| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TAN-Abfrage CommerzbankWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.05.2013, 22:46
| #1 |
 |  TAN-Abfrage Commerzbank Hallo alle zusammen... ich bin wohl nicht die erste, die ein Problem mit einem Trojaner hat, der eine Seite beim Onlinebanking (Commerzbank) aufpoppen lässt und gerne meine Tans möchte... Malwarebytes lässt sich nicht updaten, auf die INternetseiten von Microsoft und einigen anderen (vor allem Virenscannern) habe ich keinen Zugriff mehr. Ich habe einen OTL Scan durchgeführt, nachdem ich den defogger durchgeführt habe... OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2013 23:22:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8080.16413) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 60,82% Memory free 6,24 Gb Paging File | 4,92 Gb Available in Paging File | 78,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 51,32 Gb Free Space | 17,22% Space Free | Partition Type: NTFS Drive H: | 232,88 Gb Total Space | 156,64 Gb Free Space | 67,26% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\PureSync\PureSyncTray.exe (Jumping Bytes) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Programme\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\ProgramData\DatacardService\DCService.exe () PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\ba39e27ea796912fce296963622dfbae\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\System32\atitmpxx.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (PMBDeviceInfoProvider) -- C:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe () SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (ewdmaudn) -- C:\Users\User\AppData\Local\Temp\ewdmaudn.sys File not found DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AODDriver4.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (Advanced Micro Devices) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (motusbdevice) -- C:\Windows\System32\drivers\motusbdevice.sys (Motorola Inc) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.) DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.) DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies) DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation) DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (s217unic) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (s125mdm) -- C:\Windows\System32\drivers\s125mdm.sys (MCCI Corporation) DRV - (s125mdfl) -- C:\Windows\System32\drivers\s125mdfl.sys (MCCI Corporation) DRV - (s125bus) -- C:\Windows\System32\drivers\s125bus.sys (MCCI Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\User\AppData\Roaming\Flatcast\NpFv522.dll (1 mal 1 Software GmbH) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.31 21:30:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.23 20:23:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 10:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.28 10:10:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.04.02 20:46:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.04.02 20:46:35 | 000,000,000 | ---D | M] [2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2010.12.05 18:57:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{a79fe89b-6662-4ff4-8e88-09950ad4dfde} [2013.04.02 19:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions [2009.10.26 19:21:17 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qtnzqs1n.default\extensions\moveplayer@movenetworks.com [2013.04.02 19:54:57 | 000,392,806 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012.07.23 21:32:42 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012.12.11 13:25:11 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.11 07:50:20 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-1.xml [2011.03.02 22:28:28 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-10.xml [2011.03.23 17:35:00 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-11.xml [2011.04.30 00:36:33 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-12.xml [2011.06.22 23:00:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-13.xml [2011.08.29 20:55:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-14.xml [2011.09.01 17:38:35 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-15.xml [2011.09.11 15:15:47 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-16.xml [2011.09.28 21:37:50 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-17.xml [2011.11.23 10:37:11 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-18.xml [2012.01.10 12:03:24 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-19.xml [2010.01.03 14:57:45 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-2.xml [2010.01.09 13:13:07 | 000,000,950 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-3.xml [2010.02.23 23:23:46 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-4.xml [2010.04.03 08:47:51 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-5.xml [2010.06.24 21:54:48 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-6.xml [2010.07.14 11:05:15 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-7.xml [2010.09.14 14:48:36 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-8.xml [2010.12.10 19:57:04 | 000,000,961 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin-9.xml [2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\qtnzqs1n.default\searchplugins\icqplugin.xml [2013.04.28 10:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.28 10:10:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.04.28 10:10:17 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2009.03.03 12:00:30 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv501.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv522.dll [2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2013.04.28 10:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.28 10:10:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.28 10:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.28 10:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.28 10:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.28 10:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.10 09:16:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [PureSync] C:\Program Files\PureSync\PureSyncTray.exe (Jumping Bytes) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Uhguhauq] C:\Users\User\AppData\Roaming\Vodono\giib.exe () O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{477C6D91-E73F-4224-9551-E52262579A7A}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F4E43E1-D31D-4533-B5CA-CF197CFB0C5F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9106E2FD-0022-4030-A314-80F62D5AC611}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4115A20-A349-476D-96E7-AB5C209394EC}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D296F445-97CD-4566-883E-45FE9DFD96F9}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.01 16:10:50 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk H:\ O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 23:21:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.12 11:22:21 | 000,000,000 | ---D | C] -- C:\Users\User\Ebooks und Anleitungen [2013.05.12 11:20:19 | 000,000,000 | ---D | C] -- C:\Users\User\SchachtelmacherBlog [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Vodono [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Miru [2013.05.10 17:33:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Edzouz [2013.04.28 10:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.23 17:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.23 17:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP [2013.04.23 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.04.21 13:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.15 07:44:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\verkaufen [2013.01.30 20:16:47 | 006,451,200 | ---- | C] (Across Systems GmbH) -- C:\Program Files\setup.exe [2010.08.23 19:13:39 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\REX Shared Library.dll [2010.08.23 19:13:39 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\User\AppData\Roaming\Rewire.dll [2010.08.08 19:20:43 | 002,497,825 | ---- | C] (No23) -- C:\Users\User\No23Recorder2103.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.12 23:21:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.05.12 23:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.12 23:15:49 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.05.12 23:15:15 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe [2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:06:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 22:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.12 22:06:31 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2013.05.12 22:05:17 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.05.12 16:51:21 | 000,000,206 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165119.reg [2013.05.12 16:51:07 | 000,000,456 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165105.reg [2013.05.12 16:50:50 | 000,122,862 | ---- | M] () -- C:\Users\User\Documents\cc_20130512_165040.reg [2013.05.11 14:50:33 | 000,071,568 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.11 14:50:33 | 000,022,322 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.11 14:50:33 | 000,019,980 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.11 14:50:33 | 000,011,390 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.24 18:40:14 | 000,214,016 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.15 14:04:13 | 000,474,417 | ---- | M] () -- C:\Users\User\Desktop\ticketbielefeld.pdf [2013.04.13 11:12:56 | 043,456,913 | ---- | M] () -- C:\Users\User\Desktop\Set_Gleis3.mp3 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.12 23:15:49 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.05.12 23:15:14 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe [2013.05.12 16:51:20 | 000,000,206 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165119.reg [2013.05.12 16:51:06 | 000,000,456 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165105.reg [2013.05.12 16:50:44 | 000,122,862 | ---- | C] () -- C:\Users\User\Documents\cc_20130512_165040.reg [2013.04.15 14:04:13 | 000,474,417 | ---- | C] () -- C:\Users\User\Desktop\ticketbielefeld.pdf [2013.04.13 11:11:50 | 043,456,913 | ---- | C] () -- C:\Users\User\Desktop\Set_Gleis3.mp3 [2013.01.30 20:16:48 | 000,001,985 | ---- | C] () -- C:\Program Files\setup.ini [2013.01.30 20:16:47 | 001,583,298 | ---- | C] () -- C:\Program Files\setup.chm [2013.01.30 12:26:34 | 746,653,266 | ---- | C] () -- C:\Program Files\Across_v5.0_SP1_de_LS_Offline_Client.zip [2013.01.30 12:26:12 | 395,410,043 | ---- | C] () -- C:\Program Files\Across_v5.3_50636_mui.zip [2013.01.26 21:01:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.12.19 16:45:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.11.29 17:40:02 | 000,662,786 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.09.19 21:09:40 | 000,076,660 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2012.09.04 17:20:18 | 000,228,528 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.10 20:40:20 | 000,000,027 | -HS- | C] () -- C:\ProgramData\.pr_data [2011.08.10 19:14:12 | 000,000,000 | -HS- | C] () -- C:\ProgramData\.pr_stat_data [2011.08.03 15:11:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.08.03 15:11:03 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.07.28 22:52:38 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2011.02.18 17:23:49 | 000,708,106 | ---- | C] () -- C:\Users\User\tatooschrift.psd [2011.02.18 17:23:39 | 000,138,280 | ---- | C] () -- C:\Users\User\tattoo.psd [2011.02.05 17:53:58 | 104,915,069 | ---- | C] () -- C:\Users\User\test.psd [2010.11.22 16:50:30 | 000,707,072 | ---- | C] () -- C:\Users\User\ws_ftple.exe [2010.09.14 14:53:35 | 000,009,675 | ---- | C] () -- C:\Users\User\emailadressen.csv [2010.07.23 16:59:03 | 000,003,661 | ---- | C] () -- C:\Users\User\license.lic [2010.07.23 09:27:00 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat [2009.06.03 18:30:04 | 000,001,482 | ---- | C] () -- C:\Users\User\AppData\Local\RecConfig.xml [2008.08.28 12:32:57 | 000,004,096 | -H-- | C] () -- C:\Users\User\AppData\Local\keyfile3.drm [2008.07.09 18:10:57 | 000,214,016 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.21 12:31:28 | 000,001,356 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.02.23 18:06:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acreon [2011.07.27 13:18:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Atari [2011.04.10 09:03:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Azureus [2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BitTorrent [2008.10.04 08:36:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\blg [2012.11.02 14:50:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\calibre [2013.01.20 20:10:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Cobra Mobile [2010.12.05 18:57:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\conkeror.mozdev.org [2013.04.18 11:29:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2013.04.06 15:41:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft [2011.03.08 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers [2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Edzouz [2010.01.28 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Flatcast [2010.11.21 10:49:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FUEL Demo [2008.10.09 20:12:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Games [2011.08.11 20:59:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GARMIN [2009.08.13 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo [2011.04.07 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER [2011.05.21 17:27:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HandBrake [2011.01.19 22:16:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\HyperLobby [2010.08.07 10:51:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ [2011.04.11 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iPodder [2013.01.24 11:11:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jumping Bytes [2010.12.12 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\lingDIALOG [2010.07.13 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ManyCam [2013.05.12 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Miru [2010.08.15 11:37:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ML [2010.08.25 13:15:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MudTV [2013.01.23 19:43:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\My Games [2010.08.25 16:24:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Navigram [2011.04.11 19:32:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nimiq [2011.10.07 14:04:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PlayFirst [2010.11.05 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Polynomial [2010.08.29 13:12:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Propellerhead Software [2010.11.06 15:44:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ProtectDISC [2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Quest3D [2010.11.05 14:30:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Roaming [2011.11.04 17:23:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Rovio [2012.10.30 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung [2011.07.24 14:21:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SimpleScreenshot [2013.01.25 11:44:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony [2013.05.08 16:16:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify [2010.06.07 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca [2013.01.23 22:45:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2012.07.23 22:11:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird [2010.12.12 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trados [2010.11.26 22:26:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tropico 3 Demo [2013.04.07 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2011.02.26 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013.01.26 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity of Command DEMO [2013.05.12 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent [2013.05.10 17:33:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vodono [2011.07.10 22:11:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net [2011.07.24 12:29:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WEB.DE [2009.05.14 12:09:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\yess [2010.11.06 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\YoudaGames [2010.11.05 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ZombieDriver ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:33384BC0 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E5DE9C8F < End of report > Ich hoffe ich habe soweit alles richtig gemacht und mir kann hier jemand weiterhelfen. DANKE! |
|
12.05.2013, 22:51
| #2 |
| /// Malwareteam / Visitor  | TAN-Abfrage Commerzbank Hi JustJoolez
