Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Brief von Telekom Abuse Team erhalten- Spamversand.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2013, 20:28   #1
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo wir haben vom Telekom Abuse Team einen Brief erhalten, dass von unserem Internetzugang aus Spam versendet wird und der Port 25 geschlossen wird. Nun haben wir mehrere PCs und möchten jeden einzelnen prüfen.

Mein PC hat Windows 8 installiert und ich möchte überprüfen, ob die Spam mails von meinem account aus gesendet werden. Könnt ihr mir helfen? Wie soll ich am besten vorgehen?


Danke :-)

Alt 02.06.2013, 20:31   #2
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

Zitat:
Wie soll ich am besten vorgehen?
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________

__________________

Alt 02.06.2013, 21:15   #3
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hier der OTL.TEXT

,kOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.06.2013 21:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tani\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 50,85% Memory free
8,96 Gb Paging File | 5,94 Gb Available in Paging File | 66,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907,17 Gb Total Space | 857,15 Gb Free Space | 94,49% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: Tani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.02 21:39:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tani\Downloads\OTL.exe
PRC - [2013.05.07 18:29:26 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.23 19:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.19 17:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012.10.19 17:34:16 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012.10.19 17:34:06 | 002,624,120 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012.09.06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.08.27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.08.15 21:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012.04.03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.19 17:34:20 | 000,110,200 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012.10.19 17:34:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012.10.19 17:34:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012.10.19 17:34:02 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012.10.19 17:34:02 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012.06.08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012.09.24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.09.24 17:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012.09.24 17:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012.09.21 03:51:08 | 000,091,472 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.09.13 05:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012.08.17 18:09:12 | 000,102,224 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012.08.15 18:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.04.09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.02.28 20:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 19:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.19 17:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012.09.06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.08.27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.08.15 12:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.04.03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.15 16:02:11 | 000,076,744 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\2dff9234.sys -- (2dff9234)
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.13 01:37:35 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 12:19:24 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.23 19:35:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.10 12:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.24 08:22:34 | 000,321,936 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.13 05:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.09.13 05:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.08.29 09:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.08.27 09:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.08.17 18:09:24 | 000,103,248 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012.08.17 18:09:24 | 000,023,376 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV:64bit: - [2012.08.06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.07.31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.27 22:00:04 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.06.12 14:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2011.07.09 06:53:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SABI.sys -- (SABI)
DRV - [2013.03.13 22:56:48 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\ex64.sys -- (NAVEX15)
DRV - [2013.03.13 22:56:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.13 22:56:48 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.03.13 22:56:48 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\eng64.sys -- (NAVENG)
DRV - [2013.03.12 17:03:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130316.002\IDSviA64.sys -- (IDSVia64)
DRV - [2013.03.01 03:09:56 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C46AB014-AC2D-4E36-8028-703D4BBD0C91}
IE:64bit: - HKLM\..\SearchScopes\{C46AB014-AC2D-4E36-8028-703D4BBD0C91}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {C46AB014-AC2D-4E36-8028-703D4BBD0C91}
IE - HKLM\..\SearchScopes\{C46AB014-AC2D-4E36-8028-703D4BBD0C91}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {C46AB014-AC2D-4E36-8028-703D4BBD0C91}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.06.02 21:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.06.02 21:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.03.13 08:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.25 04:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.06.02 21:12:35 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Google Mail = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW]  File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" File not found
O4 - HKCU..\Run: [EPSON SX210 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Users\Tani\AppData\Local\Temp\E_S427.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E1CD84-F8C0-479A-8536-FF9107713FF6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tani\Documents\ForceField Shared Files
[2013.06.02 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\CheckPoint
[2013.06.02 21:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.06.02 21:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.06.02 21:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.06.02 21:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.06.02 20:57:12 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\AVG2013
[2013.06.02 20:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.02 20:56:23 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\TuneUp Software
[2013.06.02 20:55:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.06.02 20:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.06.02 20:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.05.25 04:37:01 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\PDF Architect
[2013.05.25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Tani\Documents\PDF Architect Files
[2013.05.25 04:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.05.25 04:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.05.25 04:32:59 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\pdfforge
[2013.05.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.05.25 04:32:56 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\windows\SysNative\pdfcmon.dll
[2013.05.25 04:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.05.24 00:07:27 | 000,000,000 | ---D | C] -- C:\Users\Tani\Desktop\EC
[2013.03.13 01:53:02 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 21:38:22 | 000,000,000 | ---- | M] () -- C:\Users\Tani\defogger_reenable
[2013.06.02 21:34:04 | 000,001,118 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 21:14:47 | 000,417,507 | ---- | M] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2013.06.02 21:12:07 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.06.02 21:07:18 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.02 21:07:18 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.02 21:07:18 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.02 21:07:18 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.02 21:07:18 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.02 21:01:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.02 20:59:58 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 20:59:38 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.02 20:59:38 | 2326,601,727 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 20:56:24 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.02 20:51:28 | 000,421,792 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.26 21:38:52 | 002,663,286 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213851.jpg
[2013.05.26 21:38:42 | 002,494,992 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213841.jpg
[2013.05.26 21:38:38 | 003,047,381 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213837.jpg
[2013.05.26 21:36:17 | 002,715,596 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213617.jpg
[2013.05.26 21:36:10 | 002,780,260 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213610.jpg
[2013.05.26 21:35:32 | 002,295,319 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213532.jpg
[2013.05.26 21:35:07 | 002,991,477 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213507.jpg
[2013.05.26 21:34:57 | 001,995,523 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213457.jpg
[2013.05.26 21:34:41 | 002,992,978 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213441.jpg
[2013.05.25 10:29:54 | 146,551,997 | ---- | M] () -- C:\Users\Tani\Desktop\FINAL VERSION THESIS.pdf
[2013.05.25 04:36:51 | 148,630,792 | ---- | M] () -- C:\Users\Tani\Desktop\LLLLLLLLLLLLLLLLLLLLLLLLLLL.pdf
[2013.05.25 04:33:39 | 000,001,011 | ---- | M] () -- C:\Users\Tani\Desktop\PDF Architect.lnk
[2013.05.25 04:33:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.05.25 03:48:14 | 002,684,769 | ---- | M] () -- C:\Users\Tani\Desktop\Aktuelle Version BA.pdf
[2013.05.25 01:35:33 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.16 12:57:31 | 000,000,206 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013.05.16 09:32:22 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\SW Update.lnk
[2013.05.15 16:02:11 | 000,076,744 | ---- | M] () -- C:\windows\SysNative\drivers\2dff9234.sys
[2013.05.15 12:31:47 | 000,224,454 | ---- | M] () -- C:\Users\Tani\Desktop\Medizinfuchs.de.png
[2013.05.14 09:57:52 | 000,076,614 | ---- | M] () -- C:\Users\Tani\Desktop\Marketing-Mix.png
[2013.05.13 18:54:21 | 003,064,546 | ---- | M] () -- C:\Users\Tani\Desktop\Apotheke.pdf
[2013.05.13 13:56:00 | 000,160,812 | ---- | M] () -- C:\Users\Tani\Desktop\Bayer Orga.png
[2013.05.13 13:53:40 | 000,013,787 | ---- | M] () -- C:\Users\Tani\Desktop\Bayer.png
 
