0914 4392 usbohci - ok
18:50:30.0914 4392 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:50:30.0946 4392 usbprint - ok
18:50:30.0946 4392 USBSTOR - ok
18:50:30.0946 4392 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:50:30.0961 4392 usbuhci - ok
18:50:30.0977 4392 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:50:30.0992 4392 usbvideo - ok
18:50:31.0008 4392 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
18:50:31.0024 4392 UxSms - ok
18:50:31.0039 4392 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
18:50:31.0055 4392 vds - ok
18:50:31.0070 4392 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:50:31.0086 4392 vga - ok
18:50:31.0086 4392 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:50:31.0102 4392 VgaSave - ok
18:50:31.0102 4392 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
18:50:31.0102 4392 viaide - ok
18:50:31.0133 4392 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:50:31.0133 4392 volmgr - ok
18:50:31.0148 4392 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:50:31.0164 4392 volmgrx - ok
18:50:31.0195 4392 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:50:31.0195 4392 volsnap - ok
18:50:31.0211 4392 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:50:31.0211 4392 vsmraid - ok
18:50:31.0258 4392 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
18:50:31.0289 4392 VSS - ok
18:50:31.0289 4392 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
18:50:31.0320 4392 W32Time - ok
18:50:31.0320 4392 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:50:31.0336 4392 WacomPen - ok
18:50:31.0367 4392 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:50:31.0367 4392 Wanarp - ok
18:50:31.0382 4392 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:50:31.0382 4392 Wanarpv6 - ok
18:50:31.0414 4392 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
18:50:31.0445 4392 wbengine - ok
18:50:31.0445 4392 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:50:31.0460 4392 wcncsvc - ok
18:50:31.0507 4392 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:50:31.0507 4392 WcsPlugInService - ok
18:50:31.0507 4392 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
18:50:31.0523 4392 Wd - ok
18:50:31.0538 4392 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:50:31.0554 4392 Wdf01000 - ok
18:50:31.0585 4392 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:50:31.0601 4392 WdiServiceHost - ok
18:50:31.0601 4392 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:50:31.0616 4392 WdiSystemHost - ok
18:50:31.0632 4392 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
18:50:31.0648 4392 WebClient - ok
18:50:31.0663 4392 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:50:31.0679 4392 Wecsvc - ok
18:50:31.0694 4392 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:50:31.0710 4392 wercplsupport - ok
18:50:31.0726 4392 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
18:50:31.0741 4392 WerSvc - ok
18:50:31.0741 4392 WinDefend - ok
18:50:31.0741 4392 WinHttpAutoProxySvc - ok
18:50:31.0772 4392 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:50:31.0788 4392 Winmgmt - ok
18:50:31.0819 4392 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys
18:50:32.0287 4392 WinRing0_1_2_0 - ok
18:50:32.0318 4392 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
18:50:32.0350 4392 WinRM - ok
18:50:32.0396 4392 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:50:32.0428 4392 Wlansvc - ok
18:50:32.0428 4392 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:50:32.0443 4392 WmiAcpi - ok
18:50:32.0459 4392 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:50:32.0474 4392 wmiApSrv - ok
18:50:32.0474 4392 WMPNetworkSvc - ok
18:50:32.0490 4392 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:50:32.0521 4392 WPCSvc - ok
18:50:32.0537 4392 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:50:32.0552 4392 WPDBusEnum - ok
18:50:32.0568 4392 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:50:32.0584 4392 ws2ifsl - ok