__________________Ich bin Smeenk und ich werde versuchen Dir zu helfen  Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code] |
|
13.05.2013, 08:02
| #3 |
| | TAN-Abfrage Commerzbank Hallo Smeenk,
__________________Danke schonmal für die Hilfe!!! Ich habe die Scans jetzt nach Deinen Angaben ausgeführt und folgendes ist dabei herausgekommen: ZOEK Systemscan Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by User on 13.05.2013 at 8:26:10,24.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Creating Sample__0829.zip ======================
Copied file C:\Users\User\No23Recorder2103.exe to sample
Copied file C:\Users\User\ws_ftple.exe to sample
sample\No23Recorder2103.exe renamed to 1AA9F12C2941DE6760CE2D962C18EEC2
sample\ws_ftple.exe renamed to 6993AF44351EE82C42D77CCF5D550A29
C:\Users\Public\Desktop\sample__0829.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} deleted successfully
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420} deleted successfully
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16A8E2C8-97CC-414B-9CD9-CD8337938DD0} deleted successfully
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default
---- Lines conduit removed from prefs.js ----
---- Lines conduit modified from prefs.js ----
---- Lines conduit removed from user.js ----
---- Lines ask.com removed from prefs.js ----
user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1");
user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=13166&l=dis");
---- Lines ask.com modified from prefs.js ----
---- Lines ask.com removed from user.js ----
---- Lines ICQ Search removed from prefs.js ----
user_pref("browser.search.defaultenginename", "ICQ Search");
---- Lines ICQ Search modified from prefs.js ----
---- Lines ICQ Search removed from user.js ----
---- Lines icq.com removed from prefs.js ----
user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
---- Lines icq.com modified from prefs.js ----
---- Lines icq.com removed from user.js ----
---- Lines asktb removed from prefs.js ----
user_pref("extensions.snipit.askTbInstalled", true);
---- Lines asktb modified from prefs.js ----
---- Lines asktb removed from user.js ----
---- FireFox user.js and prefs.js backups ----
user__0831_.backup
prefs__0831_.backup
==== Deleting Files \ Folders ======================
"C:\Users\User\AppData\Roaming\Rewire.dll" deleted
"C:\Users\User\AppData\Roaming\REX Shared Library.dll" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-1.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-10.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-11.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-12.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-13.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-14.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-15.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-16.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-17.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-18.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-19.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-2.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-3.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-4.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-5.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-6.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-7.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-8.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin-9.xml" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\searchplugins\icqplugin.xml" deleted
"C:\Users\User\No23Recorder2103.exe" deleted
"C:\Users\User\ws_ftple.exe" deleted
"C:\Users\User\AppData\Roaming\Miru\roif.tmp" not deleted
"C:\Users\User\AppData\Roaming\Miru\roif.uvb" deleted
"C:\Users\User\AppData\Roaming\Edzouz\mison.yho" deleted
"C:\Users\User\AppData\Roaming\Vodono\giib.exe" deleted
"C:\Users\User\AppData\Roaming\Miru" not deleted
"C:\Users\User\AppData\Roaming\Edzouz" deleted
"C:\Users\User\AppData\Roaming\Vodono" deleted
"C:\Windows\system32\appdata" deleted
"C:\Program Files\ICQ6Toolbar" deleted
"C:\Program Files\Common Files\DVDVideoSoft\TB" deleted
"C:\Program Files\Common Files\DVDVideoSoft\bin" deleted
"C:\found.000" deleted
"C:\found.001" deleted
"C:\Users\User\AppData\Roaming\YoudaGames" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\Users\User\AppData\Local\PackageAware" deleted
"C:\Users\User\AppData\LocalLow\boost_interprocess" deleted
"C:\Users\User\AppData\LocalLow\PriceGong" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\jetpack" deleted
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default\conduit" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\User\AppData\Local\Temp ====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-04-23 15:06:54 -------- d-----w- C:\Program Files\AMD APP
2013-04-21 11:35:45 -------- d-----w- C:\Program Files\Common Files\Skype
======= C: =====
====== C:\Users\User\AppData\Roaming ======
2013-05-10 15:33:12 -------- d-----w- C:\users\User\AppData\Roaming\Miru
====== C:\Users\User ======
2013-05-12 21:15:49 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\User\defogger_reenable
2013-05-12 09:22:21 -------- d-----w- C:\Users\User\Ebooks und Anleitungen
2013-04-23 15:06:57 -------- d-----w- C:\ProgramData\ATI
2013-04-23 15:06:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
====== C: exe-files ==
2013-05-10 18:05:30 AAD923999DF6889F91F10BE68FF044C8 237568 ----a-w- C:\Program Files\Steam\steamerrorreporter64.exe
2013-05-07 13:17:49 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files\Avira\AntiVir Desktop\ccuac.exe
2013-05-07 13:16:51 8C2C2E5119E844B43085CBC73106754B 597560 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\update.exe
2013-05-07 13:16:51 22DC787A09D2EC7E3F1138A26C41083C 46960 ----a-w- C:\ProgramData\Avira\AntiVir Desktop\TEMP\SELFUPDATE\updrgui.exe
=== C: other files ==
2013-05-13 06:29:40 654B2631BA0FAF09D4F02561B7F8B4D7 2416642 ----a-w- C:\Users\Public\Desktop\sample__0829.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"PureSync"="C:\Program Files\PureSync\PureSyncTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
"Uhguhauq"="C:\Users\User\AppData\Roaming\Vodono\giib.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe"
"FreePDF Assistant"="C:\Program Files\FreePDF_XP\fpassist.exe"
"PMBVolumeWatcher"="C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"PureSync"="C:\Program Files\PureSync\PureSyncTray.exe"
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe"
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
"Uhguhauq"="C:\Users\User\AppData\Roaming\Vodono\giib.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sony PC Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Sony PC Companion"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Sony\\Sony PC Companion\\PCCompanion.exe\" /Background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\User\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Steam\\Steam.exe\" -silent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VirtualCloneDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VirtualCloneDrive"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"item"="McAfee Security Scan Plus"
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\McAfee Security Scan Plus.lnk"
"backup"="C:\\Windows\\pss\\McAfee Security Scan Plus.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~1\\MCAFEE~1\\20DEB9~1.181\\SSSCHE~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration .LNK]
"path"="C:\\Users\\User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Registration .LNK"
"backup"="C:\\Windows\\pss\\Registration .LNK.Startup"
"backupExtension"=".Startup"
"command"="C:\\Program Files\\Ubisoft\\DEMO\\Blazing Angels Squadrons of WWII Demo\\RegistrationReminder.exe -d 804444 -l english -r 7 -g -c us -i 2586"
"item"="Registration "
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"SunJavaUpdateSched"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"EKIJ5000StatusMonitor"="C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\EKIJ5000MUI.exe"
==== Startup Folders ======================
2008-07-19 12:11:48 1170 ----a-w- C:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25.01.2013 11:41]
==== Firefox Extensions ======================
ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default
- Move Media Player - %ProfilePath%\extensions\moveplayer@movenetworks.com
- Collusion - %ProfilePath%\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype extension for Firefox - %AppDir%\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
==== Firefox Plugins ======================
Profilepath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qtnzqs1n.default
05C4A7136F3012BB47107333B5D351D3 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U17
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.170.2
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
ECD88CDFC178E6A84DB1346EABF9F03F - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
A5C14075B571AF1C9592595BE724D9D2 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll - Silverlight Plug-In
A3E477ACDA2C5A427E56FB075ADEB536 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll - Shockwave Flash
689CBB12823912199ACE4331091751B4 - C:\Program Files\Sony\Media Go\npmediago.dll - Media Go Detector
A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player
54BF6EBC262DF04712AC4EB18AD8B9CC - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll - PlayStation(R)Network Downloader Check Plug-in
B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
855B79451ECF62602F20EB4D5C71F99B - C:\Windows\system32\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
AE9C7C99459764D840E276DAFB65678E - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll - Pando Web Plugin
D11F8EA25504BA9595C22FD355CBCD69 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.6
D11F8EA25504BA9595C22FD355CBCD69 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.6
F35992E0FFD8FC7DA73BEB4D8DC120C8 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.6
F35992E0FFD8FC7DA73BEB4D8DC120C8 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.6
9B7F55E6DF65A3FF77D045AF5DFD71A6 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.6
9B7F55E6DF65A3FF77D045AF5DFD71A6 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.6
CDB446AA611128416D74C5B2AC9699AC - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.6
CDB446AA611128416D74C5B2AC9699AC - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.6
B7A0543F256567641B208AF25753CA28 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.6
B7A0543F256567641B208AF25753CA28 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.6
16949377027403E2B61C064468C27058 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.6
16949377027403E2B61C064468C27058 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.6
028E3B25C2983AFCA47B058FF4333250 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.6
028E3B25C2983AFCA47B058FF4333250 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.6
886A8779BD2CD069D492ADC334DD885C - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
BEA27AF1BFF831B840765AA831716B99 - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll - getPlusPlus for Adobe 16263
B6EEED4BD48A2C6CA543E6D29F518822 - C:\Program Files\Mozilla Firefox\plugins\npmidas.dll - king.com - Game controller for firefox
89725040FD5D5C517F6BEB473E24F017 - C:\Users\User\AppData\Roaming\Flatcast\NpFv522.dll - Flatcast Viewer Plugin 5.2.2.454
89725040FD5D5C517F6BEB473E24F017 - C:\Program Files\Mozilla Firefox\plugins\NpFv522.dll - Flatcast Viewer Plugin 5.2.2.454
89DEEFEFFF3B30A0D76627CEEADD6470 - C:\Windows\system32\NpFv501.dll - Flatcast Viewer Plugin 5.0.356
89DEEFEFFF3B30A0D76627CEEADD6470 - C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll - Flatcast Viewer Plugin 5.0.356
4C23E74EF7F99D8B07C9AA7DC087E200 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll - RealJukebox NS Plugin
4C23E74EF7F99D8B07C9AA7DC087E200 - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll - RealJukebox NS Plugin
29B060079A9129553E3FA75EDB8243BB - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
29B060079A9129553E3FA75EDB8243BB - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
3D84A7E0CD7A1FC93EAB9F2D50E5BD9C - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll - RealPlayer Version Plugin
3D84A7E0CD7A1FC93EAB9F2D50E5BD9C - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll - RealPlayer Version Plugin
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
92AB52FC695C1D459E3BE9AFD6CE218D - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL - Microsoft Office 2003
2AA3703D87E1327A2290C9D416D89A28 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dll - Microsoft® Silverlight
DFCAB29E8FD38F95650CC1E203E8D318 - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12.12.2011 15:13]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/"
"ICQ Search"="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{afdbddaa-5d3f-42ee-b79c-185a7020515b}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Unknown Url="Not_Found"
{4F11ACBB-393F-4c86-A214-FF3D0D155CC3} Burn4Free CD and DVD-Symbolleiste Url="hxxp://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\User\AppData\Local\Mozilla\Firefox\Profiles\qtnzqs1n.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\User\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\User\AppData\Roaming\Miru\roif.tmp" not found
"C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\User\AppData\Roaming\Miru" not found
Code:
ATTFilter 08:51:40.0389 1268 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:51:40.0685 1268 ============================================================
08:51:40.0685 1268 Current date / time: 2013/05/13 08:51:40.0685
08:51:40.0685 1268 SystemInfo:
08:51:40.0685 1268
08:51:40.0685 1268 OS Version: 6.0.6002 ServicePack: 2.0
08:51:40.0685 1268 Product type: Workstation
08:51:40.0685 1268 ComputerName: USER-PC
08:51:40.0685 1268 UserName: User
08:51:40.0685 1268 Windows directory: C:\Windows
08:51:40.0685 1268 System windows directory: C:\Windows
08:51:40.0685 1268 Processor architecture: Intel x86
08:51:40.0685 1268 Number of processors: 2
08:51:40.0685 1268 Page size: 0x1000
08:51:40.0685 1268 Boot type: Normal boot
08:51:40.0685 1268 ============================================================
08:51:41.0575 1268 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:51:41.0668 1268 ============================================================
08:51:41.0668 1268 \Device\Harddisk0\DR0:
08:51:41.0668 1268 MBR partitions:
08:51:41.0668 1268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
08:51:41.0668 1268 ============================================================
08:51:41.0699 1268 C: <-> \Device\Harddisk0\DR0\Partition1
08:51:41.0699 1268 ============================================================
08:51:41.0699 1268 Initialize success
08:51:41.0699 1268 ============================================================
08:51:47.0815 3600 ============================================================
08:51:47.0815 3600 Scan started
08:51:47.0815 3600 Mode: Manual; SigCheck; TDLFS;
08:51:47.0815 3600 ============================================================
08:51:48.0423 3600 ================ Scan system memory ========================
08:51:48.0423 3600 System memory - ok
08:51:48.0423 3600 ================ Scan services =============================
08:51:48.0563 3600 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
08:51:48.0641 3600 ACPI - ok
08:51:48.0719 3600 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
08:51:48.0797 3600 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
08:51:48.0797 3600 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
08:51:48.0860 3600 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:48.0875 3600 AdobeFlashPlayerUpdateSvc - ok
08:51:48.0922 3600 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:51:48.0953 3600 adp94xx - ok
08:51:48.0985 3600 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:51:49.0016 3600 adpahci - ok
08:51:49.0047 3600 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
08:51:49.0063 3600 adpu160m - ok
08:51:49.0109 3600 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:51:49.0109 3600 adpu320 - ok
08:51:49.0156 3600 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:51:49.0250 3600 AeLookupSvc - ok
08:51:49.0297 3600 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
08:51:49.0359 3600 AFD - ok
08:51:49.0390 3600 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:51:49.0406 3600 agp440 - ok
08:51:49.0437 3600 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
08:51:49.0453 3600 aic78xx - ok
08:51:49.0484 3600 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
08:51:49.0577 3600 ALG - ok
08:51:49.0609 3600 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
08:51:49.0624 3600 aliide - ok
08:51:49.0671 3600 [ 20883D2D6E1D94321246AFF39AFCE56C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:51:49.0733 3600 AMD External Events Utility - ok
08:51:49.0796 3600 AMD FUEL Service - ok