========== Files Created - No Company Name ==========
 
[2013.06.02 21:38:22 | 000,000,000 | ---- | C] () -- C:\Users\Tani\defogger_reenable
[2013.06.02 21:12:45 | 000,417,507 | ---- | C] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2013.06.02 21:12:07 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.06.02 20:56:23 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.02 20:51:23 | 000,421,792 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.26 21:46:49 | 002,814,361 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130404_192408.jpg
[2013.05.26 21:46:02 | 002,663,286 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213851.jpg
[2013.05.26 21:46:01 | 003,047,381 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213837.jpg
[2013.05.26 21:46:01 | 002,494,992 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213841.jpg
[2013.05.26 21:46:00 | 002,780,260 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213610.jpg
[2013.05.26 21:46:00 | 002,715,596 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213617.jpg
[2013.05.26 21:46:00 | 002,295,319 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213532.jpg
[2013.05.26 21:45:59 | 002,991,477 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213507.jpg
[2013.05.26 21:45:59 | 001,995,523 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213457.jpg
[2013.05.26 21:45:58 | 002,992,978 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213441.jpg
[2013.05.26 21:44:53 | 002,579,831 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130401_212353.jpg
[2013.05.26 21:44:50 | 002,296,235 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130401_212329.jpg
[2013.05.25 10:29:38 | 146,551,997 | ---- | C] () -- C:\Users\Tani\Desktop\FINAL VERSION THESIS.pdf
[2013.05.25 04:36:37 | 148,630,792 | ---- | C] () -- C:\Users\Tani\Desktop\LLLLLLLLLLLLLLLLLLLLLLLLLLL.pdf
[2013.05.25 04:33:38 | 000,001,011 | ---- | C] () -- C:\Users\Tani\Desktop\PDF Architect.lnk
[2013.05.25 04:33:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.05.25 03:48:14 | 002,684,769 | ---- | C] () -- C:\Users\Tani\Desktop\Aktuelle Version BA.pdf
[2013.05.21 22:43:28 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.05.16 12:57:31 | 000,000,206 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2013.05.16 09:32:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\SW Update.lnk
[2013.05.15 16:02:11 | 000,076,744 | ---- | C] () -- C:\windows\SysNative\drivers\2dff9234.sys
[2013.05.15 12:31:47 | 000,224,454 | ---- | C] () -- C:\Users\Tani\Desktop\Medizinfuchs.de.png
[2013.05.14 09:58:28 | 000,076,614 | ---- | C] () -- C:\Users\Tani\Desktop\Marketing-Mix.png
[2013.05.13 18:54:21 | 003,064,546 | ---- | C] () -- C:\Users\Tani\Desktop\Apotheke.pdf
[2013.05.13 13:55:59 | 000,160,812 | ---- | C] () -- C:\Users\Tani\Desktop\Bayer Orga.png
[2013.05.13 13:53:40 | 000,013,787 | ---- | C] () -- C:\Users\Tani\Desktop\Bayer.png
[2013.03.13 01:53:02 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013.03.07 20:09:18 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013.03.03 18:14:47 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2013.03.03 18:14:46 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2013.03.03 18:14:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2013.03.03 18:14:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2013.03.03 18:14:46 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2013.03.03 18:14:46 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2013.03.03 18:14:46 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2013.03.03 18:14:46 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2013.03.03 18:14:46 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2013.03.03 18:14:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2013.03.03 18:14:46 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat
[2013.03.03 18:14:46 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2013.03.03 18:14:46 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2013.03.03 18:14:46 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2013.03.03 18:14:46 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2013.03.03 18:14:46 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2013.03.03 18:14:46 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat
[2013.03.03 18:14:46 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat
[2013.03.03 18:14:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013.03.03 01:29:40 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.02 20:58:16 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Aqics
[2013.06.02 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\AVG2013
[2013.06.02 20:53:23 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Beloa
[2013.06.02 21:12:41 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\CheckPoint
[2013.06.02 20:58:27 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Dequ
[2013.05.02 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\DVDVideoSoft
[2013.03.04 22:47:32 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.03.25 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Ipbyso
[2013.06.02 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Ixik
[2013.06.02 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Mobye
[2013.05.25 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\PDF Architect
[2013.05.25 04:32:59 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\pdfforge
[2013.03.03 01:31:05 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Swiss Academic Software
[2013.03.03 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Synaptics
[2013.06.02 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\TuneUp Software
[2013.03.21 01:00:37 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Tyaxa
[2013.04.02 21:34:38 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Xora
[2013.04.02 21:34:38 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Ypuga
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Hier der Logfile ExtrasOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2013 21:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tani\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 50,85% Memory free
8,96 Gb Paging File | 5,94 Gb Available in Paging File | 66,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907,17 Gb Total Space | 857,15 Gb Free Space | 94,49% Space Free | Partition Type: NTFS
 
Computer Name: TANJA | User Name: Tani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F7D343D-FD69-4FB3-AB09-E5419556015A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{16D72D6A-6594-4782-BD9F-ED4356F53777}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{1D14BAE2-A439-46A9-8982-DDFC2570F248}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{47EED6DE-19DB-4E23-A986-561262C9FD7E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{50EE8916-1708-4D11-BA43-DD9F6CFE0DDF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{9CC5E9FC-3732-43ED-9E5E-287F27AF599B}" = dir=in | name=core networking - system ip core | 
"{9D6CA949-4F69-4389-9BA4-38962B4BB5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{B9D7B75F-ED00-4278-B1DC-20D7DEDE8477}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{D62C5597-5828-4CA3-87A0-D2F7CCB8821E}" = dir=out | name=core networking - system ip core | 
"{E9F10560-28C1-4BD8-BC6D-195968B19E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"TCP Query User{D1544E6A-0879-4BF3-AA56-AE51DFDC74A3}C:\users\tani\appdata\roaming\aqics\owpa.exe" = protocol=6 | dir=in | app=c:\users\tani\appdata\roaming\aqics\owpa.exe | 
"TCP Query User{F9B172A9-0916-4838-A79F-5ED8BD44E996}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{6924941B-28C4-4946-99F8-346B946E6584}C:\users\tani\appdata\roaming\aqics\owpa.exe" = protocol=17 | dir=in | app=c:\users\tani\appdata\roaming\aqics\owpa.exe | 
"UDP Query User{D361E4AE-202D-4ECF-8C9C-4A3941B49E14}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0728A184-F899-4356-B93D-8228674F0DEB}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{14FCF290-82AB-421A-9034-636EF90EB9E5}" = AVG 2013
"{1593C708-5535-47A4-8C0F-F8D4BE2B4560}" = Intel® PROSet/Wireless WiFi-Software
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{3EA6AB5D-D434-4ACA-9609-48F1319518EF}" = ExpressCache
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{539A70A8-95EC-474A-BDDF-92AB7A53762C}" = S Agent
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CD4FCF8-F955-42D2-824F-B33101886A79}" = Help Desk
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 307.32
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{ED8871B5-56A0-45AC-B8C6-B0DD85352664}" = Support Center
"{F5AA006A-1ABE-4F16-B6E1-FEE1F7D38102}" = AVG 2013
"AVG" = AVG 2013
"Elantech" = ETDWare PS/2-X64 11.14.1.3_WHQL
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{064A929A-4DE8-40CF-A901-BD40C14E4D25}" = PDF Architect
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43C711D9-67C9-4793-80D4-E957D638D531}" = SW Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{6C955C6B-83AB-402B-8E38-86CFBFB738B1}" = Support Center FAQ
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{B1C9F5CF-2EE4-414A-906B-37896B032E8F}" = User Guide
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Benutzerhandbuch" = Epson Stylus SX210_SX410_TX210_TX410 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"Google Chrome" = Google Chrome
"HyperSnap 7" = HyperSnap 7
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"NARA" = Norton Online Backup ARA
"NIS" = Norton Internet Security
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"VLC media player" = VLC media player 2.0.2
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2013 04:16:21 | Computer Name = Tanja | Source = ESENT | ID = 489
Description = taskhostex (18288) WebCacheLocal: Versuch, Datei "C:\Users\Tani\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 06.05.2013 04:16:21 | Computer Name = Tanja | Source = ESENT | ID = 455
Description = taskhostex (18288) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen
 von Protokolldatei C:\Users\Tani\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 06.05.2013 04:16:31 | Computer Name = Tanja | Source = ESENT | ID = 489
Description = taskhostex (18288) WebCacheLocal: Versuch, Datei "C:\Users\Tani\AppData\Local\Microsoft\Windows\WebCache\V01.log"
 für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
 kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet 
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 06.05.2013 04:16:31 | Computer Name = Tanja | Source = ESENT | ID = 455
Description = taskhostex (18288) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen
 von Protokolldatei C:\Users\Tani\AppData\Local\Microsoft\Windows\WebCache\V01.log.
 
Error - 06.05.2013 13:24:40 | Computer Name = Tanja | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f98    Startzeit: 01ce4a74368ce1e7    Endzeit: 11    Anwendungspfad: 
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID: d0c588d3-b671-11e2-be7f-c48508c7e79f

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
Error - 15.05.2013 10:03:45 | Computer Name = Tanja | Source = Perflib | ID = 1008
Description = 
 
Error - 16.05.2013 03:29:48 | Computer Name = Tanja | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CommonAgent.exe, Version: 1.0.9.6,
 Zeitstempel: 0x5088d436  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x1048  Startzeit der fehlerhaften Anwendung: 0x01ce517524ddc305
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Samsung\S Agent\CommonAgent.exe  Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 62bec8ce-bdfa-11e2-be80-c48508c7e79f
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 16.05.2013 17:31:53 | Computer Name = Tanja | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 256c    Startzeit: 01ce52767becdff8    Endzeit: 16    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE    Berichts-ID: 02d3c6ef-be70-11e2-be80-c48508c7e79f

Vollständiger
 Name des fehlerhaften Pakets:     Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist:   
 
Error - 20.05.2013 17:36:40 | Computer Name = Tanja | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433,
 Zeitstempel: 0x50763312  Name des fehlerhaften Moduls: thumbcache.dll, Version: 6.2.9200.16384,
 Zeitstempel: 0x501080ee  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000021db3
ID
 des fehlerhaften Prozesses: 0x1a4  Startzeit der fehlerhaften Anwendung: 0x01ce55998a510b98
Pfad
 der fehlerhaften Anwendung: C:\windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\System32\thumbcache.dll  Berichtskennung: 5b293fe0-c195-11e2-be81-c48508c7e79f
Vollständiger
 Name des fehlerhaften Pakets:   Anwendungs-ID, die relativ zum fehlerhaften Paket
 ist: 
 
Error - 25.05.2013 08:10:40 | Computer Name = Tanja | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Das Paket „Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe“ wurde beendet,
 da das Anhalten zu lange dauerte.
 
[ System Events ]
Error - 15.05.2013 10:03:32 | Computer Name = Tanja | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 15.05.2013 10:03:32 | Computer Name = Tanja | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist möglicherweise nicht installiert.
 
Error - 15.05.2013 10:03:32 | Computer Name = Tanja | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist möglicherweise nicht installiert.
 