18:50:32.0615 4392 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
18:50:32.0630 4392 wscsvc - ok
18:50:32.0630 4392 WSearch - ok
18:50:32.0677 4392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:50:32.0708 4392 wuauserv - ok
18:50:32.0724 4392 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:50:32.0740 4392 wudfsvc - ok
18:50:32.0771 4392 yksvc - ok
18:50:32.0802 4392 [ 283C135EDAE66A304125EAFA26E8B173 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
18:50:32.0833 4392 yukonx64 - ok
18:50:32.0833 4392 ================ Scan global ===============================
18:50:32.0864 4392 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
18:50:32.0880 4392 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:50:32.0880 4392 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
18:50:32.0911 4392 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
18:50:32.0911 4392 [Global] - ok
18:50:32.0911 4392 ================ Scan MBR ==================================
18:50:32.0911 4392 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:50:33.0114 4392 \Device\Harddisk0\DR0 - ok
18:50:33.0114 4392 ================ Scan VBR ==================================
18:50:33.0130 4392 [ 6A1B325519984D17E633B8391AC3EA43 ] \Device\Harddisk0\DR0\Partition1
18:50:33.0130 4392 \Device\Harddisk0\DR0\Partition1 - ok
18:50:33.0145 4392 [ 3160F5FF524BBDB7A07C38CBD8436F5A ] \Device\Harddisk0\DR0\Partition2
18:50:33.0145 4392 \Device\Harddisk0\DR0\Partition2 - ok
18:50:33.0161 4392 [ 298F673D8302B9950DD3E7DFB4103A8E ] \Device\Harddisk0\DR0\Partition3
18:50:33.0176 4392 \Device\Harddisk0\DR0\Partition3 - ok
18:50:33.0176 4392 ============================================================
18:50:33.0176 4392 Scan finished
18:50:33.0176 4392 ============================================================
18:50:33.0176 2112 Detected object count: 5
18:50:33.0176 2112 Actual detected object count: 5
18:50:56.0795 2112 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:56.0810 2112 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:56.0810 2112 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:56.0810 2112 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:56.0810 2112 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:56.0810 2112 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:56.0810 2112 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:56.0810 2112 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:50:56.0810 2112 SystoG15Svc ( UnsignedFile.Multi.Generic ) - skipped by user
18:50:56.0810 2112 SystoG15Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:52:54.0316 4432 Deinitialize success
Geändert von chefzon (19.03.2013 um 19:02 Uhr) Grund: übersicht |
|
20.03.2013, 09:40
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte |
|
20.03.2013, 13:17
| #7 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte mahlzeit, habe soeben Combodix laden wollen - als ich die datei zum download auswählte und sich das seperate download fenster des browsers (firefox) öffnete, reagierte der browser & das download fenster nicht mehr. es liess sich weder über rechtsklick schliessen noch über den taskmanager. beide fenster waren weiss. nach ca.1min liessen sie sich wieder schliessen und ich konnte den vorgang ohne probleme durhführen. edit: nachdem ich gerade den browser erneut startete wurde die abfrage getsellt ob ich diesen als standardsbrowser auswählen möchte. das war er bereits - verwunderlich log Combofix: Code:
ATTFilter ComboFix 13-03-20.01 - diaz 20.03.2013 13:03:22.1.8 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.49.1031.18.6134.4335 [GMT 1:00]
ausgeführt von:: c:\users\diaz\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\diaz\AppData\Local\SystoG15.exe
c:\windows\IsUn0407.exe
c:\windows\ydi.log
c:\windows\ydi2.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-20 bis 2013-03-20 ))))))))))))))))))))))))))))))
.
.