08:51:49.0811 3600 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:51:49.0827 3600 amdagp - ok
08:51:49.0843 3600 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
08:51:49.0858 3600 amdide - ok
08:51:49.0889 3600 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
08:51:49.0905 3600 amdiox86 - ok
08:51:49.0921 3600 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
08:51:49.0983 3600 AmdK7 - ok
08:51:49.0999 3600 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:51:50.0045 3600 AmdK8 - ok
08:51:50.0264 3600 [ 8852D7B22CC76CBFE38FE1B539D40285 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:51:50.0654 3600 amdkmdag - ok
08:51:50.0701 3600 [ E84DAD432A49480D3FBB7AFBD854AC1C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:51:50.0747 3600 amdkmdap - ok
08:51:50.0825 3600 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:51:50.0841 3600 AntiVirSchedulerService - ok
08:51:50.0888 3600 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:51:50.0903 3600 AntiVirService - ok
08:51:50.0935 3600 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
08:51:50.0950 3600 AODDriver4.0 - ok
08:51:50.0981 3600 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
08:51:51.0059 3600 Appinfo - ok
08:51:51.0091 3600 [ 9C53678460957EC8F2F5DD5FACB0A2BB ] AppleHFS C:\Windows\system32\drivers\AppleHFS.sys
08:51:51.0122 3600 AppleHFS ( UnsignedFile.Multi.Generic ) - warning
08:51:51.0122 3600 AppleHFS - detected UnsignedFile.Multi.Generic (1)
08:51:51.0153 3600 [ ED4A92C3DD252493099B4791562ED3D2 ] AppleMNT C:\Windows\system32\drivers\AppleMNT.sys
08:51:51.0184 3600 AppleMNT ( UnsignedFile.Multi.Generic ) - warning
08:51:51.0184 3600 AppleMNT - detected UnsignedFile.Multi.Generic (1)
08:51:51.0247 3600 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
08:51:51.0262 3600 arc - ok
08:51:51.0309 3600 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:51:51.0325 3600 arcsas - ok
08:51:51.0403 3600 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:51:51.0418 3600 aspnet_state - ok
08:51:51.0449 3600 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:51.0496 3600 AsyncMac - ok
08:51:51.0512 3600 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
08:51:51.0527 3600 atapi - ok
08:51:51.0590 3600 [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
08:51:51.0605 3600 AtiHDAudioService - ok
08:51:51.0808 3600 [ 8852D7B22CC76CBFE38FE1B539D40285 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:51:51.0964 3600 atikmdag - ok
08:51:52.0105 3600 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
08:51:52.0167 3600 AtiPcie - ok
08:51:52.0276 3600 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
08:51:52.0307 3600 atksgt - ok
08:51:52.0463 3600 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:51:52.0510 3600 AudioEndpointBuilder - ok
08:51:52.0510 3600 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:51:52.0541 3600 Audiosrv - ok
08:51:52.0557 3600 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:51:52.0557 3600 avgntflt - ok
08:51:52.0588 3600 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:51:52.0604 3600 avipbb - ok
08:51:52.0619 3600 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:51:52.0635 3600 avkmgr - ok
08:51:52.0682 3600 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys
08:51:52.0713 3600 avmeject ( UnsignedFile.Multi.Generic ) - warning
08:51:52.0713 3600 avmeject - detected UnsignedFile.Multi.Generic (1)
08:51:52.0760 3600 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
08:51:52.0807 3600 Beep - ok
08:51:52.0885 3600 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
08:51:52.0963 3600 BFE - ok
08:51:53.0025 3600 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
08:51:53.0041 3600 BITS - ok
08:51:53.0072 3600 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:51:53.0119 3600 blbdrive - ok
08:51:53.0165 3600 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:51:53.0197 3600 Bonjour Service - ok
08:51:53.0228 3600 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:51:53.0259 3600 bowser - ok
08:51:53.0306 3600 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
08:51:53.0337 3600 BrFiltLo - ok
08:51:53.0368 3600 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
08:51:53.0415 3600 BrFiltUp - ok
08:51:53.0446 3600 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
08:51:53.0462 3600 Browser - ok
08:51:53.0477 3600 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
08:51:53.0649 3600 Brserid - ok
08:51:53.0680 3600 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
08:51:53.0743 3600 BrSerWdm - ok
08:51:53.0774 3600 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
08:51:53.0821 3600 BrUsbMdm - ok
08:51:53.0867 3600 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
08:51:53.0930 3600 BrUsbSer - ok
08:51:53.0992 3600 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
08:51:54.0055 3600 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
08:51:54.0055 3600 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
08:51:54.0086 3600 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
08:51:54.0148 3600 BTCFilterService - ok
08:51:54.0179 3600 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:51:54.0226 3600 BTHMODEM - ok
08:51:54.0273 3600 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
08:51:54.0320 3600 BthServ - ok
08:51:54.0413 3600 catchme - ok
08:51:54.0429 3600 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:51:54.0476 3600 cdfs - ok
08:51:54.0507 3600 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:51:54.0554 3600 cdrom - ok
08:51:54.0601 3600 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
08:51:54.0647 3600 CertPropSvc - ok
08:51:54.0679 3600 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
08:51:54.0710 3600 circlass - ok
08:51:54.0757 3600 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
08:51:54.0788 3600 CLFS - ok
08:51:54.0819 3600 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:54.0835 3600 clr_optimization_v2.0.50727_32 - ok
08:51:54.0881 3600 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:54.0881 3600 clr_optimization_v4.0.30319_32 - ok
08:51:54.0913 3600 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:51:54.0928 3600 cmdide - ok
08:51:54.0944 3600 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:51:54.0959 3600 Compbatt - ok
08:51:54.0959 3600 COMSysApp - ok
08:51:54.0975 3600 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:51:54.0991 3600 crcdisk - ok
08:51:55.0022 3600 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
08:51:55.0069 3600 Crusoe - ok
08:51:55.0100 3600 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:51:55.0147 3600 CryptSvc - ok
08:51:55.0193 3600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:51:55.0256 3600 DcomLaunch - ok
08:51:55.0334 3600 [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
08:51:55.0349 3600 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
08:51:55.0349 3600 DCService.exe - detected UnsignedFile.Multi.Generic (1)
08:51:55.0381 3600 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:51:55.0412 3600 DfsC - ok
08:51:55.0490 3600 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
08:51:55.0552 3600 DFSR - ok
08:51:55.0599 3600 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
08:51:55.0693 3600 Dhcp - ok
08:51:55.0724 3600 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
08:51:55.0739 3600 disk - ok
08:51:55.0771 3600 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:51:55.0817 3600 Dnscache - ok
08:51:55.0880 3600 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:51:55.0927 3600 dot3svc - ok
08:51:55.0958 3600 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
08:51:56.0005 3600 DPS - ok
08:51:56.0051 3600 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:51:56.0083 3600 drmkaud - ok
08:51:56.0129 3600 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:51:56.0161 3600 DXGKrnl - ok
08:51:56.0192 3600 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
08:51:56.0223 3600 E1G60 - ok
08:51:56.0239 3600 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
08:51:56.0254 3600 EapHost - ok
08:51:56.0301 3600 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
08:51:56.0317 3600 Ecache - ok
08:51:56.0379 3600 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:51:56.0410 3600 ehRecvr - ok
08:51:56.0426 3600 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
08:51:56.0473 3600 ehSched - ok
08:51:56.0488 3600 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
08:51:56.0519 3600 ehstart - ok
08:51:56.0566 3600 [ 44996A2ADDD2DB7454F2CA40B67D8941 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
08:51:56.0582 3600 ElbyCDIO - ok
08:51:56.0613 3600 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:51:56.0644 3600 elxstor - ok
08:51:56.0675 3600 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
08:51:56.0753 3600 EMDMgmt - ok
08:51:56.0785 3600 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:51:56.0831 3600 ErrDev - ok
08:51:56.0878 3600 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
08:51:56.0925 3600 EventSystem - ok
08:51:56.0956 3600 ewdmaudn - ok
08:51:56.0987 3600 [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
08:51:57.0019 3600 ewusbnet - ok
08:51:57.0050 3600 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
08:51:57.0081 3600 ew_hwusbdev - ok
08:51:57.0112 3600 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
08:51:57.0190 3600 exfat - ok
08:51:57.0221 3600 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:51:57.0253 3600 fastfat - ok
08:51:57.0268 3600 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:51:57.0299 3600 fdc - ok
08:51:57.0331 3600 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
08:51:57.0346 3600 fdPHost - ok
08:51:57.0362 3600 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
08:51:57.0409 3600 FDResPub - ok
08:51:57.0440 3600 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:51:57.0455 3600 FileInfo - ok
08:51:57.0533 3600 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:51:57.0580 3600 Filetrace - ok
08:51:57.0705 3600 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:51:57.0767 3600 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
08:51:57.0767 3600 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
08:51:57.0799 3600 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:51:57.0845 3600 flpydisk - ok
08:51:57.0892 3600 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:51:57.0908 3600 FltMgr - ok
08:51:57.0970 3600 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
08:51:58.0033 3600 FontCache - ok
08:51:58.0095 3600 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:51:58.0111 3600 FontCache3.0.0.0 - ok
08:51:58.0189 3600 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
08:51:58.0251 3600 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
08:51:58.0251 3600 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
08:51:58.0282 3600 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:51:58.0329 3600 Fs_Rec - ok
08:51:58.0391 3600 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
08:51:58.0438 3600 FWLANUSB - ok
08:51:58.0485 3600 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:51:58.0501 3600 gagp30kx - ok
08:51:58.0532 3600 [ 54789F9BA0D59072CDD4E7C200E122C4 ] gdrv C:\Windows\gdrv.sys
08:51:58.0532 3600 gdrv - ok
08:51:58.0547 3600 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
08:51:58.0563 3600 GEARAspiWDM - ok
08:51:58.0625 3600 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
08:51:58.0657 3600 getPlusHelper - ok
08:51:58.0688 3600 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
08:51:58.0703 3600 ggflt - ok
08:51:58.0735 3600 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
08:51:58.0750 3600 ggsemc - ok
08:51:58.0781 3600 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
08:51:58.0828 3600 gpsvc - ok
08:51:58.0906 3600 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
08:51:58.0922 3600 hamachi - ok
08:51:58.0953 3600 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:51:59.0015 3600 HdAudAddService - ok
08:51:59.0062 3600 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
08:51:59.0109 3600 HDAudBus - ok
08:51:59.0125 3600 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:51:59.0203 3600 HidBth - ok
08:51:59.0218 3600 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
08:51:59.0281 3600 HidIr - ok
08:51:59.0312 3600 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
08:51:59.0359 3600 hidserv - ok
08:51:59.0390 3600 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:51:59.0421 3600 HidUsb - ok
08:51:59.0468 3600 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:51:59.0515 3600 hkmsvc - ok
08:51:59.0546 3600 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
08:51:59.0561 3600 HpCISSs - ok
08:51:59.0593 3600 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:51:59.0671 3600 HTTP - ok
08:51:59.0702 3600 [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
08:51:59.0733 3600 huawei_enumerator - ok
08:51:59.0780 3600 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
08:51:59.0811 3600 hwdatacard - ok
08:51:59.0858 3600 [ F02EA43AE8F936124DEBF5B87F12C795 ] hxctlflt C:\Windows\system32\Drivers\hxctlflt.sys
08:51:59.0905 3600 hxctlflt - ok
08:51:59.0920 3600 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
08:51:59.0936 3600 i2omp - ok
08:51:59.0967 3600 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
08:52:00.0014 3600 i8042prt - ok
08:52:00.0045 3600 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
08:52:00.0076 3600 iaStorV - ok
08:52:00.0123 3600 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:52:00.0154 3600 IDriverT ( UnsignedFile.Multi.Generic ) - warning
08:52:00.0154 3600 IDriverT - detected UnsignedFile.Multi.Generic (1)
08:52:00.0232 3600 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:52:00.0279 3600 idsvc - ok
08:52:00.0326 3600 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:52:00.0341 3600 iirsp - ok
08:52:00.0373 3600 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
08:52:00.0419 3600 IKEEXT - ok
08:52:00.0638 3600 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
08:52:00.0716 3600 IntcAzAudAddService - ok
08:52:00.0763 3600 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
08:52:00.0778 3600 intelide - ok
08:52:00.0794 3600 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:52:00.0841 3600 intelppm - ok
08:52:00.0919 3600 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:52:00.0965 3600 IPBusEnum - ok
08:52:00.0981 3600 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:52:01.0028 3600 IpFilterDriver - ok
08:52:01.0121 3600 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:52:01.0184 3600 iphlpsvc - ok
08:52:01.0199 3600 IpInIp - ok
08:52:01.0215 3600 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
08:52:01.0246 3600 IPMIDRV - ok
08:52:01.0262 3600 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
08:52:01.0309 3600 IPNAT - ok
08:52:01.0355 3600 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:52:01.0402 3600 iPod Service - ok
08:52:01.0418 3600 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:52:01.0465 3600 IRENUM - ok
08:52:01.0496 3600 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:52:01.0527 3600 isapnp - ok
08:52:01.0589 3600 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
08:52:01.0605 3600 iScsiPrt - ok
08:52:01.0621 3600 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
08:52:01.0636 3600 iteatapi - ok
08:52:01.0667 3600 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
08:52:01.0683 3600 iteraid - ok
08:52:01.0714 3600 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:52:01.0745 3600 kbdclass - ok
08:52:01.0777 3600 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:52:01.0792 3600 kbdhid - ok
08:52:01.0823 3600 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
08:52:01.0870 3600 KeyIso - ok
08:52:01.0886 3600 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:52:01.0948 3600 KSecDD - ok
08:52:01.0995 3600 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
08:52:02.0026 3600 KtmRm - ok
08:52:02.0042 3600 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
08:52:02.0104 3600 LanmanServer - ok
08:52:02.0135 3600 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:52:02.0198 3600 LanmanWorkstation - ok
08:52:02.0229 3600 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
08:52:02.0245 3600 lirsgt - ok
08:52:02.0260 3600 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:52:02.0291 3600 lltdio - ok
08:52:02.0323 3600 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:52:02.0369 3600 lltdsvc - ok
08:52:02.0385 3600 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:52:02.0463 3600 lmhosts - ok
08:52:02.0510 3600 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:52:02.0557 3600 LSI_FC - ok
08:52:02.0572 3600 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:52:02.0603 3600 LSI_SAS - ok
08:52:02.0619 3600 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:52:02.0635 3600 LSI_SCSI - ok