Error - 16.05.2013 03:30:34 | Computer Name = Tanja | Source = Service Control Manager | ID = 7034
Description = Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.05.2013 03:32:26 | Computer Name = Tanja | Source = Service Control Manager | ID = 7030
Description = Der Dienst "SW Update Service" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 16.05.2013 16:54:09 | Computer Name = Tanja | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.05.2013 16:54:09 | Computer Name = Tanja | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.05.2013 16:54:09 | Computer Name = Tanja | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 16.05.2013 16:54:09 | Computer Name = Tanja | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
Error - 21.05.2013 12:37:12 | Computer Name = Tanja | Source = Service Control Manager | ID = 7043
Description = Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements
 nicht richtig heruntergefahren werden.
 
 
< End of report >
         
--- --- ---

GMER Logfile:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-02 22:38:20
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003c  rev. 0,00MB
Running: gmer_2.1.19163 (1).exe; Driver: C:\Users\Tani\AppData\Local\Temp\uxloipow.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\windows\system32\ntoskrnl.exe!KiCpuId + 988                                                                       fffff802e62cb41c 1 byte [31]

---- User code sections - GMER 2.1 ----

.text   C:\Program Files\Elantech\ETDCtrl.exe[6420] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                       000007f90c761532 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[6420] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                       000007f90c76153a 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Elantech\ETDCtrl.exe[6420] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                     000007f90c76165a 4 bytes [76, 0C, F9, 07]
.text   C:\windows\Explorer.EXE[4216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007f91117177a 4 bytes [17, 11, F9, 07]
.text   C:\windows\Explorer.EXE[4216] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007f911171782 4 bytes [17, 11, F9, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[5428] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                 000007f90c761532 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[5428] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                 000007f90c76153a 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Elantech\ETDCtrlHelper.exe[5428] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246               000007f90c76165a 4 bytes [76, 0C, F9, 07]
.text   C:\Windows\System32\igfxpers.exe[6476] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                  000007f91117177a 4 bytes [17, 11, F9, 07]
.text   C:\Windows\System32\igfxpers.exe[6476] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                  000007f911171782 4 bytes [17, 11, F9, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[9168] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306     000007f91117177a 4 bytes [17, 11, F9, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[9168] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314     000007f911171782 4 bytes [17, 11, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3056] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690             000007f90c761532 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3056] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698             000007f90c76153a 4 bytes [76, 0C, F9, 07]
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3056] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246           000007f90c76165a 4 bytes [76, 0C, F9, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3556] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306  000007f91117177a 4 bytes [17, 11, F9, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[3556] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314  000007f911171782 4 bytes [17, 11, F9, 07]
.text   C:\Windows\System32\rundll32.exe[3380] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007f90c761532 4 bytes [76, 0C, F9, 07]
.text   C:\Windows\System32\rundll32.exe[3380] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                            000007f90c76153a 4 bytes [76, 0C, F9, 07]
.text   C:\Windows\System32\rundll32.exe[3380] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007f90c76165a 4 bytes [76, 0C, F9, 07]
.text   C:\windows\system32\WLANExt.exe[3564] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                   000007f91117177a 4 bytes [17, 11, F9, 07]
.text   C:\windows\system32\WLANExt.exe[3564] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                   000007f911171782 4 bytes [17, 11, F9, 07]
.text   C:\windows\system32\WLANExt.exe[3564] C:\windows\system32\MSIMG32.dll!GradientFill + 690                             000007f90c761532 4 bytes [76, 0C, F9, 07]
.text   C:\windows\system32\WLANExt.exe[3564] C:\windows\system32\MSIMG32.dll!GradientFill + 698                             000007f90c76153a 4 bytes [76, 0C, F9, 07]
.text   C:\windows\system32\WLANExt.exe[3564] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246                           000007f90c76165a 4 bytes [76, 0C, F9, 07]

---- Threads - GMER 2.1 ----

Thread  C:\windows\system32\csrss.exe [4012:4384]                                                                            fffff9600085c5e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                unknown MBR code
Disk    \Device\Harddisk0\DR0                                                                                                sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----
         
--- --- ---
__________________

Alt 02.06.2013, 22:40   #4
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

ja dieser Rechner ist infiziert. Schauen wir noch was an:


Schritt 1

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke dann auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird auch noch eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste dessen Inhalt bitte hier.



Schritt 2

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von MBR Master
  • zip-Archiv von MBR Master
  • Log von TDSSKiller
__________________
cheers,
Leo

Alt 03.06.2013, 07:23   #5
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Detected Windows version: 6.2 Build 9200
Installing direct disk access driver ...
Driver connection handle: 0x00000174
2 valid drive(s) found.

Details for Disk 0 - ST1000LM024 HN-M101MBB Rev 2AR10002:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 121601/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194


Details for Disk 1 - SanDisk SSD i100 16GB Rev 11.00.04:
Device name : \\.\PhysicalDrive1
Geometry (C/H/S) : 1946/255/63
Boot loader reputation : Unknown
Cross view comparison : Passed
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 639AC5CDF8A5CF3245975932C6A4215450A7B98F
MD5 : 5FB38429D5D77768867C76DCBDB35194