2013-03-20 12:07 . 2013-03-20 12:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-20 12:00 . 2013-03-20 12:01 -------- d-----w- C:\32788R22FWJFW
2013-03-20 04:46 . 2013-03-20 04:46 -------- d-----w- c:\programdata\Canneverbe Limited
2013-03-20 04:45 . 2013-03-20 04:45 -------- d-----w- c:\program files (x86)\CDBurnerXP
2013-03-19 17:11 . 2013-03-19 17:11 -------- d-----w- c:\programdata\Malwarebytes
2013-03-17 03:27 . 2013-03-17 03:27 -------- d-----w- c:\programdata\id Software
2013-03-16 17:09 . 2013-03-16 17:09 -------- d-----w- c:\program files\DivX
2013-03-16 17:09 . 2013-03-16 17:09 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2013-03-16 17:08 . 2013-03-16 17:10 -------- d-----w- c:\program files (x86)\DivX
2013-03-16 17:07 . 2013-03-16 17:10 -------- d-----w- c:\programdata\DivX
2013-03-16 16:20 . 2013-03-16 16:20 -------- d-----w- c:\program files (x86)\CamSpy
2013-03-16 15:20 . 2013-03-16 15:20 -------- d-----w- c:\users\Public\camspy
2013-03-16 15:19 . 2013-03-16 15:19 -------- d-----w- c:\program files (x86)\The Playa
2013-03-16 15:09 . 2013-03-16 15:09 -------- d-----w- c:\program files\Microsoft LifeCam
2013-03-16 15:09 . 2013-03-16 15:09 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2013-03-16 15:09 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2013-03-16 15:09 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2013-03-16 15:05 . 2013-03-16 15:05 -------- d-----w- c:\users\Public\CyberLink
2013-03-16 02:46 . 2013-03-16 02:46 -------- d-----w- c:\program files\WinRAR
2013-03-16 01:03 . 2013-03-20 11:53 -------- d-----w- c:\program files (x86)\C2DtoG15
2013-03-16 00:43 . 2013-03-16 13:15 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-16 00:40 . 2013-03-16 00:40 -------- d-----w- c:\programdata\LogiShrd
2013-03-16 00:40 . 2013-03-16 00:46 -------- d-----w- c:\program files\Logitech Gaming Software
2013-03-15 23:46 . 2013-03-15 23:46 -------- d-----w- c:\programdata\Creative
2013-03-15 23:12 . 2013-03-15 23:12 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2013-03-15 23:12 . 2013-03-15 23:12 -------- d-----w- c:\program files\Creative
2013-03-15 23:11 . 2013-03-15 23:14 -------- d-----w- c:\program files (x86)\Creative
2013-03-15 23:09 . 2008-01-04 12:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2013-03-15 23:09 . 2008-01-04 12:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2013-03-15 22:59 . 2013-03-15 23:06 -------- d-----w- c:\program files (x86)\Marvell
2013-03-15 22:51 . 2013-03-15 22:51 -------- d-----w- c:\windows\Profiles
2013-03-15 22:51 . 2013-03-15 22:51 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-03-15 22:51 . 1997-01-22 19:26 565760 ----a-w- c:\windows\SysWow64\MSVCP50.DLL
2013-03-15 22:51 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-03-15 22:35 . 2013-01-28 13:19 35104 ----a-w- c:\windows\system32\TURegOpt.exe
2013-03-15 22:35 . 2013-01-28 13:19 26400 ----a-w- c:\windows\system32\authuitu.dll
2013-03-15 22:35 . 2013-01-28 13:19 21792 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-03-15 22:34 . 2013-03-15 22:35 -------- d-----w- c:\programdata\TuneUp Software
2013-03-15 22:33 . 2013-03-15 22:40 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2013-03-15 22:33 . 2013-03-15 22:33 -------- d--h--w- c:\programdata\Common Files
2013-03-15 22:27 . 2013-03-15 22:27 -------- d-----w- C:\RaidTool
2013-03-15 22:25 . 2013-03-15 22:27 -------- d-----w- c:\windows\RaidTool
2013-03-15 22:00 . 2013-03-15 22:24 -------- d-----w- c:\program files (x86)\Intel
2013-03-15 22:00 . 2009-08-18 12:44 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-03-15 22:00 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-15 21:58 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-15 21:58 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2013-03-15 21:58 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-15 21:58 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-03-15 21:58 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-15 21:58 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll
2013-03-15 21:58 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-03-15 21:58 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll
2013-03-15 21:58 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-15 21:58 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-03-15 21:50 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-15 21:50 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-03-15 21:48 . 2013-03-19 11:49 -------- d-----w- c:\users\UpdatusUser
2013-03-15 21:47 . 2013-03-15 21:48 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2013-03-15 21:47 . 2013-03-15 21:47 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-15 21:45 . 2013-02-10 01:04 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 21:44 . 2013-02-10 03:25 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-15 21:44 . 2013-02-10 03:25 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-15 21:44 . 2013-03-15 21:44 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-15 21:37 . 2013-03-15 21:48 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-15 21:02 . 2013-03-15 21:02 -------- d-----w- c:\windows\SysWow64\spool
2013-03-15 19:30 . 2008-07-31 09:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2013-03-15 19:30 . 2008-07-31 09:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2013-03-15 19:30 . 2008-07-12 07:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-03-15 19:30 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-03-15 19:30 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-03-15 18:49 . 2013-03-15 18:49 979456 ----a-w- c:\windows\SysWow64\MFH264Dec.dll
2013-03-15 18:48 . 2013-03-15 18:48 3584 ----a-w- c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2013-03-15 18:43 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2013-03-15 18:43 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-15 18:43 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-15 18:43 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-15 18:43 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-15 18:41 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2013-03-15 18:41 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-15 18:41 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2013-03-15 18:41 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-15 18:23 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2013-03-15 18:23 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2013-03-15 18:23 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-03-15 18:23 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2013-03-15 18:23 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2013-03-15 18:23 . 2011-12-14 16:38 621056 ----a-w- c:\windows\system32\msvcrt.dll
2013-03-15 18:23 . 2011-12-14 16:17 680448 ----a-w- c:\windows\SysWow64\msvcrt.dll
2013-03-15 18:23 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-15 18:21 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys
2013-03-15 18:18 . 2011-11-25 16:25 451072 ----a-w- c:\windows\system32\winsrv.dll
2013-03-15 18:18 . 2012-06-02 00:20 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-15 18:18 . 2012-06-02 00:20 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-15 18:18 . 2012-06-02 00:20 1268736 ----a-w- c:\windows\system32\crypt32.dll
2013-03-15 18:18 . 2012-06-02 00:02 985088 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-15 18:18 . 2012-06-02 00:02 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-03-15 18:18 . 2012-06-02 00:02 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-15 18:18 . 2012-02-01 15:31 1815552 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-03-15 18:18 . 2012-02-01 15:31 689664 ----a-w- c:\program files\Windows Journal\MSPVWCTL.DLL
2013-03-15 18:18 . 2012-02-01 15:30 1500672 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-03-15 18:18 . 2012-02-01 15:30 1476096 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-03-15 18:16 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-03-15 18:16 . 2011-11-18 18:07 76800 ----a-w- c:\windows\system32\packager.dll