08:52:02.0697 3600 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
08:52:02.0775 3600 luafv - ok
08:52:02.0806 3600 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:52:02.0837 3600 Mcx2Svc - ok
08:52:02.0869 3600 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
08:52:02.0884 3600 megasas - ok
08:52:02.0915 3600 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
08:52:02.0947 3600 MegaSR - ok
08:52:02.0978 3600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
08:52:03.0040 3600 MMCSS - ok
08:52:03.0056 3600 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
08:52:03.0087 3600 Modem - ok
08:52:03.0103 3600 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:52:03.0149 3600 monitor - ok
08:52:03.0181 3600 [ C741717B0A18813DD7D12085937CEE72 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
08:52:03.0243 3600 motccgp - ok
08:52:03.0259 3600 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
08:52:03.0274 3600 motccgpfl - ok
08:52:03.0290 3600 [ 54FEE02961C70FD9D4D7E2F87AFA23FA ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
08:52:03.0352 3600 motmodem - ok
08:52:03.0368 3600 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
08:52:03.0415 3600 MotoSwitchService - ok
08:52:03.0446 3600 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
08:52:03.0508 3600 Motousbnet - ok
08:52:03.0555 3600 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
08:52:03.0602 3600 motusbdevice - ok
08:52:03.0617 3600 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:52:03.0633 3600 mouclass - ok
08:52:03.0680 3600 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:52:03.0727 3600 mouhid - ok
08:52:03.0742 3600 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
08:52:03.0773 3600 MountMgr - ok
08:52:03.0789 3600 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:52:03.0820 3600 MozillaMaintenance - ok
08:52:03.0836 3600 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
08:52:03.0867 3600 mpio - ok
08:52:03.0883 3600 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:52:03.0929 3600 mpsdrv - ok
08:52:04.0070 3600 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
08:52:04.0117 3600 MpsSvc - ok
08:52:04.0132 3600 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
08:52:04.0148 3600 Mraid35x - ok
08:52:04.0179 3600 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:52:04.0195 3600 MRxDAV - ok
08:52:04.0241 3600 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:52:04.0288 3600 mrxsmb - ok
08:52:04.0319 3600 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:52:04.0366 3600 mrxsmb10 - ok
08:52:04.0366 3600 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:52:04.0382 3600 mrxsmb20 - ok
08:52:04.0397 3600 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
08:52:04.0413 3600 msahci - ok
08:52:04.0429 3600 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:52:04.0460 3600 msdsm - ok
08:52:04.0491 3600 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
08:52:04.0507 3600 MSDTC - ok
08:52:04.0553 3600 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:52:04.0569 3600 Msfs - ok
08:52:04.0600 3600 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:52:04.0616 3600 msisadrv - ok
08:52:04.0647 3600 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:52:04.0663 3600 MSiSCSI - ok
08:52:04.0678 3600 msiserver - ok
08:52:04.0694 3600 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:52:04.0741 3600 MSKSSRV - ok
08:52:04.0756 3600 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:52:04.0803 3600 MSPCLOCK - ok
08:52:04.0803 3600 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:52:04.0834 3600 MSPQM - ok
08:52:04.0850 3600 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:52:04.0865 3600 MsRPC - ok
08:52:04.0881 3600 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
08:52:04.0897 3600 mssmbios - ok
08:52:04.0943 3600 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:52:04.0975 3600 MSTEE - ok
08:52:05.0006 3600 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
08:52:05.0037 3600 Mup - ok
08:52:05.0099 3600 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
08:52:05.0146 3600 napagent - ok
08:52:05.0193 3600 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:52:05.0209 3600 NativeWifiP - ok
08:52:05.0287 3600 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:52:05.0302 3600 NDIS - ok
08:52:05.0318 3600 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:52:05.0365 3600 NdisTapi - ok
08:52:05.0380 3600 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:52:05.0396 3600 Ndisuio - ok
08:52:05.0443 3600 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:52:05.0489 3600 NdisWan - ok
08:52:05.0505 3600 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:52:05.0521 3600 NDProxy - ok
08:52:05.0536 3600 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:52:05.0567 3600 NetBIOS - ok
08:52:05.0583 3600 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
08:52:05.0630 3600 netbt - ok
08:52:05.0661 3600 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
08:52:05.0661 3600 Netlogon - ok
08:52:05.0708 3600 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
08:52:05.0739 3600 Netman - ok
08:52:05.0755 3600 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
08:52:05.0801 3600 netprofm - ok
08:52:05.0848 3600 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:52:05.0864 3600 NetTcpPortSharing - ok
08:52:05.0879 3600 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:52:05.0895 3600 nfrd960 - ok
08:52:05.0911 3600 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:52:05.0957 3600 NlaSvc - ok
08:52:05.0989 3600 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:52:06.0020 3600 Npfs - ok
08:52:06.0051 3600 npggsvc - ok
08:52:06.0098 3600 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
08:52:06.0129 3600 nsi - ok
08:52:06.0129 3600 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:52:06.0191 3600 nsiproxy - ok
08:52:06.0238 3600 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:52:06.0316 3600 Ntfs - ok
08:52:06.0332 3600 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
08:52:06.0394 3600 ntrigdigi - ok
08:52:06.0441 3600 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
08:52:06.0488 3600 Null - ok
08:52:06.0519 3600 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:52:06.0535 3600 nvraid - ok
08:52:06.0566 3600 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:52:06.0581 3600 nvstor - ok
08:52:06.0597 3600 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:52:06.0613 3600 nv_agp - ok
08:52:06.0628 3600 NwlnkFlt - ok
08:52:06.0628 3600 NwlnkFwd - ok
08:52:06.0675 3600 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
08:52:06.0706 3600 ohci1394 - ok
08:52:06.0769 3600 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:52:06.0784 3600 ose - ok
08:52:06.0815 3600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
08:52:06.0909 3600 p2pimsvc - ok
08:52:06.0909 3600 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
08:52:06.0940 3600 p2psvc - ok
08:52:06.0956 3600 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:52:07.0003 3600 Parport - ok
08:52:07.0034 3600 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:52:07.0049 3600 partmgr - ok
08:52:07.0065 3600 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:52:07.0096 3600 Parvdm - ok
08:52:07.0127 3600 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
08:52:07.0190 3600 PcaSvc - ok
08:52:07.0205 3600 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
08:52:07.0221 3600 pci - ok
08:52:07.0237 3600 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
08:52:07.0252 3600 pciide - ok
08:52:07.0268 3600 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:52:07.0283 3600 pcmcia - ok
08:52:07.0330 3600 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:52:07.0408 3600 PEAUTH - ok
08:52:07.0517 3600 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
08:52:07.0627 3600 pla - ok
08:52:07.0658 3600 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:52:07.0705 3600 PlugPlay - ok
08:52:07.0767 3600 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
08:52:07.0798 3600 PMBDeviceInfoProvider - ok
08:52:07.0814 3600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
08:52:07.0845 3600 PNRPAutoReg - ok
08:52:07.0845 3600 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
08:52:07.0876 3600 PNRPsvc - ok
08:52:07.0907 3600 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:52:08.0001 3600 PolicyAgent - ok
08:52:08.0063 3600 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:52:08.0079 3600 PptpMiniport - ok
08:52:08.0110 3600 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
08:52:08.0157 3600 Processor - ok
08:52:08.0188 3600 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
08:52:08.0235 3600 ProfSvc - ok
08:52:08.0251 3600 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
08:52:08.0266 3600 ProtectedStorage - ok
08:52:08.0282 3600 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
08:52:08.0329 3600 PSched - ok
08:52:08.0391 3600 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:52:08.0438 3600 ql2300 - ok
08:52:08.0453 3600 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:52:08.0469 3600 ql40xx - ok
08:52:08.0516 3600 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
08:52:08.0531 3600 QWAVE - ok
08:52:08.0547 3600 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:52:08.0578 3600 QWAVEdrv - ok
08:52:08.0656 3600 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
08:52:08.0656 3600 RapiMgr - ok
08:52:08.0672 3600 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:52:08.0719 3600 RasAcd - ok
08:52:08.0734 3600 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
08:52:08.0797 3600 RasAuto - ok
08:52:08.0828 3600 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:08.0875 3600 Rasl2tp - ok
08:52:08.0921 3600 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
08:52:08.0953 3600 RasMan - ok
08:52:09.0015 3600 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:09.0031 3600 RasPppoe - ok
08:52:09.0062 3600 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:52:09.0077 3600 RasSstp - ok
08:52:09.0124 3600 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:52:09.0155 3600 rdbss - ok
08:52:09.0171 3600 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:09.0218 3600 RDPCDD - ok
08:52:09.0249 3600 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
08:52:09.0280 3600 rdpdr - ok
08:52:09.0296 3600 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:52:09.0343 3600 RDPENCDD - ok
08:52:09.0389 3600 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:52:09.0436 3600 RDPWD - ok
08:52:09.0467 3600 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:52:09.0514 3600 RemoteAccess - ok
08:52:09.0577 3600 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:52:09.0608 3600 RemoteRegistry - ok
08:52:09.0639 3600 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
08:52:09.0670 3600 RpcLocator - ok
08:52:09.0701 3600 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
08:52:09.0717 3600 RpcSs - ok
08:52:09.0733 3600 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:52:09.0779 3600 rspndr - ok
08:52:09.0842 3600 [ 9BB3B278B082ACD7DAD7B6F4FA442E30 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
08:52:09.0857 3600 RTHDMIAzAudService - ok
08:52:09.0873 3600 [ 904FD29EC1FF2709099AE2CD1C09A913 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
08:52:09.0935 3600 RTL8169 - ok
08:52:09.0967 3600 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
08:52:09.0982 3600 s0017bus - ok
08:52:10.0013 3600 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
08:52:10.0029 3600 s0017mdfl - ok
08:52:10.0045 3600 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
08:52:10.0060 3600 s0017mdm - ok
08:52:10.0138 3600 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
08:52:10.0154 3600 s0017mgmt - ok
08:52:10.0169 3600 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
08:52:10.0185 3600 s0017nd5 - ok
08:52:10.0216 3600 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
08:52:10.0232 3600 s0017obex - ok
08:52:10.0279 3600 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
08:52:10.0294 3600 s0017unic - ok
08:52:10.0325 3600 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
08:52:10.0341 3600 s125bus - ok
08:52:10.0388 3600 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\Windows\system32\DRIVERS\s125mdfl.sys
08:52:10.0388 3600 s125mdfl - ok
08:52:10.0450 3600 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\Windows\system32\DRIVERS\s125mdm.sys
08:52:10.0466 3600 s125mdm - ok
08:52:10.0481 3600 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
08:52:10.0497 3600 s217bus - ok
08:52:10.0528 3600 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
08:52:10.0544 3600 s217mdfl - ok
08:52:10.0559 3600 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
08:52:10.0575 3600 s217mdm - ok
08:52:10.0622 3600 [ DE9562AD0C91E1857D11F65A91EE1A47 ] s217mgmt C:\Windows\system32\DRIVERS\s217mgmt.sys
08:52:10.0637 3600 s217mgmt - ok
08:52:10.0669 3600 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
08:52:10.0684 3600 s217nd5 - ok
08:52:10.0700 3600 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
08:52:10.0715 3600 s217obex - ok
08:52:10.0731 3600 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
08:52:10.0747 3600 s217unic - ok
08:52:10.0762 3600 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
08:52:10.0778 3600 SamSs - ok
08:52:10.0809 3600 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:52:10.0825 3600 sbp2port - ok
08:52:10.0887 3600 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
08:52:10.0918 3600 SBSDWSCService - ok
08:52:10.0949 3600 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:52:10.0996 3600 SCardSvr - ok
08:52:11.0043 3600 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
08:52:11.0121 3600 Schedule - ok
08:52:11.0168 3600 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
08:52:11.0183 3600 SCPolicySvc - ok
08:52:11.0215 3600 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:52:11.0261 3600 SDRSVC - ok
08:52:11.0293 3600 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:52:11.0339 3600 secdrv - ok
08:52:11.0371 3600 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
08:52:11.0386 3600 seclogon - ok
08:52:11.0417 3600 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
08:52:11.0449 3600 SENS - ok
08:52:11.0480 3600 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:52:11.0511 3600 Serenum - ok
08:52:11.0542 3600 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:52:11.0589 3600 Serial - ok
08:52:11.0620 3600 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:52:11.0651 3600 sermouse - ok
08:52:11.0683 3600 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
08:52:11.0698 3600 SessionEnv - ok
08:52:11.0729 3600 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:52:11.0745 3600 sffdisk - ok
08:52:11.0761 3600 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:52:11.0776 3600 sffp_mmc - ok
08:52:11.0792 3600 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:52:11.0807 3600 sffp_sd - ok
08:52:11.0823 3600 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:52:11.0885 3600 sfloppy - ok
08:52:11.0917 3600 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:52:11.0948 3600 SharedAccess - ok
08:52:11.0979 3600 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:52:12.0026 3600 ShellHWDetection - ok
08:52:12.0041 3600 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:52:12.0057 3600 sisagp - ok
08:52:12.0073 3600 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
08:52:12.0088 3600 SiSRaid2 - ok
08:52:12.0104 3600 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:52:12.0119 3600 SiSRaid4 - ok
08:52:12.0197 3600 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:52:12.0244 3600 SkypeUpdate - ok
08:52:12.0338 3600 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
08:52:12.0463 3600 slsvc - ok
08:52:12.0509 3600 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
08:52:12.0525 3600 SLUINotify - ok
08:52:12.0556 3600 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:52:12.0587 3600 Smb - ok
08:52:12.0619 3600 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:52:12.0634 3600 SNMPTRAP - ok
08:52:12.0743 3600 [ A70F178299812DCE4CC0E802D403BE9B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
08:52:13.0009 3600 SNP2UVC - ok
08:52:13.0071 3600 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
08:52:13.0087 3600 Sony PC Companion - ok
08:52:13.0118 3600 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
08:52:13.0133 3600 spldr - ok
08:52:13.0165 3600 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
08:52:13.0196 3600 Spooler - ok
08:52:13.0227 3600 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:52:13.0274 3600 srv - ok
08:52:13.0305 3600 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:52:13.0336 3600 srv2 - ok
08:52:13.0367 3600 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:52:13.0383 3600 srvnet - ok
08:52:13.0399 3600 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:52:13.0461 3600 SSDPSRV - ok