Alt 03.06.2013, 07:25   #6
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



hier weiß ich leider nicht genau was ich posten soll da keine datei erstellt wurde. habe also den report erstellen lassen und kopiert
08:20:34.0721 10212 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:20:34.0721 10212 UEFI system
08:20:34.0877 10212 ============================================================
08:20:34.0877 10212 Current date / time: 2013/06/03 08:20:34.0877
08:20:34.0877 10212 SystemInfo:
08:20:34.0877 10212
08:20:34.0877 10212 OS Version: 6.2.9200 ServicePack: 0.0
08:20:34.0877 10212 Product type: Workstation
08:20:34.0877 10212 ComputerName: TANJA
08:20:34.0877 10212 UserName: Tani
08:20:34.0877 10212 Windows directory: C:\windows
08:20:34.0877 10212 System windows directory: C:\windows
08:20:34.0878 10212 Running under WOW64
08:20:34.0878 10212 Processor architecture: Intel x64
08:20:34.0878 10212 Number of processors: 4
08:20:34.0878 10212 Page size: 0x1000
08:20:34.0878 10212 Boot type: Normal boot
08:20:34.0878 10212 ============================================================
08:20:37.0218 10212 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:20:37.0220 10212 Drive \Device\Harddisk1\DR1 - Size: 0x3BA816000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:20:37.0229 10212 ============================================================
08:20:37.0229 10212 \Device\Harddisk0\DR0:
08:20:37.0245 10212 GPT partitions:
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {66FDCDFE-99EA-4FE1-AAA6-65BB8D3DE1F6}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFA000
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9B073CE0-9D77-4025-933A-C8EC274EB49A}, Name: EFI system partition, StartLBA 0xFA800, BlocksNum 0x96000
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AA184F3C-2FAE-4CCB-BF95-868DD6E31881}, Name: Microsoft reserved partition, StartLBA 0x190800, BlocksNum 0x40000
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {245B68AE-A09C-462A-90A1-E58E6F275EF6}, Name: Basic data partition, StartLBA 0x1D0800, BlocksNum 0x71655001
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B5EC48AE-237E-41A2-8C20-DBDE4DC67C5F}, Name: Basic data partition, StartLBA 0x71825801, BlocksNum 0x2CE1000
08:20:37.0246 10212 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {15AF3756-DE5C-46C4-4173-636C65706975}, Name: Basic data partition, StartLBA 0x74506801, BlocksNum 0x200000
08:20:37.0246 10212 MBR partitions:
08:20:37.0246 10212 \Device\Harddisk1\DR1:
08:20:37.0248 10212 MBR partitions:
08:20:37.0248 10212 ============================================================
08:20:37.0286 10212 C: <-> \Device\Harddisk0\DR0\Partition4
08:20:37.0286 10212 ============================================================
08:20:37.0286 10212 Initialize success
08:20:37.0286 10212 ============================================================
08:21:05.0985 10424 ============================================================
08:21:05.0985 10424 Scan started
08:21:05.0985 10424 Mode: Manual; SigCheck; TDLFS;
08:21:05.0985 10424 ============================================================
08:21:07.0195 10424 ================ Scan system memory ========================
08:21:07.0195 10424 System memory - ok
08:21:07.0196 10424 ================ Scan services =============================
08:21:07.0564 10424 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
08:21:07.0664 10424 1394ohci - ok
08:21:07.0783 10424 [ AE82D62FDB6455C60807A3D882864379 ] 2dff9234 C:\windows\system32\drivers\2dff9234.sys
08:21:07.0798 10424 2dff9234 ( UnsignedFile.Multi.Generic ) - warning
08:21:07.0799 10424 2dff9234 - detected UnsignedFile.Multi.Generic (1)
08:21:07.0875 10424 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\windows\system32\drivers\3ware.sys
08:21:07.0902 10424 3ware - ok
08:21:08.0085 10424 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\windows\system32\drivers\ACPI.sys
08:21:08.0122 10424 ACPI - ok
08:21:08.0141 10424 [ E3530CCC4018BBFC39176E579E438BE6 ] acpials C:\windows\system32\DRIVERS\acpials.sys
08:21:08.0165 10424 acpials - ok
08:21:08.0209 10424 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\windows\system32\Drivers\acpiex.sys
08:21:08.0233 10424 acpiex - ok
08:21:08.0350 10424 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
08:21:08.0374 10424 acpipagr - ok
08:21:08.0393 10424 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
08:21:08.0416 10424 AcpiPmi - ok
08:21:08.0483 10424 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\windows\System32\drivers\acpitime.sys
08:21:08.0508 10424 acpitime - ok
08:21:08.0724 10424 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:21:08.0743 10424 AdobeARMservice - ok
08:21:08.0807 10424 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\windows\system32\drivers\adp94xx.sys
08:21:08.0844 10424 adp94xx - ok
08:21:08.0888 10424 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\windows\system32\drivers\adpahci.sys
08:21:08.0923 10424 adpahci - ok
08:21:09.0001 10424 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\windows\system32\drivers\adpu320.sys
08:21:09.0029 10424 adpu320 - ok
08:21:09.0118 10424 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\windows\System32\aelupsvc.dll
08:21:09.0183 10424 AeLookupSvc - ok
08:21:09.0360 10424 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\windows\system32\drivers\afd.sys
08:21:09.0394 10424 AFD - ok
08:21:09.0433 10424 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\windows\system32\drivers\agp440.sys
08:21:09.0457 10424 agp440 - ok
08:21:09.0582 10424 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\windows\System32\alg.exe
08:21:09.0613 10424 ALG - ok
08:21:09.0685 10424 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
08:21:09.0713 10424 AllUserInstallAgent - ok
08:21:09.0811 10424 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\windows\System32\drivers\amdk8.sys
08:21:09.0836 10424 AmdK8 - ok
08:21:09.0893 10424 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\windows\System32\drivers\amdppm.sys
08:21:09.0918 10424 AmdPPM - ok
08:21:10.0004 10424 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\windows\system32\drivers\amdsata.sys
08:21:10.0028 10424 amdsata - ok
08:21:10.0087 10424 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
08:21:10.0118 10424 amdsbs - ok
08:21:10.0196 10424 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\windows\system32\drivers\amdxata.sys
08:21:10.0219 10424 amdxata - ok
08:21:10.0300 10424 [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5 ] AMPPAL C:\windows\System32\drivers\AMPPAL.sys
08:21:10.0334 10424 AMPPAL - ok
08:21:10.0392 10424 [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
08:21:10.0412 10424 AMPPALP - ok
08:21:10.0637 10424 [ 11DA9AEDEDE229C6BDF6889298E91FDD ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:21:10.0671 10424 AMPPALR3 - ok
08:21:10.0753 10424 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\windows\system32\drivers\appid.sys
08:21:10.0785 10424 AppID - ok
08:21:10.0854 10424 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\windows\System32\appidsvc.dll
08:21:10.0885 10424 AppIDSvc - ok
08:21:10.0984 10424 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\windows\System32\appinfo.dll
08:21:11.0009 10424 Appinfo - ok
08:21:11.0043 10424 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\windows\system32\drivers\arc.sys
08:21:11.0068 10424 arc - ok
08:21:11.0099 10424 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\windows\system32\drivers\arcsas.sys
08:21:11.0124 10424 arcsas - ok
08:21:11.0158 10424 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
08:21:11.0189 10424 AsyncMac - ok
08:21:11.0216 10424 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\windows\system32\drivers\atapi.sys
08:21:11.0238 10424 atapi - ok
08:21:11.0370 10424 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
08:21:11.0399 10424 AudioEndpointBuilder - ok
08:21:11.0564 10424 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\windows\System32\Audiosrv.dll
08:21:11.0602 10424 Audiosrv - ok
08:21:11.0706 10424 [ 58D7FAF5C81ECEFFD2EDEDA9C2619D82 ] Avgboota C:\windows\system32\DRIVERS\avgboota.sys
08:21:11.0730 10424 Avgboota - ok
08:21:12.0904 10424 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
08:21:13.0058 10424 AVGIDSAgent - ok
08:21:13.0200 10424 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
08:21:13.0221 10424 AVGIDSDriver - ok
08:21:13.0350 10424 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
08:21:13.0370 10424 AVGIDSHA - ok
08:21:13.0487 10424 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
08:21:13.0508 10424 Avgldx64 - ok
08:21:13.0569 10424 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\windows\system32\DRIVERS\avgloga.sys
08:21:13.0591 10424 Avgloga - ok
08:21:13.0623 10424 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
08:21:13.0642 10424 Avgmfx64 - ok
08:21:13.0693 10424 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
08:21:13.0712 10424 Avgrkx64 - ok
08:21:13.0788 10424 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
08:21:13.0810 10424 avgwd - ok
08:21:13.0834 10424 [ 64A0A811F096834E8B85AB5009609D10 ] Avgwfpa C:\windows\system32\DRIVERS\avgwfpa.sys
08:21:13.0856 10424 Avgwfpa - ok
08:21:13.0882 10424 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\windows\System32\AxInstSV.dll
08:21:13.0910 10424 AxInstSV - ok
08:21:13.0966 10424 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
08:21:14.0007 10424 b06bdrv - ok
08:21:14.0038 10424 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
08:21:14.0063 10424 BasicDisplay - ok
08:21:14.0084 10424 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
08:21:14.0110 10424 BasicRender - ok
08:21:14.0166 10424 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\windows\System32\bdesvc.dll
08:21:14.0194 10424 BDESVC - ok
08:21:14.0255 10424 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\windows\system32\drivers\Beep.sys
08:21:14.0282 10424 Beep - ok
08:21:14.0324 10424 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\windows\System32\bfe.dll
08:21:14.0361 10424 BFE - ok
08:21:14.0617 10424 [ 866335C9C0E6733C753FB472C539A6B9 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys
08:21:14.0677 10424 BHDrvx64 - ok
08:21:14.0731 10424 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\windows\System32\qmgr.dll
08:21:14.0805 10424 BITS - ok
08:21:15.0040 10424 [ 13C358D27CBFAF537FA7CA48B9052CF3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
08:21:15.0084 10424 Bluetooth Device Monitor - ok
08:21:15.0125 10424 [ 7525C93645FDA8E9D8F677FEA833798A ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
08:21:15.0170 10424 Bluetooth OBEX Service - ok
08:21:15.0184 10424 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\windows\system32\DRIVERS\bowser.sys
08:21:15.0214 10424 bowser - ok
08:21:15.0296 10424 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
08:21:15.0323 10424 BrokerInfrastructure - ok