2013-03-15 18:16 . 2011-11-18 17:47 66560 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-15 18:15 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2013-03-15 18:15 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2013-03-15 18:15 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-03-15 18:15 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-03-15 18:15 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2013-03-15 18:15 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2013-03-15 18:15 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2013-03-15 18:15 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2013-03-15 18:14 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2013-03-15 18:14 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-15 18:14 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-03-15 18:11 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2013-03-15 18:11 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2013-03-15 18:11 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-03-15 18:11 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2013-03-15 18:11 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
2013-03-15 18:03 . 2012-01-09 16:16 708096 ----a-w- c:\windows\system32\rdpencom.dll
2013-03-15 18:03 . 2012-01-09 15:54 613376 ----a-w- c:\windows\SysWow64\rdpencom.dll
2013-03-15 17:56 . 2013-03-15 19:32 -------- d-----w- c:\programdata\PMB Files
2013-03-15 17:56 . 2013-03-15 17:56 -------- d-----w- c:\program files (x86)\Pando Networks
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 22:24 . 2008-07-31 09:21 93784 ----a-w- c:\windows\system32\drivers\jraid.sys
2013-03-15 17:02 . 2009-09-17 15:45 32344 ----a-w- c:\windows\system32\drivers\MCfilt64.sys
2013-03-15 17:02 . 2009-09-16 11:38 72704 ----a-w- c:\windows\system32\MCWrp64.dll
2013-03-15 17:02 . 2009-09-16 11:38 601088 ----a-w- c:\windows\system32\MCAPO64.dll
2013-03-15 17:02 . 2009-09-16 11:38 57856 ----a-w- c:\windows\system32\mcppld64.dll
2013-03-15 17:02 . 2009-09-16 11:38 53760 ----a-w- c:\windows\system32\MCPPCn64.dll
2013-03-15 17:02 . 2008-02-28 15:18 41472 ----a-w- c:\windows\system32\SmaxCo.dll
2013-03-15 17:02 . 2009-09-16 11:38 524288 ----a-w- c:\windows\SysWow64\MCAPO32.dll
2013-03-15 17:02 . 2009-09-16 22:04 478208 ----a-w- c:\windows\system32\drivers\ADIHdAud.sys
2013-03-15 17:02 . 2009-01-27 15:09 161280 ----a-w- c:\windows\system32\AEADIAPO.dll
2013-03-15 17:02 . 2008-07-15 12:09 111616 ----a-w- c:\windows\system32\AEADISRV.EXE
2013-03-15 17:02 . 2007-12-05 06:56 428544 ----a-w- c:\windows\system32\AEADIExt.dll
2013-03-15 17:02 . 2007-01-10 13:38 56320 ----a-w- c:\windows\system32\AEADIAPR.dll
2013-03-15 16:56 . 2006-10-31 22:23 15680 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2013-03-04 13:53 . 2006-11-02 12:35 72013344 ----a-w- c:\windows\system32\mrt.exe
2013-02-10 01:04 . 2009-03-08 08:37 6393120 ----a-w- c:\windows\system32\nvcpl.dll
2013-02-10 01:04 . 2009-03-08 08:37 3472672 ----a-w- c:\windows\system32\nvsvc64.dll
2013-02-10 01:04 . 2009-03-08 08:37 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-02-10 01:04 . 2009-03-08 08:37 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-02-10 01:04 . 2009-03-08 08:37 237856 ----a-w- c:\windows\system32\nvmctray.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2013-03-15 1310720]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2013-03-15 36864]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-07-07 241789]
.
c:\users\diaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - c:\program files (x86)\C2DtoG15\C2DtoG15.exe [2013-3-16 596992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TweakIt Help"="c:\program files (x86)\ASUS\TweakIt\TweakIt.exe" -r
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe"
"Cpu Level Up"="c:\program files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" -r
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WINRING0_1_2_0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\
FF - ExtSQL: 2013-03-15 14:33; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn
FF - ExtSQL: 2013-03-15 14:47; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn
FF - ExtSQL: 2013-03-15 16:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2013-03-15 17:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-15 17:23; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
FF - ExtSQL: 2013-03-16 18:10; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-19 21:27; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-03-19 21:41; {ada4b710-8346-4b82-8199-5de2b400a6ae}; c:\users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adjustment Pattern software utility - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2013-03-20 13:08:53
ComboFix-quarantined-files.txt 2013-03-20 12:08
.
Vor Suchlauf: 7 Verzeichnis(se), 100.273.139.712 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 100.747.575.296 Bytes frei
.