08:52:13.0492 3600 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
08:52:13.0492 3600 ssmdrv - ok
08:52:13.0508 3600 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:52:13.0570 3600 SstpSvc - ok
08:52:13.0617 3600 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
08:52:13.0633 3600 ss_bbus - ok
08:52:13.0664 3600 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
08:52:13.0679 3600 ss_bmdfl - ok
08:52:13.0695 3600 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
08:52:13.0726 3600 ss_bmdm - ok
08:52:13.0742 3600 Steam Client Service - ok
08:52:13.0773 3600 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
08:52:13.0789 3600 stisvc - ok
08:52:13.0804 3600 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
08:52:13.0820 3600 swenum - ok
08:52:13.0867 3600 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
08:52:13.0898 3600 swprv - ok
08:52:13.0929 3600 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
08:52:13.0945 3600 Symc8xx - ok
08:52:13.0960 3600 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
08:52:13.0976 3600 Sym_hi - ok
08:52:13.0991 3600 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
08:52:14.0007 3600 Sym_u3 - ok
08:52:14.0054 3600 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
08:52:14.0116 3600 SysMain - ok
08:52:14.0147 3600 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:52:14.0163 3600 TabletInputService - ok
08:52:14.0179 3600 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:52:14.0241 3600 TapiSrv - ok
08:52:14.0272 3600 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
08:52:14.0288 3600 TBS - ok
08:52:14.0350 3600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:52:14.0381 3600 Tcpip - ok
08:52:14.0397 3600 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
08:52:14.0428 3600 Tcpip6 - ok
08:52:14.0459 3600 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:52:14.0522 3600 tcpipreg - ok
08:52:14.0553 3600 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:52:14.0569 3600 TDPIPE - ok
08:52:14.0615 3600 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:52:14.0631 3600 TDTCP - ok
08:52:14.0678 3600 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:52:14.0693 3600 tdx - ok
08:52:14.0725 3600 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
08:52:14.0740 3600 TermDD - ok
08:52:14.0756 3600 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
08:52:14.0818 3600 TermService - ok
08:52:14.0865 3600 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
08:52:14.0881 3600 Themes - ok
08:52:14.0912 3600 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
08:52:14.0927 3600 THREADORDER - ok
08:52:14.0943 3600 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
08:52:14.0990 3600 TrkWks - ok
08:52:15.0037 3600 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:52:15.0083 3600 TrustedInstaller - ok
08:52:15.0115 3600 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:15.0130 3600 tssecsrv - ok
08:52:15.0161 3600 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
08:52:15.0193 3600 tunmp - ok
08:52:15.0224 3600 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:52:15.0255 3600 tunnel - ok
08:52:15.0286 3600 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:52:15.0302 3600 uagp35 - ok
08:52:15.0333 3600 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:52:15.0349 3600 udfs - ok
08:52:15.0380 3600 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:52:15.0411 3600 UI0Detect - ok
08:52:15.0427 3600 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:52:15.0442 3600 uliagpkx - ok
08:52:15.0458 3600 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
08:52:15.0489 3600 uliahci - ok
08:52:15.0505 3600 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
08:52:15.0520 3600 UlSata - ok
08:52:15.0551 3600 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
08:52:15.0567 3600 ulsata2 - ok
08:52:15.0583 3600 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:52:15.0614 3600 umbus - ok
08:52:15.0629 3600 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
08:52:15.0692 3600 upnphost - ok
08:52:15.0707 3600 USBAAPL - ok
08:52:15.0739 3600 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:52:15.0785 3600 usbaudio - ok
08:52:15.0817 3600 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:52:15.0848 3600 usbccgp - ok
08:52:15.0879 3600 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:52:15.0926 3600 usbcir - ok
08:52:15.0973 3600 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:52:16.0004 3600 usbehci - ok
08:52:16.0051 3600 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:52:16.0082 3600 usbhub - ok
08:52:16.0097 3600 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:52:16.0129 3600 usbohci - ok
08:52:16.0144 3600 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:52:16.0160 3600 usbprint - ok
08:52:16.0191 3600 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:52:16.0207 3600 usbscan - ok
08:52:16.0222 3600 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:16.0253 3600 USBSTOR - ok
08:52:16.0269 3600 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:52:16.0300 3600 usbuhci - ok
08:52:16.0347 3600 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:52:16.0378 3600 usbvideo - ok
08:52:16.0425 3600 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
08:52:16.0441 3600 usb_rndisx - ok
08:52:16.0472 3600 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
08:52:16.0503 3600 UxSms - ok
08:52:16.0550 3600 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
08:52:16.0597 3600 VClone - ok
08:52:16.0628 3600 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
08:52:16.0659 3600 vds - ok
08:52:16.0690 3600 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:16.0706 3600 vga - ok
08:52:16.0721 3600 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
08:52:16.0753 3600 VgaSave - ok
08:52:16.0768 3600 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:52:16.0784 3600 viaagp - ok
08:52:16.0815 3600 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
08:52:16.0831 3600 ViaC7 - ok
08:52:16.0877 3600 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
08:52:16.0893 3600 viaide - ok
08:52:16.0909 3600 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:52:16.0924 3600 volmgr - ok
08:52:16.0971 3600 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:52:17.0002 3600 volmgrx - ok
08:52:17.0033 3600 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:52:17.0049 3600 volsnap - ok
08:52:17.0080 3600 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:52:17.0096 3600 vsmraid - ok
08:52:17.0127 3600 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
08:52:17.0158 3600 VSS - ok
08:52:17.0174 3600 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
08:52:17.0205 3600 W32Time - ok
08:52:17.0236 3600 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:52:17.0267 3600 WacomPen - ok
08:52:17.0299 3600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
08:52:17.0314 3600 Wanarp - ok
08:52:17.0330 3600 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:52:17.0345 3600 Wanarpv6 - ok
08:52:17.0392 3600 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
08:52:17.0408 3600 WcesComm - ok
08:52:17.0439 3600 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:52:17.0501 3600 wcncsvc - ok
08:52:17.0579 3600 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:52:17.0626 3600 WcsPlugInService - ok
08:52:17.0657 3600 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
08:52:17.0673 3600 Wd - ok
08:52:17.0720 3600 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
08:52:17.0735 3600 WDC_SAM - ok
08:52:17.0782 3600 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:52:17.0813 3600 Wdf01000 - ok
08:52:17.0829 3600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:52:17.0845 3600 WdiServiceHost - ok
08:52:17.0860 3600 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:52:17.0876 3600 WdiSystemHost - ok
08:52:17.0938 3600 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
08:52:17.0985 3600 WebClient - ok
08:52:18.0032 3600 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:52:18.0063 3600 Wecsvc - ok
08:52:18.0079 3600 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:52:18.0125 3600 wercplsupport - ok
08:52:18.0157 3600 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
08:52:18.0188 3600 WerSvc - ok
08:52:18.0235 3600 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:52:18.0250 3600 WinDefend - ok
08:52:18.0266 3600 WinHttpAutoProxySvc - ok
08:52:18.0297 3600 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:52:18.0313 3600 Winmgmt - ok
08:52:18.0359 3600 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
08:52:18.0422 3600 WinRM - ok
08:52:18.0484 3600 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:52:18.0515 3600 Wlansvc - ok
08:52:18.0593 3600 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:52:18.0640 3600 wlidsvc - ok
08:52:18.0703 3600 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:52:18.0734 3600 WmiAcpi - ok
08:52:18.0781 3600 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:52:18.0812 3600 wmiApSrv - ok
08:52:18.0890 3600 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:52:18.0968 3600 WMPNetworkSvc - ok
08:52:18.0999 3600 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:52:19.0061 3600 WPCSvc - ok
08:52:19.0093 3600 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:52:19.0139 3600 WPDBusEnum - ok
08:52:19.0171 3600 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
08:52:19.0202 3600 WpdUsb - ok
08:52:19.0295 3600 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:52:19.0327 3600 WPFFontCache_v0400 - ok
08:52:19.0342 3600 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:52:19.0373 3600 ws2ifsl - ok
08:52:19.0389 3600 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
08:52:19.0405 3600 wscsvc - ok
08:52:19.0420 3600 WSearch - ok
08:52:19.0467 3600 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:52:19.0529 3600 wuauserv - ok
08:52:19.0576 3600 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:52:19.0670 3600 WudfPf - ok
08:52:19.0685 3600 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:19.0701 3600 WUDFRd - ok
08:52:19.0732 3600 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:52:19.0748 3600 wudfsvc - ok
08:52:19.0795 3600 ================ Scan global ===============================
08:52:19.0810 3600 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
08:52:19.0841 3600 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
08:52:19.0873 3600 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
08:52:19.0919 3600 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
08:52:19.0919 3600 [Global] - ok
08:52:19.0919 3600 ================ Scan MBR ==================================
08:52:19.0935 3600 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
08:52:20.0138 3600 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:52:20.0138 3600 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:52:20.0138 3600 ================ Scan VBR ==================================
08:52:20.0153 3600 [ 79C38AD63485393E586B032BD9D48FA1 ] \Device\Harddisk0\DR0\Partition1
08:52:20.0153 3600 \Device\Harddisk0\DR0\Partition1 - ok
08:52:20.0169 3600 ============================================================
08:52:20.0169 3600 Scan finished
08:52:20.0169 3600 ============================================================
08:52:20.0169 1080 Detected object count: 10
08:52:20.0169 1080 Actual detected object count: 10
08:57:36.0553 1080 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0553 1080 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0553 1080 AppleHFS ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0553 1080 AppleHFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 AppleMNT ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 AppleMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0568 1080 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0568 1080 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0584 1080 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
08:57:36.0584 1080 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:36.0584 1080 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:57:36.0584 1080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:57:40.0624 3876 Deinitialize success
Hilft uns das weiter? Bei mir erzeugen solche Logs ehrlich gesagt nur gaaaaanz große Fragezeichen  liebe Grüße |
|
13.05.2013, 09:55
| #4 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Beide Scans haben etwas angezeigt. Wir machen weiter
Starte TDSSKiller noch einmal und wahle bei unten stehenden Funde fur "Delete": \Device\Harddisk0\DR0 ( TDSS File System ) Poste mir dat neue Logfile von TDSSkiller |
|
13.05.2013, 12:23
| #5 |
| | TAN-Abfrage Commerzbank Weiter gehts  Hier das Zoek-Log: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by User on 13.05.2013 at 13:14:14,58.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results13.05.2013-0845.log 24993 bytes
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2596578785-4124232554-2186326854-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Uhguhauq"=-
==== Deleting Files \ Folders ======================
"C:\Users\Public\Desktop\sample__0829.zip" deleted
Code:
ATTFilter 13:18:46.0535 5532 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:18:46.0769 5532 ============================================================
13:18:46.0769 5532 Current date / time: 2013/05/13 13:18:46.0769
13:18:46.0769 5532 SystemInfo:
13:18:46.0769 5532
13:18:46.0769 5532 OS Version: 6.0.6002 ServicePack: 2.0
13:18:46.0769 5532 Product type: Workstation
13:18:46.0769 5532 ComputerName: USER-PC
13:18:46.0769 5532 UserName: User
13:18:46.0769 5532 Windows directory: C:\Windows
13:18:46.0769 5532 System windows directory: C:\Windows
13:18:46.0769 5532 Processor architecture: Intel x86
13:18:46.0769 5532 Number of processors: 2
13:18:46.0769 5532 Page size: 0x1000
13:18:46.0769 5532 Boot type: Normal boot
13:18:46.0769 5532 ============================================================
13:18:47.0674 5532 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:18:47.0768 5532 ============================================================
13:18:47.0768 5532 \Device\Harddisk0\DR0:
13:18:47.0768 5532 MBR partitions:
13:18:47.0768 5532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D000
13:18:47.0768 5532 ============================================================
13:18:47.0830 5532 C: <-> \Device\Harddisk0\DR0\Partition1
13:18:47.0830 5532 ============================================================
13:18:47.0830 5532 Initialize success
13:18:47.0830 5532 ============================================================
13:18:52.0760 5592 ============================================================
13:18:52.0760 5592 Scan started
13:18:52.0760 5592 Mode: Manual; SigCheck; TDLFS;
13:18:52.0760 5592 ============================================================
13:18:53.0446 5592 ================ Scan system memory ========================
13:18:53.0446 5592 System memory - ok
13:18:53.0446 5592 ================ Scan services =============================
13:18:53.0602 5592 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:18:53.0680 5592 ACPI - ok
13:18:53.0789 5592 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:18:53.0852 5592 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:18:53.0852 5592 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:18:53.0930 5592 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:18:53.0930 5592 AdobeFlashPlayerUpdateSvc - ok
13:18:53.0976 5592 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:18:54.0008 5592 adp94xx - ok
13:18:54.0039 5592 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:18:54.0054 5592 adpahci - ok
13:18:54.0070 5592 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:18:54.0086 5592 adpu160m - ok
13:18:54.0117 5592 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:18:54.0132 5592 adpu320 - ok
13:18:54.0164 5592 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:18:54.0257 5592 AeLookupSvc - ok
13:18:54.0304 5592 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:18:54.0366 5592 AFD - ok
13:18:54.0413 5592 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:18:54.0429 5592 agp440 - ok
13:18:54.0460 5592 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:18:54.0460 5592 aic78xx - ok
13:18:54.0491 5592 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:18:54.0632 5592 ALG - ok
13:18:54.0647 5592 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
13:18:54.0663 5592 aliide - ok
13:18:54.0710 5592 [ 20883D2D6E1D94321246AFF39AFCE56C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:18:54.0803 5592 AMD External Events Utility - ok
13:18:54.0881 5592 AMD FUEL Service - ok
13:18:54.0897 5592 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:18:54.0912 5592 amdagp - ok
13:18:54.0928 5592 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
13:18:54.0944 5592 amdide - ok
13:18:54.0975 5592 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