08:21:15.0436 10424 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\windows\System32\browser.dll
08:21:15.0463 10424 Browser - ok
08:21:15.0492 10424 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
08:21:15.0516 10424 BthAvrcpTg - ok
08:21:15.0571 10424 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\windows\System32\drivers\BthEnum.sys
08:21:15.0595 10424 BthEnum - ok
08:21:15.0626 10424 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
08:21:15.0668 10424 BthHFEnum - ok
08:21:15.0696 10424 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
08:21:15.0720 10424 bthhfhid - ok
08:21:15.0752 10424 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\windows\system32\DRIVERS\BthLEEnum.sys
08:21:15.0798 10424 BthLEEnum - ok
08:21:15.0805 10424 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
08:21:15.0849 10424 BTHMODEM - ok
08:21:15.0870 10424 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
08:21:15.0895 10424 BthPan - ok
08:21:16.0129 10424 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
08:21:16.0173 10424 BTHPORT - ok
08:21:16.0191 10424 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\windows\system32\bthserv.dll
08:21:16.0217 10424 bthserv - ok
08:21:16.0246 10424 [ 53ECA72327243009C4D49BF934134A1B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:21:16.0266 10424 BTHSSecurityMgr - ok
08:21:16.0283 10424 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
08:21:16.0308 10424 BTHUSB - ok
08:21:16.0386 10424 [ 7235891AF09D13C4214DEEE57ED331D0 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
08:21:16.0409 10424 btmaux - ok
08:21:16.0517 10424 [ 76D0DDD58A773CA1BFB4D30AAE03517A ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
08:21:16.0555 10424 btmhsf - ok
08:21:16.0637 10424 [ E41F70406C34F1CB667B4B27D81AD162 ] ccSet_NARA C:\windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
08:21:16.0657 10424 ccSet_NARA - ok
08:21:16.0761 10424 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\windows\system32\drivers\NISx64\1403010.016\ccSetx64.sys
08:21:16.0785 10424 ccSet_NIS - ok
08:21:16.0816 10424 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
08:21:16.0843 10424 cdfs - ok
08:21:16.0865 10424 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\windows\System32\drivers\cdrom.sys
08:21:16.0892 10424 cdrom - ok
08:21:17.0017 10424 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\windows\System32\certprop.dll
08:21:17.0052 10424 CertPropSvc - ok
08:21:17.0129 10424 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\windows\System32\drivers\circlass.sys
08:21:17.0172 10424 circlass - ok
08:21:17.0286 10424 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\windows\system32\drivers\CLFS.sys
08:21:17.0320 10424 CLFS - ok
08:21:17.0364 10424 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
08:21:17.0384 10424 CLVirtualDrive - ok
08:21:17.0399 10424 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\windows\System32\drivers\CmBatt.sys
08:21:17.0424 10424 CmBatt - ok
08:21:17.0504 10424 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\windows\system32\Drivers\cng.sys
08:21:17.0546 10424 CNG - ok
08:21:17.0600 10424 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
08:21:17.0645 10424 CompositeBus - ok
08:21:17.0651 10424 COMSysApp - ok
08:21:17.0674 10424 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\windows\system32\drivers\condrv.sys
08:21:17.0700 10424 condrv - ok
08:21:17.0888 10424 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
08:21:17.0916 10424 cphs - ok
08:21:17.0947 10424 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\windows\system32\cryptsvc.dll
08:21:17.0975 10424 CryptSvc - ok
08:21:18.0007 10424 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\windows\system32\drivers\dam.sys
08:21:18.0034 10424 dam - ok
08:21:18.0092 10424 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\windows\system32\rpcss.dll
08:21:18.0132 10424 DcomLaunch - ok
08:21:18.0167 10424 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\windows\System32\defragsvc.dll
08:21:18.0209 10424 defragsvc - ok
08:21:18.0233 10424 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\windows\system32\das.dll
08:21:18.0276 10424 DeviceAssociationService - ok
08:21:18.0309 10424 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
08:21:18.0338 10424 DeviceInstall - ok
08:21:18.0367 10424 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
08:21:18.0392 10424 Dfsc - ok
08:21:18.0435 10424 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\windows\system32\dhcpcore.dll
08:21:18.0465 10424 Dhcp - ok
08:21:18.0494 10424 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\windows\system32\drivers\discache.sys
08:21:18.0531 10424 discache - ok
08:21:18.0551 10424 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\windows\system32\drivers\disk.sys
08:21:18.0579 10424 disk - ok
08:21:18.0648 10424 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\windows\System32\drivers\dmvsc.sys
08:21:18.0673 10424 dmvsc - ok
08:21:18.0702 10424 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\windows\System32\dnsrslvr.dll
08:21:18.0731 10424 Dnscache - ok
08:21:18.0762 10424 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\windows\System32\dot3svc.dll
08:21:18.0800 10424 dot3svc - ok
08:21:18.0863 10424 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\windows\system32\dps.dll
08:21:18.0902 10424 DPS - ok
08:21:18.0944 10424 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\windows\system32\drivers\drmkaud.sys
08:21:18.0972 10424 drmkaud - ok
08:21:18.0992 10424 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
08:21:19.0024 10424 DsmSvc - ok
08:21:19.0080 10424 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
08:21:19.0155 10424 DXGKrnl - ok
08:21:19.0189 10424 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\windows\System32\eapsvc.dll
08:21:19.0221 10424 Eaphost - ok
08:21:19.0340 10424 [ 4CB40489AA9CDCA9A9DAB55EDA23CD4A ] Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
08:21:19.0406 10424 Easy Launcher - ok
08:21:19.0557 10424 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\windows\system32\drivers\evbda.sys
08:21:19.0705 10424 ebdrv - ok
08:21:19.0774 10424 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
08:21:19.0802 10424 eeCtrl - ok
08:21:19.0841 10424 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\windows\System32\lsass.exe
08:21:19.0868 10424 EFS - ok
08:21:19.0900 10424 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
08:21:19.0927 10424 EhStorClass - ok
08:21:19.0947 10424 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
08:21:19.0973 10424 EhStorTcgDrv - ok
08:21:20.0001 10424 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:21:20.0020 10424 EraserUtilRebootDrv - ok
08:21:20.0026 10424 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\windows\System32\drivers\errdev.sys
08:21:20.0050 10424 ErrDev - ok
08:21:20.0091 10424 [ 2E0833BC54C2E2FF81F26AF78216F8FD ] ETD C:\windows\system32\DRIVERS\ETD.sys
08:21:20.0118 10424 ETD - ok
08:21:20.0140 10424 [ F0DECB2B27FEFC7A9C6E8B50C04A3724 ] ETDService C:\Program Files\Elantech\ETDService.exe
08:21:20.0159 10424 ETDService - ok
08:21:20.0251 10424 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\windows\system32\es.dll
08:21:20.0288 10424 EventSystem - ok
08:21:20.0363 10424 [ 933723A47E9B7B22208F79F0F40A249A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:21:20.0401 10424 EvtEng - ok
08:21:20.0446 10424 [ 2F7D6F7E2F264D60D48981C3178B93C7 ] excfs C:\windows\system32\DRIVERS\excfs.sys
08:21:20.0468 10424 excfs - ok
08:21:20.0495 10424 [ 313E08AFCB4C2F6831A5F7A3F847C53E ] excsd C:\windows\system32\DRIVERS\excsd.sys
08:21:20.0517 10424 excsd - ok
08:21:20.0538 10424 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\windows\system32\drivers\exfat.sys
08:21:20.0579 10424 exfat - ok
08:21:20.0615 10424 [ A32BCA68B50B0BE2058A1467F6DD7488 ] ExpressCache C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
08:21:20.0635 10424 ExpressCache - ok
08:21:20.0644 10424 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\windows\system32\drivers\fastfat.sys
08:21:20.0673 10424 fastfat - ok
08:21:20.0728 10424 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\windows\system32\fxssvc.exe
08:21:20.0765 10424 Fax - ok
08:21:20.0771 10424 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\windows\System32\drivers\fdc.sys
08:21:20.0797 10424 fdc - ok
08:21:20.0820 10424 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\windows\system32\fdPHost.dll
08:21:20.0856 10424 fdPHost - ok
08:21:20.0868 10424 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\windows\system32\fdrespub.dll
08:21:20.0904 10424 FDResPub - ok
08:21:20.0954 10424 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\windows\system32\fhsvc.dll
08:21:20.0980 10424 fhsvc - ok
08:21:20.0997 10424 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
08:21:21.0021 10424 FileInfo - ok
08:21:21.0041 10424 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\windows\system32\drivers\filetrace.sys
08:21:21.0076 10424 Filetrace - ok
08:21:21.0082 10424 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\windows\System32\drivers\flpydisk.sys
08:21:21.0108 10424 flpydisk - ok
08:21:21.0130 10424 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\windows\system32\drivers\fltmgr.sys
08:21:21.0165 10424 FltMgr - ok
08:21:21.0217 10424 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\windows\system32\FntCache.dll
08:21:21.0267 10424 FontCache - ok
08:21:21.0378 10424 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:21:21.0401 10424 FontCache3.0.0.0 - ok
08:21:21.0427 10424 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\windows\system32\drivers\FsDepends.sys
08:21:21.0451 10424 FsDepends - ok
08:21:21.0469 10424 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
08:21:21.0492 10424 Fs_Rec - ok
08:21:21.0537 10424 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
08:21:21.0577 10424 fvevol - ok
08:21:21.0608 10424 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\windows\System32\drivers\fxppm.sys
08:21:21.0632 10424 FxPPM - ok
08:21:21.0650 10424 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
08:21:21.0675 10424 gagp30kx - ok
08:21:21.0692 10424 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
08:21:21.0717 10424 gencounter - ok
08:21:21.0739 10424 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
08:21:21.0766 10424 GPIOClx0101 - ok
08:21:21.0815 10424 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\windows\System32\gpsvc.dll
08:21:21.0873 10424 gpsvc - ok
08:21:21.0907 10424 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:21:21.0930 10424 gupdate - ok
08:21:21.0936 10424 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:21:21.0960 10424 gupdatem - ok
08:21:22.0001 10424 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:21:22.0039 10424 HdAudAddService - ok
08:21:22.0073 10424 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