- - End Of File - - 64702096F2EE731157964DDA4230DE0E
Geändert von chefzon (20.03.2013 um 13:23 Uhr) |
|
20.03.2013, 14:12
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 00:56
| #9 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte liess mir keine ruhe habs grad eben vorm vorm schlafen noch durchgejagt! log: JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows (TM) Vista Ultimate x64
Ran by diaz on 21.03.2013 at 0:21:57,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\user.js
Emptied folder: C:\Users\diaz\AppData\Roaming\mozilla\firefox\profiles\k8pqwaiq.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2013 at 0:25:54,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log AdwCleaner: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 21/03/2013 um 00:36:34 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# Benutzer : diaz - DIAZ-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\diaz\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\diaz\AppData\Roaming\Mozilla\Firefox\Profiles\k8pqwaiq.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [726 octets] - [21/03/2013 00:36:34]
########## EOF - C:\AdwCleaner[S1].txt - [785 octets] ##########
|
|
21.03.2013, 01:17
| #10 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte otl & extras musst ich zippen.. |
|
21.03.2013, 10:31
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 20:05
| #12 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte hallo, da bin ich ja mehr oder weniger erleichtert das es soweit gut aussieht. lieber währe mir ein fund gewesen um die ratte auszumerzen! malware bytes & eset scan war negativ. habe meinen laptop, welcher evtl infiziert ist, allerdings nicht wieder ans netzwerk/wlan angeschlossen da mir das risiko zu gross ist meinen frisch aufgesetzten & eingerichteten pc zu infizieren. werde bei gelegenheit alle virenscanner auf cd brennen & dann drüberlaufen lassen. es gibt doch sicher auch möglichkeiten auf ein system zuzugreifen ohne trojaner oder programme zu verwenden bzw. diese auf dem system installiert sind!? wenn, welche währen das und wie schütze ich meinen pc gegen speziell auf mich gerichtete angriffe. sprich wie mache ich meinen rechner 100 % sicher gegen ungebetene gäste. falls ihnen da ein tut oder ähnliches in den sinn kommt bzw. sie den ein oder anderen link zum schlaumachen hätten wäre das sehr praktisch. ich bin im übrigen schwer auf begeistert von der hilfestellung und !kostenlosen! überprüfung meines problems durch kompetente it spezialisten! ich werde mich, meinen möglichkeiten entsprechend, über die spendenoption erkenntlich zeigen - vielen dank! hab doch tatsächlich vergessen das log von eset anzuhängen bevor ich das tool mit allem dazugehörigen deinstalliert hab.. lass es eben nochmal durchlaufen! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=df67cb8d1a948f4ea3bcacc8caf3d61e
# engine=13451
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-21 09:30:18
# local_time=2013-03-21 10:30:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3591 16777213 100 95 463599 126498003 0 0
# compatibility_mode=5892 16776574 100 95 532258 201425418 0 0
# scanned=162620
# found=0
# cleaned=0
# scan_time=1804
|
|
22.03.2013, 11:11
| #13 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräteZitat:
 deswegen äußere ich mich dazu erstmal nichtZitat:
Und bitte auch das Log von MBAM posten, wie ich anfangs erwähnt habe sollen alle Logs gepostet werden egal ob mit oder ohne Funde
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 12:19
| #14 |
| | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte ich gehe davon aus das man auch auf ein system zugreifen kann ohne das bereits ein trojaner auf dem system ist. offene ports, angreifbare windowsdienste etc.. & dagegen würde ich mich gern schützen! hab heute mal etwas mehr freie zeit und bin gerade während des durchstöberns des boards auf http://www.trojaner-board.de/96344-a...g-rechners.htm gestossen. dort wurde ich auf eine seite "hxxp://ntsvcfg.de" aufmerksam welche automatisierte scripte zur konfiguration der sicherheitslücken bietet - jedoch leider, so wie es mir scheint, nur für xp. unter der windows7/vista rubrik gibts es diese nicht und man muss die einstellungen manuell vornehmen. da bin jedoch beim pfad hängengeblieben "Start -> Control Panel -> System and Security -> Administrative Tools -> Services" find ich nicht. evtl. falsches subforum.. log MBAM: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.22.04 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 diaz :: DIAZ-PC [Administrator] Schutz: Deaktiviert 22.03.2013 11:59:32 mbam-log-2013-03-22 (11-59-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228377 Laufzeit: 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.03.2013, 13:39
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräteZitat:
Aber normalerweise schottet die WindowsFirewall Zugriffe von außen ab, idR hat auch fast jeder hetzutage einen NAT/PAT Router mit Firewall Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Paranoid? suspekte Modifikationen an allen am Netzwerk angeschlossenen geräte |
| autorun, bho, browser, error, explorer, firefox, flash player, format, helper, install.exe, installation, launch, logfile, mozilla, netzwerk, nvidia, pando media booster, plug-in, programme, registry, rundll, scan, security, software, svchost.exe, symantec, vista, windows xp, wlan |
Linear-Darstellung