13:18:54.0975 5592 amdiox86 - ok
13:18:55.0006 5592 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:18:55.0053 5592 AmdK7 - ok
13:18:55.0084 5592 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:18:55.0131 5592 AmdK8 - ok
13:18:55.0380 5592 [ 8852D7B22CC76CBFE38FE1B539D40285 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:18:55.0770 5592 amdkmdag - ok
13:18:55.0833 5592 [ E84DAD432A49480D3FBB7AFBD854AC1C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:18:55.0880 5592 amdkmdap - ok
13:18:55.0958 5592 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:18:55.0958 5592 AntiVirSchedulerService - ok
13:18:56.0020 5592 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:18:56.0036 5592 AntiVirService - ok
13:18:56.0051 5592 [ 66F4DE5876DC1A47BA1ACE909FA9AEEF ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
13:18:56.0067 5592 AODDriver4.0 - ok
13:18:56.0098 5592 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:18:56.0176 5592 Appinfo - ok
13:18:56.0207 5592 [ 9C53678460957EC8F2F5DD5FACB0A2BB ] AppleHFS C:\Windows\system32\drivers\AppleHFS.sys
13:18:56.0238 5592 AppleHFS ( UnsignedFile.Multi.Generic ) - warning
13:18:56.0238 5592 AppleHFS - detected UnsignedFile.Multi.Generic (1)
13:18:56.0270 5592 [ ED4A92C3DD252493099B4791562ED3D2 ] AppleMNT C:\Windows\system32\drivers\AppleMNT.sys
13:18:56.0301 5592 AppleMNT ( UnsignedFile.Multi.Generic ) - warning
13:18:56.0301 5592 AppleMNT - detected UnsignedFile.Multi.Generic (1)
13:18:56.0426 5592 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:18:56.0441 5592 arc - ok
13:18:56.0519 5592 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:18:56.0550 5592 arcsas - ok
13:18:56.0660 5592 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:18:56.0660 5592 aspnet_state - ok
13:18:56.0691 5592 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:18:56.0738 5592 AsyncMac - ok
13:18:56.0753 5592 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:18:56.0769 5592 atapi - ok
13:18:56.0831 5592 [ 35290682DBDB9CEDE934B73369F3CEDE ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH3.sys
13:18:56.0847 5592 AtiHDAudioService - ok
13:18:57.0221 5592 [ 8852D7B22CC76CBFE38FE1B539D40285 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:18:57.0393 5592 atikmdag - ok
13:18:57.0486 5592 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
13:18:57.0518 5592 AtiPcie - ok
13:18:57.0564 5592 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:18:57.0580 5592 atksgt - ok
13:18:57.0627 5592 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:18:57.0658 5592 AudioEndpointBuilder - ok
13:18:57.0674 5592 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:18:57.0689 5592 Audiosrv - ok
13:18:57.0705 5592 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:18:57.0720 5592 avgntflt - ok
13:18:57.0783 5592 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:18:57.0783 5592 avipbb - ok
13:18:57.0798 5592 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:18:57.0798 5592 avkmgr - ok
13:18:57.0845 5592 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys
13:18:57.0892 5592 avmeject ( UnsignedFile.Multi.Generic ) - warning
13:18:57.0892 5592 avmeject - detected UnsignedFile.Multi.Generic (1)
13:18:57.0923 5592 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:18:57.0970 5592 Beep - ok
13:18:58.0048 5592 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:18:58.0095 5592 BFE - ok
13:18:58.0173 5592 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
13:18:58.0204 5592 BITS - ok
13:18:58.0235 5592 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:18:58.0266 5592 blbdrive - ok
13:18:58.0329 5592 [ 5AB58C337AC65837FE404462AD6265AB ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:18:58.0344 5592 Bonjour Service - ok
13:18:58.0360 5592 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:18:58.0407 5592 bowser - ok
13:18:58.0438 5592 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:18:58.0469 5592 BrFiltLo - ok
13:18:58.0500 5592 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:18:58.0547 5592 BrFiltUp - ok
13:18:58.0578 5592 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:18:58.0610 5592 Browser - ok
13:18:58.0625 5592 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:18:58.0766 5592 Brserid - ok
13:18:58.0797 5592 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:18:58.0844 5592 BrSerWdm - ok
13:18:58.0875 5592 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:18:58.0922 5592 BrUsbMdm - ok
13:18:58.0937 5592 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:18:59.0000 5592 BrUsbSer - ok
13:18:59.0124 5592 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
13:18:59.0218 5592 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
13:18:59.0218 5592 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
13:18:59.0249 5592 [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
13:18:59.0312 5592 BTCFilterService - ok
13:18:59.0327 5592 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:18:59.0374 5592 BTHMODEM - ok
13:18:59.0421 5592 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
13:18:59.0483 5592 BthServ - ok
13:18:59.0624 5592 catchme - ok
13:18:59.0655 5592 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:18:59.0702 5592 cdfs - ok
13:18:59.0748 5592 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:18:59.0780 5592 cdrom - ok
13:18:59.0842 5592 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:18:59.0889 5592 CertPropSvc - ok
13:18:59.0904 5592 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:18:59.0936 5592 circlass - ok
13:18:59.0982 5592 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:18:59.0998 5592 CLFS - ok
13:19:00.0029 5592 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:00.0076 5592 clr_optimization_v2.0.50727_32 - ok
13:19:00.0123 5592 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:19:00.0138 5592 clr_optimization_v4.0.30319_32 - ok
13:19:00.0170 5592 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:19:00.0185 5592 cmdide - ok
13:19:00.0201 5592 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:19:00.0201 5592 Compbatt - ok
13:19:00.0216 5592 COMSysApp - ok
13:19:00.0232 5592 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:19:00.0232 5592 crcdisk - ok
13:19:00.0263 5592 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:19:00.0294 5592 Crusoe - ok
13:19:00.0341 5592 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:19:00.0388 5592 CryptSvc - ok
13:19:00.0419 5592 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:19:00.0466 5592 DcomLaunch - ok
13:19:00.0544 5592 [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
13:19:00.0560 5592 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
13:19:00.0560 5592 DCService.exe - detected UnsignedFile.Multi.Generic (1)
13:19:00.0591 5592 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:19:00.0606 5592 DfsC - ok
13:19:00.0684 5592 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:19:00.0778 5592 DFSR - ok
13:19:00.0840 5592 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:19:00.0918 5592 Dhcp - ok
13:19:01.0012 5592 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:19:01.0012 5592 disk - ok
13:19:01.0043 5592 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:19:01.0090 5592 Dnscache - ok
13:19:01.0137 5592 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:19:01.0215 5592 dot3svc - ok
13:19:01.0277 5592 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:19:01.0324 5592 DPS - ok
13:19:01.0371 5592 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:19:01.0402 5592 drmkaud - ok
13:19:01.0620 5592 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:19:01.0652 5592 DXGKrnl - ok
13:19:01.0683 5592 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:19:01.0714 5592 E1G60 - ok
13:19:01.0745 5592 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:19:01.0761 5592 EapHost - ok
13:19:01.0823 5592 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:19:01.0839 5592 Ecache - ok
13:19:01.0948 5592 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:19:01.0964 5592 ehRecvr - ok
13:19:01.0979 5592 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:19:02.0042 5592 ehSched - ok
13:19:02.0057 5592 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:19:02.0104 5592 ehstart - ok
13:19:02.0151 5592 [ 44996A2ADDD2DB7454F2CA40B67D8941 ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:19:02.0166 5592 ElbyCDIO - ok
13:19:02.0198 5592 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:19:02.0213 5592 elxstor - ok
13:19:02.0307 5592 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:19:02.0510 5592 EMDMgmt - ok
13:19:02.0541 5592 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:19:02.0588 5592 ErrDev - ok
13:19:02.0650 5592 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:19:02.0728 5592 EventSystem - ok
13:19:02.0759 5592 ewdmaudn - ok
13:19:02.0790 5592 [ E1556AF3FB0284C32896B9AC8494D9C2 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
13:19:02.0822 5592 ewusbnet - ok
13:19:02.0853 5592 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:19:02.0884 5592 ew_hwusbdev - ok
13:19:02.0915 5592 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:19:02.0978 5592 exfat - ok
13:19:03.0024 5592 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:19:03.0040 5592 fastfat - ok
13:19:03.0056 5592 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:19:03.0102 5592 fdc - ok
13:19:03.0149 5592 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:19:03.0165 5592 fdPHost - ok
13:19:03.0165 5592 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:19:03.0243 5592 FDResPub - ok
13:19:03.0290 5592 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:19:03.0305 5592 FileInfo - ok
13:19:03.0321 5592 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:19:03.0383 5592 Filetrace - ok
13:19:03.0446 5592 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:19:03.0477 5592 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:19:03.0477 5592 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:19:03.0508 5592 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:19:03.0539 5592 flpydisk - ok
13:19:03.0586 5592 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:19:03.0602 5592 FltMgr - ok
13:19:03.0695 5592 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:19:03.0758 5592 FontCache - ok
13:19:03.0820 5592 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:03.0851 5592 FontCache3.0.0.0 - ok
13:19:03.0929 5592 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
13:19:03.0945 5592 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
13:19:03.0945 5592 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
13:19:03.0992 5592 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:19:04.0038 5592 Fs_Rec - ok
13:19:04.0085 5592 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
13:19:04.0132 5592 FWLANUSB - ok
13:19:04.0148 5592 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:19:04.0163 5592 gagp30kx - ok
13:19:04.0194 5592 [ 54789F9BA0D59072CDD4E7C200E122C4 ] gdrv C:\Windows\gdrv.sys
13:19:04.0194 5592 gdrv - ok
13:19:04.0210 5592 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:19:04.0210 5592 GEARAspiWDM - ok
13:19:04.0272 5592 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files\NOS\bin\getPlus_Helper.dll
13:19:04.0272 5592 getPlusHelper - ok
13:19:04.0304 5592 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
13:19:04.0319 5592 ggflt - ok
13:19:04.0350 5592 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
13:19:04.0366 5592 ggsemc - ok
13:19:04.0413 5592 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:19:04.0475 5592 gpsvc - ok
13:19:04.0538 5592 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:19:04.0538 5592 hamachi - ok
13:19:04.0584 5592 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:19:04.0647 5592 HdAudAddService - ok
13:19:04.0725 5592 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:19:04.0772 5592 HDAudBus - ok
13:19:04.0803 5592 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:19:04.0850 5592 HidBth - ok
13:19:04.0865 5592 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:19:04.0943 5592 HidIr - ok
13:19:04.0974 5592 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
13:19:05.0021 5592 hidserv - ok
13:19:05.0068 5592 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:19:05.0099 5592 HidUsb - ok
13:19:05.0130 5592 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:19:05.0193 5592 hkmsvc - ok
13:19:05.0302 5592 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:19:05.0318 5592 HpCISSs - ok
13:19:05.0364 5592 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:19:05.0427 5592 HTTP - ok
13:19:05.0458 5592 [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:19:05.0474 5592 huawei_enumerator - ok
13:19:05.0520 5592 [ A89423D0132C8AB69BA621B6CE191714 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:19:05.0552 5592 hwdatacard - ok
13:19:05.0583 5592 [ F02EA43AE8F936124DEBF5B87F12C795 ] hxctlflt C:\Windows\system32\Drivers\hxctlflt.sys
13:19:05.0630 5592 hxctlflt - ok
13:19:05.0661 5592 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:19:05.0692 5592 i2omp - ok
13:19:05.0708 5592 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:19:05.0739 5592 i8042prt - ok
13:19:05.0764 5592 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:19:05.0784 5592 iaStorV - ok
13:19:05.0864 5592 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:19:05.0884 5592 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:19:05.0884 5592 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:19:05.0964 5592 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:05.0994 5592 idsvc - ok
13:19:06.0014 5592 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:19:06.0024 5592 iirsp - ok
13:19:06.0064 5592 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:19:06.0114 5592 IKEEXT - ok
13:19:06.0304 5592 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:19:06.0474 5592 IntcAzAudAddService - ok
13:19:06.0514 5592 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
13:19:06.0524 5592 intelide - ok
13:19:06.0554 5592 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:19:06.0624 5592 intelppm - ok
13:19:06.0894 5592 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:19:06.0954 5592 IPBusEnum - ok
13:19:06.0984 5592 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:19:07.0044 5592 IpFilterDriver - ok
13:19:07.0144 5592 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:19:07.0194 5592 iphlpsvc - ok
13:19:07.0204 5592 IpInIp - ok
13:19:07.0264 5592 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:19:07.0284 5592 IPMIDRV - ok
13:19:07.0314 5592 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:19:07.0364 5592 IPNAT - ok
13:19:07.0444 5592 [ 8F610078437A459948480407F4DB91EA ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:19:07.0484 5592 iPod Service - ok
13:19:07.0514 5592 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:19:08.0070 5592 IRENUM - ok
13:19:08.0116 5592 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:19:08.0132 5592 isapnp - ok
13:19:08.0226 5592 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:19:08.0241 5592 iScsiPrt - ok
13:19:08.0257 5592 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:19:08.0272 5592 iteatapi - ok
13:19:08.0350 5592 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:19:08.0382 5592 iteraid - ok
13:19:08.0584 5592 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:19:08.0600 5592 kbdclass - ok
13:19:08.0631 5592 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:19:08.0662 5592 kbdhid - ok
13:19:08.0694 5592 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
13:19:08.0740 5592 KeyIso - ok
13:19:08.0772 5592 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:19:08.0787 5592 KSecDD - ok
13:19:08.0818 5592 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:19:08.0881 5592 KtmRm - ok
13:19:08.0928 5592 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
13:19:09.0099 5592 LanmanServer - ok
13:19:09.0146 5592 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:19:09.0193 5592 LanmanWorkstation - ok
13:19:09.0208 5592 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:19:09.0224 5592 lirsgt - ok
13:19:09.0240 5592 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:19:09.0255 5592 lltdio - ok
13:19:09.0333 5592 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:19:09.0364 5592 lltdsvc - ok
13:19:09.0380 5592 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:19:09.0458 5592 lmhosts - ok
13:19:09.0489 5592 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:19:09.0520 5592 LSI_FC - ok
13:19:09.0552 5592 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:19:09.0567 5592 LSI_SAS - ok
13:19:09.0583 5592 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:19:09.0598 5592 LSI_SCSI - ok
13:19:09.0614 5592 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:19:09.0661 5592 luafv - ok
13:19:09.0708 5592 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:19:09.0739 5592 Mcx2Svc - ok