08:21:22.0101 10424 HDAudBus - ok
08:21:22.0127 10424 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\windows\System32\drivers\HidBatt.sys
08:21:22.0151 10424 HidBatt - ok
08:21:22.0175 10424 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\windows\System32\drivers\hidbth.sys
08:21:22.0201 10424 HidBth - ok
08:21:22.0219 10424 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
08:21:22.0244 10424 hidi2c - ok
08:21:22.0264 10424 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\windows\System32\drivers\hidir.sys
08:21:22.0310 10424 HidIr - ok
08:21:22.0336 10424 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\windows\system32\hidserv.dll
08:21:22.0362 10424 hidserv - ok
08:21:22.0398 10424 [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\windows\System32\drivers\hidusb.sys
08:21:22.0424 10424 HidUsb - ok
08:21:22.0459 10424 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\windows\system32\kmsvc.dll
08:21:22.0492 10424 hkmsvc - ok
08:21:22.0521 10424 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:21:22.0551 10424 HomeGroupListener - ok
08:21:22.0587 10424 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:21:22.0619 10424 HomeGroupProvider - ok
08:21:22.0643 10424 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
08:21:22.0667 10424 HpSAMD - ok
08:21:22.0824 10424 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\windows\system32\drivers\HTTP.sys
08:21:22.0864 10424 HTTP - ok
08:21:22.0882 10424 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
08:21:22.0906 10424 hwpolicy - ok
08:21:22.0917 10424 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
08:21:22.0945 10424 hyperkbd - ok
08:21:22.0951 10424 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
08:21:22.0976 10424 HyperVideo - ok
08:21:22.0988 10424 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\windows\System32\drivers\i8042prt.sys
08:21:23.0015 10424 i8042prt - ok
08:21:23.0108 10424 [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA C:\windows\system32\drivers\iaStorA.sys
08:21:23.0141 10424 iaStorA - ok
08:21:23.0174 10424 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
08:21:23.0210 10424 iaStorV - ok
08:21:23.0238 10424 [ C430482AC892D52CED021EDDD4D368A2 ] ibtfltcoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
08:21:23.0258 10424 ibtfltcoex - ok
08:21:23.0410 10424 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130316.002\IDSvia64.sys
08:21:23.0439 10424 IDSVia64 - ok
08:21:23.0575 10424 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
08:21:23.0687 10424 igfx - ok
08:21:23.0709 10424 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\windows\system32\drivers\iirsp.sys
08:21:23.0733 10424 iirsp - ok
08:21:23.0793 10424 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\windows\System32\ikeext.dll
08:21:23.0836 10424 IKEEXT - ok
08:21:23.0939 10424 [ 8524178B895E4BC04776B319DA3A70EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
08:21:24.0053 10424 IntcAzAudAddService - ok
08:21:24.0075 10424 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\windows\system32\drivers\intelide.sys
08:21:24.0098 10424 intelide - ok
08:21:24.0131 10424 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\windows\System32\drivers\intelppm.sys
08:21:24.0157 10424 intelppm - ok
08:21:24.0189 10424 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
08:21:24.0221 10424 IpFilterDriver - ok
08:21:24.0262 10424 [ C217B8D2E58C57A319B16125C3D4B69C ] IpHlpSvc C:\windows\System32\iphlpsvc.dll
08:21:24.0302 10424 IpHlpSvc - ok
08:21:24.0309 10424 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
08:21:24.0335 10424 IPMIDRV - ok
08:21:24.0348 10424 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\windows\system32\drivers\ipnat.sys
08:21:24.0379 10424 IPNAT - ok
08:21:24.0403 10424 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\windows\system32\drivers\irenum.sys
08:21:24.0429 10424 IRENUM - ok
08:21:24.0434 10424 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\windows\system32\drivers\isapnp.sys
08:21:24.0458 10424 isapnp - ok
08:21:24.0475 10424 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
08:21:24.0506 10424 iScsiPrt - ok
08:21:24.0597 10424 [ BE72D2B3A99615F84E270C80F0A18448 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
08:21:24.0615 10424 ISWKL - ok
08:21:24.0783 10424 [ D9A4C1353CC653F8E2FE4D2C6A490E96 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
08:21:24.0819 10424 IswSvc - ok
08:21:24.0846 10424 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
08:21:24.0870 10424 kbdclass - ok
08:21:24.0893 10424 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\windows\System32\drivers\kbdhid.sys
08:21:24.0922 10424 kbdhid - ok
08:21:24.0944 10424 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
08:21:24.0973 10424 kdnic - ok
08:21:25.0000 10424 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\windows\system32\lsass.exe
08:21:25.0030 10424 KeyIso - ok
08:21:25.0057 10424 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
08:21:25.0089 10424 KSecDD - ok
08:21:25.0116 10424 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
08:21:25.0156 10424 KSecPkg - ok
08:21:25.0178 10424 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
08:21:25.0205 10424 ksthunk - ok
08:21:25.0284 10424 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\windows\system32\msdtckrm.dll
08:21:25.0319 10424 KtmRm - ok
08:21:25.0353 10424 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\windows\system32\srvsvc.dll
08:21:25.0386 10424 LanmanServer - ok
08:21:25.0417 10424 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:21:25.0448 10424 LanmanWorkstation - ok
08:21:25.0465 10424 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
08:21:25.0496 10424 lltdio - ok
08:21:25.0544 10424 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\windows\System32\lltdsvc.dll
08:21:25.0582 10424 lltdsvc - ok
08:21:25.0599 10424 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\windows\System32\lmhsvc.dll
08:21:25.0624 10424 lmhosts - ok
08:21:25.0639 10424 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
08:21:25.0664 10424 LSI_SAS - ok
08:21:25.0671 10424 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
08:21:25.0696 10424 LSI_SAS2 - ok
08:21:25.0703 10424 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
08:21:25.0729 10424 LSI_SCSI - ok
08:21:25.0743 10424 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
08:21:25.0767 10424 LSI_SSS - ok
08:21:25.0800 10424 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\windows\System32\lsm.dll
08:21:25.0832 10424 LSM - ok
08:21:25.0849 10424 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\windows\system32\drivers\luafv.sys
08:21:25.0885 10424 luafv - ok
08:21:25.0892 10424 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\windows\system32\drivers\megasas.sys
08:21:25.0916 10424 megasas - ok
08:21:25.0944 10424 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
08:21:25.0978 10424 MegaSR - ok
08:21:26.0013 10424 [ 2BB3EAE2EA641515D4B205CAB29E1624 ] MEIx64 C:\windows\System32\drivers\HECIx64.sys
08:21:26.0056 10424 MEIx64 - ok
08:21:26.0126 10424 Microsoft SharePoint Workspace Audit Service - ok
08:21:26.0163 10424 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\windows\system32\mmcss.dll
08:21:26.0189 10424 MMCSS - ok
08:21:26.0195 10424 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\windows\system32\drivers\modem.sys
08:21:26.0225 10424 Modem - ok
08:21:26.0252 10424 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\windows\System32\drivers\monitor.sys
08:21:26.0276 10424 monitor - ok
08:21:26.0313 10424 [ 618446B98C79776654340CE27C73485E ] mouclass C:\windows\System32\drivers\mouclass.sys
08:21:26.0337 10424 mouclass - ok
08:21:26.0363 10424 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\windows\System32\drivers\mouhid.sys
08:21:26.0387 10424 mouhid - ok
08:21:26.0403 10424 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\windows\system32\drivers\mountmgr.sys
08:21:26.0430 10424 mountmgr - ok
08:21:26.0467 10424 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
08:21:26.0492 10424 mpsdrv - ok
08:21:26.0534 10424 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\windows\system32\mpssvc.dll
08:21:26.0577 10424 MpsSvc - ok
08:21:26.0627 10424 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
08:21:26.0657 10424 MRxDAV - ok
08:21:26.0686 10424 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
08:21:26.0716 10424 mrxsmb - ok
08:21:26.0749 10424 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
08:21:26.0778 10424 mrxsmb10 - ok
08:21:26.0807 10424 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
08:21:26.0834 10424 mrxsmb20 - ok
08:21:26.0884 10424 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
08:21:26.0916 10424 MsBridge - ok
08:21:26.0948 10424 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\windows\System32\msdtc.exe
08:21:26.0977 10424 MSDTC - ok
08:21:26.0989 10424 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\windows\system32\drivers\Msfs.sys
08:21:27.0015 10424 Msfs - ok
08:21:27.0046 10424 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
08:21:27.0069 10424 msgpiowin32 - ok
08:21:27.0090 10424 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
08:21:27.0116 10424 mshidkmdf - ok
08:21:27.0136 10424 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
08:21:27.0160 10424 mshidumdf - ok
08:21:27.0181 10424 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\windows\system32\drivers\msisadrv.sys
08:21:27.0204 10424 msisadrv - ok
08:21:27.0240 10424 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\windows\system32\iscsiexe.dll
08:21:27.0268 10424 MSiSCSI - ok
08:21:27.0274 10424 msiserver - ok
08:21:27.0296 10424 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
08:21:27.0321 10424 MSKSSRV - ok
08:21:27.0327 10424 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
08:21:27.0354 10424 MsLldp - ok
08:21:27.0359 10424 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
08:21:27.0384 10424 MSPCLOCK - ok
08:21:27.0390 10424 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
08:21:27.0414 10424 MSPQM - ok
08:21:27.0436 10424 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
08:21:27.0472 10424 MsRPC - ok
08:21:27.0502 10424 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\windows\System32\drivers\mssmbios.sys
08:21:27.0525 10424 mssmbios - ok
08:21:27.0538 10424 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
08:21:27.0566 10424 MSTEE - ok
08:21:27.0573 10424 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\windows\System32\drivers\MTConfig.sys
08:21:27.0600 10424 MTConfig - ok
08:21:27.0619 10424 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\windows\system32\Drivers\mup.sys
08:21:27.0644 10424 Mup - ok
08:21:27.0657 10424 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\windows\system32\drivers\mvumis.sys
08:21:27.0682 10424 mvumis - ok