13:19:09.0786 5592 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:19:09.0786 5592 megasas - ok
13:19:09.0848 5592 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:19:09.0864 5592 MegaSR - ok
13:19:09.0879 5592 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:19:09.0910 5592 MMCSS - ok
13:19:09.0942 5592 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:19:09.0973 5592 Modem - ok
13:19:10.0004 5592 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:19:10.0035 5592 monitor - ok
13:19:10.0082 5592 [ C741717B0A18813DD7D12085937CEE72 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys
13:19:10.0113 5592 motccgp - ok
13:19:10.0129 5592 [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys
13:19:10.0160 5592 motccgpfl - ok
13:19:10.0207 5592 [ 54FEE02961C70FD9D4D7E2F87AFA23FA ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
13:19:10.0254 5592 motmodem - ok
13:19:10.0269 5592 [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
13:19:10.0285 5592 MotoSwitchService - ok
13:19:10.0332 5592 [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys
13:19:10.0363 5592 Motousbnet - ok
13:19:10.0410 5592 [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys
13:19:10.0456 5592 motusbdevice - ok
13:19:10.0472 5592 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:19:10.0488 5592 mouclass - ok
13:19:10.0503 5592 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:19:10.0534 5592 mouhid - ok
13:19:10.0550 5592 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:19:10.0550 5592 MountMgr - ok
13:19:10.0597 5592 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:19:10.0612 5592 MozillaMaintenance - ok
13:19:10.0612 5592 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:19:10.0628 5592 mpio - ok
13:19:10.0675 5592 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:19:10.0706 5592 mpsdrv - ok
13:19:10.0737 5592 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:19:10.0784 5592 MpsSvc - ok
13:19:10.0815 5592 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:19:10.0831 5592 Mraid35x - ok
13:19:10.0862 5592 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:19:10.0862 5592 MRxDAV - ok
13:19:10.0893 5592 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:19:10.0940 5592 mrxsmb - ok
13:19:10.0971 5592 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:19:11.0002 5592 mrxsmb10 - ok
13:19:11.0018 5592 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:19:11.0034 5592 mrxsmb20 - ok
13:19:11.0049 5592 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
13:19:11.0065 5592 msahci - ok
13:19:11.0112 5592 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:19:11.0127 5592 msdsm - ok
13:19:11.0143 5592 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:19:11.0190 5592 MSDTC - ok
13:19:11.0236 5592 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:19:11.0252 5592 Msfs - ok
13:19:11.0299 5592 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:19:11.0314 5592 msisadrv - ok
13:19:11.0346 5592 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:19:11.0377 5592 MSiSCSI - ok
13:19:11.0377 5592 msiserver - ok
13:19:11.0392 5592 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:19:11.0439 5592 MSKSSRV - ok
13:19:11.0455 5592 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:19:11.0502 5592 MSPCLOCK - ok
13:19:11.0502 5592 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:19:11.0533 5592 MSPQM - ok
13:19:11.0564 5592 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:19:11.0580 5592 MsRPC - ok
13:19:11.0595 5592 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:19:11.0611 5592 mssmbios - ok
13:19:11.0642 5592 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:19:11.0658 5592 MSTEE - ok
13:19:11.0689 5592 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:19:11.0704 5592 Mup - ok
13:19:11.0751 5592 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:19:11.0814 5592 napagent - ok
13:19:11.0876 5592 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:19:11.0876 5592 NativeWifiP - ok
13:19:11.0970 5592 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:19:11.0985 5592 NDIS - ok
13:19:12.0001 5592 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:19:12.0032 5592 NdisTapi - ok
13:19:12.0063 5592 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:19:12.0079 5592 Ndisuio - ok
13:19:12.0110 5592 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:19:12.0141 5592 NdisWan - ok
13:19:12.0172 5592 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:19:12.0204 5592 NDProxy - ok
13:19:12.0406 5592 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:19:12.0422 5592 NetBIOS - ok
13:19:12.0453 5592 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:19:12.0484 5592 netbt - ok
13:19:12.0516 5592 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
13:19:12.0516 5592 Netlogon - ok
13:19:12.0594 5592 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:19:12.0609 5592 Netman - ok
13:19:12.0625 5592 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:19:12.0672 5592 netprofm - ok
13:19:12.0718 5592 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:19:12.0734 5592 NetTcpPortSharing - ok
13:19:12.0765 5592 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:19:12.0765 5592 nfrd960 - ok
13:19:12.0796 5592 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:19:12.0828 5592 NlaSvc - ok
13:19:12.0874 5592 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:19:12.0906 5592 Npfs - ok
13:19:12.0952 5592 npggsvc - ok
13:19:12.0968 5592 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:19:12.0984 5592 nsi - ok
13:19:12.0999 5592 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:19:13.0046 5592 nsiproxy - ok
13:19:13.0280 5592 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:19:13.0311 5592 Ntfs - ok
13:19:13.0358 5592 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:19:13.0420 5592 ntrigdigi - ok
13:19:13.0452 5592 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:19:13.0514 5592 Null - ok
13:19:13.0561 5592 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:19:13.0592 5592 nvraid - ok
13:19:13.0639 5592 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:19:13.0654 5592 nvstor - ok
13:19:13.0686 5592 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:19:13.0686 5592 nv_agp - ok
13:19:13.0701 5592 NwlnkFlt - ok
13:19:13.0701 5592 NwlnkFwd - ok
13:19:13.0748 5592 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:19:13.0779 5592 ohci1394 - ok
13:19:13.0842 5592 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:19:13.0857 5592 ose - ok
13:19:13.0888 5592 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:19:13.0966 5592 p2pimsvc - ok
13:19:13.0982 5592 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:19:13.0998 5592 p2psvc - ok
13:19:14.0044 5592 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:19:14.0076 5592 Parport - ok
13:19:14.0107 5592 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:19:14.0122 5592 partmgr - ok
13:19:14.0138 5592 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:19:14.0169 5592 Parvdm - ok
13:19:14.0185 5592 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:19:14.0247 5592 PcaSvc - ok
13:19:14.0278 5592 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:19:14.0294 5592 pci - ok
13:19:14.0310 5592 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
13:19:14.0310 5592 pciide - ok
13:19:14.0341 5592 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:19:14.0356 5592 pcmcia - ok
13:19:14.0388 5592 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:19:14.0450 5592 PEAUTH - ok
13:19:14.0528 5592 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:19:14.0590 5592 pla - ok
13:19:14.0684 5592 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:19:14.0731 5592 PlugPlay - ok
13:19:14.0840 5592 [ AE6C778717DE2F6B0C0B5335036D3363 ] PMBDeviceInfoProvider C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
13:19:14.0856 5592 PMBDeviceInfoProvider - ok
13:19:14.0887 5592 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:19:14.0918 5592 PNRPAutoReg - ok
13:19:14.0934 5592 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:19:14.0949 5592 PNRPsvc - ok
13:19:14.0996 5592 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:19:15.0043 5592 PolicyAgent - ok
13:19:15.0121 5592 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:19:15.0136 5592 PptpMiniport - ok
13:19:15.0183 5592 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:19:15.0230 5592 Processor - ok
13:19:15.0277 5592 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:19:15.0324 5592 ProfSvc - ok
13:19:15.0355 5592 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:19:15.0355 5592 ProtectedStorage - ok
13:19:15.0386 5592 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:19:15.0417 5592 PSched - ok
13:19:15.0480 5592 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:19:15.0511 5592 ql2300 - ok
13:19:15.0589 5592 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:19:15.0589 5592 ql40xx - ok
13:19:15.0760 5592 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:19:15.0823 5592 QWAVE - ok
13:19:15.0870 5592 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:19:15.0901 5592 QWAVEdrv - ok
13:19:15.0979 5592 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
13:19:15.0979 5592 RapiMgr - ok
13:19:16.0010 5592 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:19:16.0088 5592 RasAcd - ok
13:19:16.0150 5592 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:19:16.0197 5592 RasAuto - ok
13:19:16.0228 5592 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:19:16.0275 5592 Rasl2tp - ok
13:19:16.0322 5592 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:19:16.0353 5592 RasMan - ok
13:19:16.0384 5592 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:19:16.0400 5592 RasPppoe - ok
13:19:16.0447 5592 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:19:16.0447 5592 RasSstp - ok
13:19:16.0509 5592 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:19:16.0525 5592 rdbss - ok
13:19:16.0540 5592 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:19:16.0587 5592 RDPCDD - ok
13:19:16.0665 5592 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:19:16.0696 5592 rdpdr - ok
13:19:16.0728 5592 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:19:16.0759 5592 RDPENCDD - ok
13:19:16.0837 5592 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:19:16.0915 5592 RDPWD - ok
13:19:16.0946 5592 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:19:16.0977 5592 RemoteAccess - ok
13:19:17.0024 5592 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:19:17.0071 5592 RemoteRegistry - ok
13:19:17.0102 5592 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:19:17.0118 5592 RpcLocator - ok
13:19:17.0149 5592 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:19:17.0164 5592 RpcSs - ok
13:19:17.0180 5592 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:19:17.0227 5592 rspndr - ok
13:19:17.0274 5592 [ 9BB3B278B082ACD7DAD7B6F4FA442E30 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
13:19:17.0289 5592 RTHDMIAzAudService - ok
13:19:17.0320 5592 [ 904FD29EC1FF2709099AE2CD1C09A913 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:19:17.0383 5592 RTL8169 - ok
13:19:17.0414 5592 [ 594FF5620661D1386475406E78CB6F2F ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
13:19:17.0445 5592 s0017bus - ok
13:19:17.0476 5592 [ 7258F550419D543BC5C8E80C578A5D54 ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
13:19:17.0523 5592 s0017mdfl - ok
13:19:17.0695 5592 [ 1DE4F6607FEB17A15DBD4F1B139E6D2F ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
13:19:17.0695 5592 s0017mdm - ok
13:19:17.0742 5592 [ 9814E6BACC06D2526CD52981C7EEEDF0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
13:19:17.0742 5592 s0017mgmt - ok
13:19:17.0773 5592 [ 2C62CD58225973F26682CD4F783DDEDE ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
13:19:17.0773 5592 s0017nd5 - ok
13:19:17.0820 5592 [ F87C3422E84B2FB1B43E0A26247AD5A5 ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
13:19:17.0835 5592 s0017obex - ok
13:19:17.0866 5592 [ DF5E7360A0AFA5956BF75DA683D0679F ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
13:19:17.0882 5592 s0017unic - ok
13:19:17.0913 5592 [ 06847AA6F3A9BF7C44134D00A2E578C0 ] s125bus C:\Windows\system32\DRIVERS\s125bus.sys
13:19:17.0929 5592 s125bus - ok
13:19:17.0960 5592 [ F83F88E1B125308FB5015EA0349502B0 ] s125mdfl C:\Windows\system32\DRIVERS\s125mdfl.sys
13:19:17.0976 5592 s125mdfl - ok
13:19:18.0007 5592 [ 402A97756C14940AD6AE5169C2FB105E ] s125mdm C:\Windows\system32\DRIVERS\s125mdm.sys
13:19:18.0022 5592 s125mdm - ok
13:19:18.0054 5592 [ 0266151DE3F36429F6AC3C4B28085061 ] s217bus C:\Windows\system32\DRIVERS\s217bus.sys
13:19:18.0069 5592 s217bus - ok
13:19:18.0085 5592 [ A43C0AF0E46BE7EF0C7E8CCF0F058600 ] s217mdfl C:\Windows\system32\DRIVERS\s217mdfl.sys
13:19:18.0100 5592 s217mdfl - ok
13:19:18.0132 5592 [ 005F5DED1ED8F8A9D2399D765EAD20F1 ] s217mdm C:\Windows\system32\DRIVERS\s217mdm.sys
13:19:18.0132 5592 s217mdm - ok
13:19:18.0178 5592 [ DE9562AD0C91E1857D11F65A91EE1A47 ] s217mgmt C:\Windows\system32\DRIVERS\s217mgmt.sys
13:19:18.0178 5592 s217mgmt - ok
13:19:18.0210 5592 [ 11CC5D7F992799E7E75D018E9C018563 ] s217nd5 C:\Windows\system32\DRIVERS\s217nd5.sys
13:19:18.0225 5592 s217nd5 - ok
13:19:18.0256 5592 [ 0F9F4045799AFB66B85EEF999D0609EC ] s217obex C:\Windows\system32\DRIVERS\s217obex.sys
13:19:18.0256 5592 s217obex - ok
13:19:18.0288 5592 [ 1C91E1023F07B6407D84B5A43537D984 ] s217unic C:\Windows\system32\DRIVERS\s217unic.sys
13:19:18.0288 5592 s217unic - ok
13:19:18.0303 5592 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
13:19:18.0319 5592 SamSs - ok
13:19:18.0350 5592 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:19:18.0366 5592 sbp2port - ok
13:19:18.0428 5592 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:19:18.0459 5592 SBSDWSCService - ok
13:19:18.0490 5592 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:19:18.0553 5592 SCardSvr - ok
13:19:18.0662 5592 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:19:18.0740 5592 Schedule - ok
13:19:18.0771 5592 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:19:18.0787 5592 SCPolicySvc - ok
13:19:18.0818 5592 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:19:18.0896 5592 SDRSVC - ok
13:19:18.0912 5592 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:19:18.0974 5592 secdrv - ok
13:19:19.0021 5592 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:19:19.0052 5592 seclogon - ok
13:19:19.0083 5592 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
13:19:19.0114 5592 SENS - ok
13:19:19.0146 5592 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:19:19.0161 5592 Serenum - ok
13:19:19.0208 5592 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:19:19.0239 5592 Serial - ok
13:19:19.0270 5592 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:19:19.0286 5592 sermouse - ok
13:19:19.0333 5592 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:19:19.0348 5592 SessionEnv - ok
13:19:19.0380 5592 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:19:19.0411 5592 sffdisk - ok
13:19:19.0426 5592 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:19:19.0442 5592 sffp_mmc - ok
13:19:19.0458 5592 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:19:19.0473 5592 sffp_sd - ok
13:19:19.0489 5592 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:19:19.0536 5592 sfloppy - ok
13:19:19.0629 5592 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:19:19.0676 5592 SharedAccess - ok
13:19:19.0723 5592 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:19:19.0770 5592 ShellHWDetection - ok
13:19:19.0801 5592 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:19:19.0801 5592 sisagp - ok
13:19:19.0848 5592 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:19:19.0863 5592 SiSRaid2 - ok
13:19:19.0894 5592 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:19:19.0894 5592 SiSRaid4 - ok
13:19:19.0972 5592 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
13:19:19.0988 5592 SkypeUpdate - ok
13:19:20.0472 5592 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:19:20.0628 5592 slsvc - ok
13:19:20.0674 5592 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:19:20.0690 5592 SLUINotify - ok
13:19:20.0784 5592 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:19:20.0815 5592 Smb - ok
13:19:20.0877 5592 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:19:20.0893 5592 SNMPTRAP - ok
13:19:21.0064 5592 [ A70F178299812DCE4CC0E802D403BE9B ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
13:19:21.0142 5592 SNP2UVC - ok
13:19:21.0267 5592 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
13:19:21.0283 5592 Sony PC Companion - ok
13:19:21.0314 5592 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:19:21.0330 5592 spldr - ok
13:19:21.0376 5592 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:19:21.0392 5592 Spooler - ok
13:19:21.0423 5592 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:19:21.0486 5592 srv - ok
13:19:21.0501 5592 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:19:21.0532 5592 srv2 - ok