08:21:27.0780 10424 [ D8C1FE237762249C879760E7F3ABFC1F ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:21:27.0803 10424 MyWiFiDHCPDNS - ok
08:21:27.0942 10424 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\windows\system32\qagentRT.dll
08:21:27.0982 10424 napagent - ok
08:21:28.0045 10424 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
08:21:28.0078 10424 NativeWifiP - ok
08:21:28.0173 10424 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\ENG64.SYS
08:21:28.0193 10424 NAVENG - ok
08:21:28.0387 10424 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\EX64.SYS
08:21:28.0454 10424 NAVEX15 - ok
08:21:28.0487 10424 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\windows\System32\ncasvc.dll
08:21:28.0516 10424 NcaSvc - ok
08:21:28.0523 10424 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
08:21:28.0557 10424 NcdAutoSetup - ok
08:21:28.0593 10424 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\windows\system32\drivers\ndis.sys
08:21:28.0646 10424 NDIS - ok
08:21:28.0668 10424 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
08:21:28.0698 10424 NdisCap - ok
08:21:28.0705 10424 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
08:21:28.0731 10424 NdisImPlatform - ok
08:21:28.0757 10424 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
08:21:28.0782 10424 NdisTapi - ok
08:21:28.0797 10424 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
08:21:28.0821 10424 Ndisuio - ok
08:21:28.0839 10424 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
08:21:28.0871 10424 NdisWan - ok
08:21:28.0878 10424 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
08:21:28.0910 10424 NDISWANLEGACY - ok
08:21:28.0943 10424 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
08:21:28.0968 10424 NDProxy - ok
08:21:28.0994 10424 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\windows\system32\drivers\Ndu.sys
08:21:29.0021 10424 Ndu - ok
08:21:29.0035 10424 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
08:21:29.0065 10424 NetBIOS - ok
08:21:29.0089 10424 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
08:21:29.0119 10424 NetBT - ok
08:21:29.0137 10424 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\windows\system32\lsass.exe
08:21:29.0164 10424 Netlogon - ok
08:21:29.0197 10424 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\windows\System32\netman.dll
08:21:29.0232 10424 Netman - ok
08:21:29.0310 10424 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\windows\System32\netprofmsvc.dll
08:21:29.0344 10424 netprofm - ok
08:21:29.0389 10424 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:21:29.0414 10424 NetTcpPortSharing - ok
08:21:29.0516 10424 [ 8CEF52F56EE6E9C4DDD374CE8E2E3DC6 ] NETwNe64 C:\windows\system32\DRIVERS\NETwew00.sys
08:21:29.0638 10424 NETwNe64 - ok
08:21:29.0665 10424 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
08:21:29.0689 10424 nfrd960 - ok
08:21:29.0756 10424 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
08:21:29.0776 10424 NIS - ok
08:21:29.0808 10424 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\windows\System32\nlasvc.dll
08:21:29.0840 10424 NlaSvc - ok
08:21:29.0937 10424 [ 9B70CE32DD84A674B100BEA37F756016 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
08:21:30.0044 10424 NOBU - ok
08:21:30.0067 10424 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\windows\system32\drivers\Npfs.sys
08:21:30.0093 10424 Npfs - ok
08:21:30.0108 10424 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
08:21:30.0144 10424 npsvctrig - ok
08:21:30.0168 10424 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\windows\system32\nsisvc.dll
08:21:30.0195 10424 nsi - ok
08:21:30.0201 10424 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
08:21:30.0227 10424 nsiproxy - ok
08:21:30.0308 10424 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
08:21:30.0393 10424 Ntfs - ok
08:21:30.0404 10424 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\windows\system32\drivers\Null.sys
08:21:30.0430 10424 Null - ok
08:21:30.0684 10424 [ 859DE855E2033DA779A8DF6A5D3F70EF ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
08:21:31.0015 10424 nvlddmkm - ok
08:21:31.0036 10424 [ F284328A608A5BAF53BDBEF39DFDF4F4 ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys
08:21:31.0054 10424 nvpciflt - ok
08:21:31.0088 10424 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\windows\system32\drivers\nvraid.sys
08:21:31.0114 10424 nvraid - ok
08:21:31.0122 10424 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\windows\system32\drivers\nvstor.sys
08:21:31.0149 10424 nvstor - ok
08:21:31.0187 10424 [ 51D0D2020A7A05D288DDDD4D7743BD69 ] nvsvc C:\windows\system32\nvvsvc.exe
08:21:31.0228 10424 nvsvc - ok
08:21:31.0287 10424 [ 6821F2DF8E4BDCE734C036F90D60C771 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
08:21:31.0335 10424 nvUpdatusService - ok
08:21:31.0359 10424 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
08:21:31.0385 10424 nv_agp - ok
08:21:31.0432 10424 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:21:31.0453 10424 ose - ok
08:21:31.0640 10424 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:21:31.0773 10424 osppsvc - ok
08:21:31.0822 10424 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\windows\system32\pnrpsvc.dll
08:21:31.0853 10424 p2pimsvc - ok
08:21:31.0874 10424 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\windows\system32\p2psvc.dll
08:21:31.0907 10424 p2psvc - ok
08:21:31.0933 10424 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\windows\System32\drivers\parport.sys
08:21:31.0960 10424 Parport - ok
08:21:31.0992 10424 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\windows\system32\drivers\partmgr.sys
08:21:32.0018 10424 partmgr - ok
08:21:32.0051 10424 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\windows\System32\pcasvc.dll
08:21:32.0084 10424 PcaSvc - ok
08:21:32.0094 10424 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\windows\system32\drivers\pci.sys
08:21:32.0123 10424 pci - ok
08:21:32.0137 10424 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\windows\system32\drivers\pciide.sys
08:21:32.0160 10424 pciide - ok
08:21:32.0178 10424 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
08:21:32.0208 10424 pcmcia - ok
08:21:32.0214 10424 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\windows\system32\drivers\pcw.sys
08:21:32.0237 10424 pcw - ok
08:21:32.0259 10424 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\windows\system32\drivers\pdc.sys
08:21:32.0283 10424 pdc - ok
08:21:32.0359 10424 [ 20372BE109FEE1C37E2D5216680DB9EB ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
08:21:32.0408 10424 PDF Architect Helper Service - ok
08:21:32.0447 10424 [ B90A279073A815A4AA2C45A09EE004FA ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
08:21:32.0482 10424 PDF Architect Service - ok
08:21:32.0518 10424 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\windows\system32\drivers\peauth.sys
08:21:32.0555 10424 PEAUTH - ok
08:21:32.0640 10424 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\windows\SysWow64\perfhost.exe
08:21:32.0667 10424 PerfHost - ok
08:21:32.0737 10424 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\windows\system32\pla.dll
08:21:32.0799 10424 pla - ok
08:21:32.0841 10424 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\windows\system32\umpnpmgr.dll
08:21:32.0871 10424 PlugPlay - ok
08:21:32.0888 10424 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
08:21:32.0914 10424 PNRPAutoReg - ok
08:21:32.0931 10424 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\windows\system32\pnrpsvc.dll
08:21:32.0962 10424 PNRPsvc - ok
08:21:32.0998 10424 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
08:21:33.0039 10424 PolicyAgent - ok
08:21:33.0082 10424 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\windows\system32\umpo.dll
08:21:33.0110 10424 Power - ok
08:21:33.0140 10424 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
08:21:33.0172 10424 PptpMiniport - ok
08:21:33.0386 10424 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
08:21:33.0456 10424 PrintNotify - ok
08:21:33.0496 10424 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\windows\System32\drivers\processr.sys
08:21:33.0522 10424 Processor - ok
08:21:33.0582 10424 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\windows\system32\profsvc.dll
08:21:33.0615 10424 ProfSvc - ok
08:21:33.0635 10424 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\windows\system32\DRIVERS\pacer.sys
08:21:33.0667 10424 Psched - ok
08:21:33.0686 10424 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\windows\system32\qwave.dll
08:21:33.0721 10424 QWAVE - ok
08:21:33.0756 10424 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
08:21:33.0783 10424 QWAVEdrv - ok
08:21:33.0813 10424 [ 194ED3C117525613E701FF257882303E ] RadioHIDMini C:\windows\System32\drivers\RadioHIDMini.sys
08:21:33.0831 10424 RadioHIDMini - ok
08:21:33.0838 10424 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
08:21:33.0870 10424 RasAcd - ok
08:21:33.0898 10424 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
08:21:33.0929 10424 RasAgileVpn - ok
08:21:33.0952 10424 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\windows\System32\rasauto.dll
08:21:33.0985 10424 RasAuto - ok
08:21:34.0007 10424 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
08:21:34.0039 10424 Rasl2tp - ok
08:21:34.0074 10424 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\windows\System32\rasmans.dll
08:21:34.0112 10424 RasMan - ok
08:21:34.0149 10424 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
08:21:34.0181 10424 RasPppoe - ok
08:21:34.0197 10424 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
08:21:34.0229 10424 RasSstp - ok
08:21:34.0290 10424 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
08:21:34.0322 10424 rdbss - ok
08:21:34.0358 10424 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
08:21:34.0385 10424 rdpbus - ok
08:21:34.0472 10424 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
08:21:34.0503 10424 RDPDR - ok
08:21:34.0540 10424 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
08:21:34.0568 10424 RdpVideoMiniport - ok
08:21:34.0596 10424 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
08:21:34.0625 10424 RDPWD - ok
08:21:34.0662 10424 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
08:21:34.0691 10424 rdyboost - ok
08:21:34.0723 10424 [ 695C4AC7D0B5002040C7540364C43940 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:21:34.0742 10424 RegSrvc - ok
08:21:34.0769 10424 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\windows\System32\mprdim.dll
08:21:34.0803 10424 RemoteAccess - ok
08:21:34.0828 10424 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\windows\system32\regsvc.dll
08:21:34.0867 10424 RemoteRegistry - ok
08:21:34.0903 10424 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\windows\System32\drivers\rfcomm.sys
08:21:34.0931 10424 RFCOMM - ok
08:21:34.0959 10424 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
08:21:34.0987 10424 RpcEptMapper - ok