13:19:21.0564 5592 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:19:21.0579 5592 srvnet - ok
13:19:21.0610 5592 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:19:21.0642 5592 SSDPSRV - ok
13:19:21.0673 5592 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:19:21.0688 5592 ssmdrv - ok
13:19:21.0720 5592 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:19:21.0751 5592 SstpSvc - ok
13:19:21.0798 5592 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
13:19:21.0813 5592 ss_bbus - ok
13:19:21.0844 5592 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
13:19:21.0844 5592 ss_bmdfl - ok
13:19:21.0876 5592 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
13:19:21.0876 5592 ss_bmdm - ok
13:19:21.0907 5592 Steam Client Service - ok
13:19:21.0938 5592 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:19:21.0954 5592 stisvc - ok
13:19:21.0969 5592 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:19:21.0969 5592 swenum - ok
13:19:22.0000 5592 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:19:22.0032 5592 swprv - ok
13:19:22.0063 5592 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:19:22.0063 5592 Symc8xx - ok
13:19:22.0078 5592 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:19:22.0094 5592 Sym_hi - ok
13:19:22.0110 5592 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:19:22.0125 5592 Sym_u3 - ok
13:19:22.0156 5592 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:19:22.0219 5592 SysMain - ok
13:19:22.0250 5592 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:19:22.0266 5592 TabletInputService - ok
13:19:22.0297 5592 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:19:22.0328 5592 TapiSrv - ok
13:19:22.0375 5592 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:19:22.0390 5592 TBS - ok
13:19:22.0437 5592 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:19:22.0468 5592 Tcpip - ok
13:19:22.0484 5592 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:19:22.0500 5592 Tcpip6 - ok
13:19:22.0562 5592 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:19:22.0624 5592 tcpipreg - ok
13:19:22.0640 5592 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:19:22.0671 5592 TDPIPE - ok
13:19:22.0702 5592 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:19:22.0718 5592 TDTCP - ok
13:19:22.0796 5592 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:19:22.0812 5592 tdx - ok
13:19:22.0843 5592 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:19:22.0858 5592 TermDD - ok
13:19:22.0874 5592 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:19:22.0905 5592 TermService - ok
13:19:22.0936 5592 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:19:22.0952 5592 Themes - ok
13:19:22.0968 5592 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:19:22.0999 5592 THREADORDER - ok
13:19:22.0999 5592 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:19:23.0046 5592 TrkWks - ok
13:19:23.0108 5592 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:19:23.0139 5592 TrustedInstaller - ok
13:19:23.0170 5592 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:19:23.0202 5592 tssecsrv - ok
13:19:23.0233 5592 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:19:23.0248 5592 tunmp - ok
13:19:23.0264 5592 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:19:23.0311 5592 tunnel - ok
13:19:23.0326 5592 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:19:23.0342 5592 uagp35 - ok
13:19:23.0373 5592 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:19:23.0389 5592 udfs - ok
13:19:23.0436 5592 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:19:23.0451 5592 UI0Detect - ok
13:19:23.0467 5592 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:19:23.0482 5592 uliagpkx - ok
13:19:23.0514 5592 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:19:23.0529 5592 uliahci - ok
13:19:23.0545 5592 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:19:23.0560 5592 UlSata - ok
13:19:23.0576 5592 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:19:23.0592 5592 ulsata2 - ok
13:19:23.0607 5592 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:19:23.0638 5592 umbus - ok
13:19:23.0654 5592 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:19:23.0716 5592 upnphost - ok
13:19:23.0748 5592 USBAAPL - ok
13:19:23.0779 5592 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:19:23.0826 5592 usbaudio - ok
13:19:23.0872 5592 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:19:23.0888 5592 usbccgp - ok
13:19:23.0919 5592 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:19:23.0982 5592 usbcir - ok
13:19:23.0997 5592 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:19:24.0028 5592 usbehci - ok
13:19:24.0060 5592 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:19:24.0091 5592 usbhub - ok
13:19:24.0091 5592 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:19:24.0106 5592 usbohci - ok
13:19:24.0138 5592 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:19:24.0153 5592 usbprint - ok
13:19:24.0184 5592 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:19:24.0200 5592 usbscan - ok
13:19:24.0231 5592 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:19:24.0247 5592 USBSTOR - ok
13:19:24.0262 5592 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:19:24.0278 5592 usbuhci - ok
13:19:24.0340 5592 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:19:24.0356 5592 usbvideo - ok
13:19:24.0403 5592 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
13:19:24.0418 5592 usb_rndisx - ok
13:19:24.0450 5592 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:19:24.0496 5592 UxSms - ok
13:19:24.0543 5592 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
13:19:24.0574 5592 VClone - ok
13:19:24.0621 5592 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:19:24.0637 5592 vds - ok
13:19:24.0668 5592 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:19:24.0684 5592 vga - ok
13:19:24.0684 5592 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:19:24.0715 5592 VgaSave - ok
13:19:24.0746 5592 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:19:24.0746 5592 viaagp - ok
13:19:24.0777 5592 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:19:24.0793 5592 ViaC7 - ok
13:19:24.0808 5592 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
13:19:24.0824 5592 viaide - ok
13:19:24.0855 5592 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:19:24.0871 5592 volmgr - ok
13:19:24.0902 5592 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:19:24.0918 5592 volmgrx - ok
13:19:24.0949 5592 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:19:24.0964 5592 volsnap - ok
13:19:24.0980 5592 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:19:24.0996 5592 vsmraid - ok
13:19:25.0042 5592 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:19:25.0074 5592 VSS - ok
13:19:25.0089 5592 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:19:25.0105 5592 W32Time - ok
13:19:25.0136 5592 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:19:25.0183 5592 WacomPen - ok
13:19:25.0214 5592 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:19:25.0245 5592 Wanarp - ok
13:19:25.0245 5592 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:19:25.0261 5592 Wanarpv6 - ok
13:19:25.0323 5592 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
13:19:25.0339 5592 WcesComm - ok
13:19:25.0401 5592 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:19:25.0432 5592 wcncsvc - ok
13:19:25.0479 5592 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:19:25.0510 5592 WcsPlugInService - ok
13:19:25.0542 5592 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:19:25.0542 5592 Wd - ok
13:19:25.0588 5592 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
13:19:25.0620 5592 WDC_SAM - ok
13:19:25.0651 5592 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:19:25.0682 5592 Wdf01000 - ok
13:19:25.0698 5592 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:19:25.0713 5592 WdiServiceHost - ok
13:19:25.0713 5592 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:19:25.0744 5592 WdiSystemHost - ok
13:19:25.0760 5592 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:19:25.0776 5592 WebClient - ok
13:19:25.0807 5592 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:19:25.0838 5592 Wecsvc - ok
13:19:25.0885 5592 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:19:25.0916 5592 wercplsupport - ok
13:19:25.0947 5592 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:19:25.0963 5592 WerSvc - ok
13:19:26.0056 5592 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:19:26.0072 5592 WinDefend - ok
13:19:26.0072 5592 WinHttpAutoProxySvc - ok
13:19:26.0134 5592 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:19:26.0150 5592 Winmgmt - ok
13:19:26.0197 5592 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:19:26.0259 5592 WinRM - ok
13:19:26.0353 5592 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:19:26.0384 5592 Wlansvc - ok
13:19:26.0462 5592 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:19:26.0509 5592 wlidsvc - ok
13:19:26.0540 5592 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:19:26.0587 5592 WmiAcpi - ok
13:19:26.0665 5592 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:19:26.0696 5592 wmiApSrv - ok
13:19:26.0758 5592 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:19:26.0805 5592 WMPNetworkSvc - ok
13:19:26.0821 5592 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:19:26.0883 5592 WPCSvc - ok
13:19:26.0914 5592 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:19:26.0961 5592 WPDBusEnum - ok
13:19:26.0977 5592 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:19:27.0008 5592 WpdUsb - ok
13:19:27.0164 5592 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:19:27.0180 5592 WPFFontCache_v0400 - ok
13:19:27.0211 5592 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:19:27.0226 5592 ws2ifsl - ok
13:19:27.0258 5592 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
13:19:27.0258 5592 wscsvc - ok
13:19:27.0273 5592 WSearch - ok
13:19:27.0336 5592 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
13:19:27.0398 5592 wuauserv - ok
13:19:27.0429 5592 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:19:27.0476 5592 WudfPf - ok
13:19:27.0570 5592 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:19:27.0570 5592 WUDFRd - ok
13:19:27.0601 5592 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:19:27.0616 5592 wudfsvc - ok
13:19:27.0648 5592 ================ Scan global ===============================
13:19:27.0679 5592 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:19:27.0710 5592 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:19:27.0726 5592 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:19:27.0757 5592 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:19:27.0757 5592 [Global] - ok
13:19:27.0757 5592 ================ Scan MBR ==================================
13:19:27.0772 5592 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:19:27.0975 5592 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:19:27.0975 5592 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:19:27.0975 5592 ================ Scan VBR ==================================
13:19:28.0006 5592 [ 79C38AD63485393E586B032BD9D48FA1 ] \Device\Harddisk0\DR0\Partition1
13:19:28.0006 5592 \Device\Harddisk0\DR0\Partition1 - ok
13:19:28.0006 5592 ============================================================
13:19:28.0006 5592 Scan finished
13:19:28.0006 5592 ============================================================
13:19:28.0022 5548 Detected object count: 10
13:19:28.0022 5548 Actual detected object count: 10
13:19:50.0174 5548 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0174 5548 AppleHFS ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 AppleHFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0174 5548 AppleMNT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 AppleMNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0174 5548 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0174 5548 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0174 5548 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0174 5548 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0190 5548 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0190 5548 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0190 5548 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0190 5548 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0190 5548 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:19:50.0190 5548 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:19:50.0236 5548 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
13:19:50.0236 5548 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
13:19:50.0252 5548 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
13:19:50.0268 5548 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:19:50.0268 5548 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:19:50.0268 5548 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:19:50.0268 5548 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:19:50.0268 5548 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:19:50.0283 5548 \Device\Harddisk0\DR0\TDLFS - deleted
13:19:50.0283 5548 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
13:19:55.0275 5552 Deinitialize success
liebe Grüße Joolez |
|
13.05.2013, 13:02
| #6 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Ich finde es sieht sehr gelungen aus 
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
13.05.2013, 15:39
| #7 |
| | TAN-Abfrage Commerzbank Die Logdatei von zoek: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by User on 13.05.2013 at 15:03:49,50.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results13.05.2013-0845.log 24993 bytes
C:\zoek-results13.05.2013-1317.log 886 bytes
==== Deleting Files \ Folders ======================
"C:\TDSSKiller_Quarantine" deleted
Code:
ATTFilter # AdwCleaner v2.300 - Datei am 13/05/2013 um 15:08:55 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8080.16413
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
*************************
AdwCleaner[S1].txt - [2258 octets] - [13/05/2013 15:08:55]
########## EOF - C:\AdwCleaner[S1].txt - [2318 octets] ##########
|
|
13.05.2013, 16:05
| #8 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Es sieht schon wieder ziemlich sauber aus  Ich bin gespannt ob der nächsten Scan noch etwas findet: Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Der Scan kann sehr lange (einige Stunden) dauern!  Downloade Dir bitte  SecurityCheck und:
|
|
14.05.2013, 08:11
| #9 |
| | TAN-Abfrage Commerzbank Er hat wieder was gefunden....  Esetlog sagt folgendes: C:\Qoobox\Quarantine\C\YouMeetWeWo\config.bin.vir Win32/Spy.SpyEye.CFG.A trojan Und der Checkup: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 CCleaner Java(TM) 6 Update 22 Java 7 Update 17 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
14.05.2013, 08:21
| #10 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Der Fund steht im Quarantäne-Ordner von Combofix, offensichtlich hast Du diese auch schon mal laufen lassen Hol dir die neuesten Versionen von Java und Adobe Reader: Download Java Runtime Environment 1.7.0.21 (32-bit) - FileHippo.com http://filepony.de/download-adobe_reader/ Veraltete Versionen sind eine Sicherheitrisiko. Plugins Checken: https://www.mozilla.org/de/plugincheck/ Mach nachher eine neue scan mit SecurityCheck und poste mir den neuen Log |
|
14.05.2013, 09:09
| #11 |
| | TAN-Abfrage Commerzbank Hi, ja, ich hatte vor 2 Jahren mal ein Problem und da Combofix genutzt. Muss ich denn mit dem Ding in Quarantäne noch etwas anstellen?? Oder bleibt das da? Updates hab ich gemacht. Hier das Log: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows Vista Service Pack 2 x86 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 HijackThis 2.0.2 CCleaner Java(TM) 6 Update 22 Java 7 Update 21 Adobe Flash Player 11.7.700.169 Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird (17.0.5) ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Ich starte mal neu und mach dann noch nen Check. |
|
14.05.2013, 09:40
| #12 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Offensichtlich wird nicht der Letzte Version von Adobe Reader angeboten wenn man Vista hat  Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Abschließend noch Tipps zu folgenden Themen:
 Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Grüße Smeenk |
|
14.05.2013, 10:02
| #13 |
| | TAN-Abfrage Commerzbank Wahnsinn! DANKE für die schnelle und freundliche Hilfe! Jetzt räum ich gleich mal auf und werde den Lesestoff berücksichtigen!!! DANKE!! |
|
14.05.2013, 14:45
| #14 |
| /// Malwareteam / Visitor | TAN-Abfrage Commerzbank Gerne gemacht Grüße Smeenk |
|
| Themen zu TAN-Abfrage Commerzbank |
| antivir, avg, avira, bho, bonjour, converter, defender, downloader, ebanking, error, excel, firefox, flash player, format, google, home, logfile, mp3, nodrives, object, plug-in, problem, realtek, registry, safer networking, scan, schach, software, temp, vista |
Linear-Darstellung