08:21:35.0041 10424 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\windows\system32\locator.exe
08:21:35.0069 10424 RpcLocator - ok
08:21:35.0108 10424 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\windows\system32\rpcss.dll
08:21:35.0150 10424 RpcSs - ok
08:21:35.0173 10424 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
08:21:35.0204 10424 rspndr - ok
08:21:35.0292 10424 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
08:21:35.0327 10424 RTL8168 - ok
08:21:35.0347 10424 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\windows\System32\drivers\vms3cap.sys
08:21:35.0373 10424 s3cap - ok
08:21:35.0406 10424 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
08:21:35.0427 10424 SABI - ok
08:21:35.0460 10424 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\windows\system32\lsass.exe
08:21:35.0488 10424 SamSs - ok
08:21:35.0513 10424 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
08:21:35.0544 10424 sbp2port - ok
08:21:35.0582 10424 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\windows\System32\SCardSvr.dll
08:21:35.0617 10424 SCardSvr - ok
08:21:35.0640 10424 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
08:21:35.0671 10424 scfilter - ok
08:21:35.0789 10424 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\windows\system32\schedsvc.dll
08:21:35.0837 10424 Schedule - ok
08:21:35.0865 10424 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\windows\System32\certprop.dll
08:21:35.0896 10424 SCPolicySvc - ok
08:21:35.0932 10424 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\windows\System32\drivers\sdbus.sys
08:21:35.0961 10424 sdbus - ok
08:21:35.0991 10424 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\windows\System32\SDRSVC.dll
08:21:36.0019 10424 SDRSVC - ok
08:21:36.0055 10424 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\windows\System32\drivers\sdstor.sys
08:21:36.0079 10424 sdstor - ok
08:21:36.0100 10424 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
08:21:36.0125 10424 secdrv - ok
08:21:36.0144 10424 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\windows\system32\seclogon.dll
08:21:36.0176 10424 seclogon - ok
08:21:36.0194 10424 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\windows\System32\sens.dll
08:21:36.0233 10424 SENS - ok
08:21:36.0265 10424 [ DDA4CAF29D8C0A297F886BFE561E6659 ] SensorsAlsDriver C:\windows\system32\DRIVERS\WUDFRd.sys
08:21:36.0295 10424 SensorsAlsDriver - ok
08:21:36.0314 10424 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\windows\system32\sensrsvc.dll
08:21:36.0346 10424 SensrSvc - ok
08:21:36.0364 10424 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\windows\system32\drivers\SerCx.sys
08:21:36.0391 10424 SerCx - ok
08:21:36.0397 10424 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\windows\System32\drivers\serenum.sys
08:21:36.0422 10424 Serenum - ok
08:21:36.0431 10424 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\windows\System32\drivers\serial.sys
08:21:36.0460 10424 Serial - ok
08:21:36.0466 10424 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\windows\System32\drivers\sermouse.sys
08:21:36.0489 10424 sermouse - ok
08:21:36.0515 10424 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\windows\system32\sessenv.dll
08:21:36.0546 10424 SessionEnv - ok
08:21:36.0552 10424 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\windows\System32\drivers\sfloppy.sys
08:21:36.0578 10424 sfloppy - ok
08:21:36.0619 10424 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\windows\System32\ipnathlp.dll
08:21:36.0656 10424 SharedAccess - ok
08:21:36.0700 10424 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:21:36.0746 10424 ShellHWDetection - ok
08:21:36.0752 10424 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
08:21:36.0776 10424 SiSRaid2 - ok
08:21:36.0791 10424 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
08:21:36.0816 10424 SiSRaid4 - ok
08:21:36.0867 10424 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:21:36.0887 10424 SkypeUpdate - ok
08:21:36.0929 10424 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\windows\System32\snmptrap.exe
08:21:36.0961 10424 SNMPTRAP - ok
08:21:37.0004 10424 [ 872E937681910E2456A054331C7D5A18 ] spaceport C:\windows\system32\drivers\spaceport.sys
08:21:37.0037 10424 spaceport - ok
08:21:37.0063 10424 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\windows\system32\drivers\SpbCx.sys
08:21:37.0089 10424 SpbCx - ok
08:21:37.0164 10424 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\windows\System32\spoolsv.exe
08:21:37.0203 10424 Spooler - ok
08:21:37.0388 10424 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\windows\system32\sppsvc.exe
08:21:37.0501 10424 sppsvc - ok
08:21:37.0605 10424 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\windows\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS
08:21:37.0640 10424 SRTSP - ok
08:21:37.0662 10424 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\windows\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS
08:21:37.0679 10424 SRTSPX - ok
08:21:37.0708 10424 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\windows\system32\DRIVERS\srv.sys
08:21:37.0738 10424 srv - ok
08:21:37.0774 10424 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
08:21:37.0809 10424 srv2 - ok
08:21:37.0833 10424 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
08:21:37.0861 10424 srvnet - ok
08:21:37.0895 10424 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
08:21:37.0932 10424 SSDPSRV - ok
08:21:37.0940 10424 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\windows\system32\sstpsvc.dll
08:21:37.0973 10424 SstpSvc - ok
08:21:38.0005 10424 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\windows\system32\drivers\stexstor.sys
08:21:38.0028 10424 stexstor - ok
08:21:38.0056 10424 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\windows\System32\wiaservc.dll
08:21:38.0092 10424 stisvc - ok
08:21:38.0126 10424 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\windows\system32\drivers\storahci.sys
08:21:38.0151 10424 storahci - ok
08:21:38.0178 10424 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
08:21:38.0201 10424 storflt - ok
08:21:38.0221 10424 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\windows\system32\storsvc.dll
08:21:38.0248 10424 StorSvc - ok
08:21:38.0266 10424 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\windows\system32\drivers\storvsc.sys
08:21:38.0289 10424 storvsc - ok
08:21:38.0302 10424 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\windows\system32\svsvc.dll
08:21:38.0341 10424 svsvc - ok
08:21:38.0367 10424 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\windows\System32\drivers\swenum.sys
08:21:38.0390 10424 swenum - ok
08:21:38.0418 10424 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\windows\System32\swprv.dll
08:21:38.0463 10424 swprv - ok
08:21:38.0493 10424 SWUpdateService - ok
08:21:38.0535 10424 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\windows\system32\drivers\NISx64\1403010.016\SYMDS64.SYS
08:21:38.0564 10424 SymDS - ok
08:21:38.0611 10424 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\windows\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS
08:21:38.0655 10424 SymEFA - ok
08:21:38.0680 10424 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\windows\system32\drivers\NISx64\1403010.016\SymELAM.sys
08:21:38.0702 10424 SymELAM - ok
08:21:38.0728 10424 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
08:21:38.0749 10424 SymEvent - ok
08:21:38.0785 10424 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\windows\system32\drivers\NISx64\1403010.016\Ironx64.SYS
08:21:38.0807 10424 SymIRON - ok
08:21:38.0847 10424 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\windows\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS
08:21:38.0873 10424 SymNetS - ok
08:21:38.0905 10424 [ EBDE64F7A7BB5D98294CF1E7562BBDBA ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
08:21:38.0934 10424 SynTP - ok
08:21:38.0981 10424 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\windows\system32\sysmain.dll
08:21:39.0033 10424 SysMain - ok
08:21:39.0062 10424 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
08:21:39.0093 10424 SystemEventsBroker - ok
08:21:39.0128 10424 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\windows\System32\TabSvc.dll
08:21:39.0156 10424 TabletInputService - ok
08:21:39.0174 10424 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\windows\System32\tapisrv.dll
08:21:39.0207 10424 TapiSrv - ok
08:21:39.0269 10424 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip C:\windows\system32\drivers\tcpip.sys
08:21:39.0364 10424 Tcpip - ok
08:21:39.0402 10424 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
08:21:39.0497 10424 TCPIP6 - ok
08:21:39.0538 10424 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
08:21:39.0570 10424 tcpipreg - ok
08:21:39.0598 10424 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\windows\system32\DRIVERS\tdx.sys
08:21:39.0625 10424 tdx - ok
08:21:39.0639 10424 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\windows\System32\drivers\terminpt.sys
08:21:39.0662 10424 terminpt - ok
08:21:39.0786 10424 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\windows\System32\termsrv.dll
08:21:39.0825 10424 TermService - ok
08:21:39.0844 10424 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\windows\system32\themeservice.dll
08:21:39.0883 10424 Themes - ok
08:21:39.0918 10424 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\windows\system32\mmcss.dll
08:21:39.0945 10424 THREADORDER - ok
08:21:40.0012 10424 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
08:21:40.0040 10424 TimeBroker - ok
08:21:40.0076 10424 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\windows\system32\drivers\tpm.sys
08:21:40.0104 10424 TPM - ok
08:21:40.0142 10424 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\windows\System32\trkwks.dll
08:21:40.0171 10424 TrkWks - ok
08:21:40.0219 10424 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:21:40.0248 10424 TrustedInstaller - ok
08:21:40.0290 10424 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
08:21:40.0316 10424 TsUsbFlt - ok
08:21:40.0334 10424 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
08:21:40.0363 10424 TsUsbGD - ok
08:21:40.0385 10424 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
08:21:40.0424 10424 tunnel - ok
08:21:40.0437 10424 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\windows\system32\drivers\uagp35.sys
08:21:40.0463 10424 uagp35 - ok
08:21:40.0470 10424 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\windows\System32\drivers\uaspstor.sys
08:21:40.0498 10424 UASPStor - ok
08:21:40.0573 10424 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
08:21:40.0602 10424 UCX01000 - ok
08:21:40.0625 10424 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\windows\system32\DRIVERS\udfs.sys
08:21:40.0667 10424 udfs - ok
08:21:40.0697 10424 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\windows\system32\UI0Detect.exe
08:21:40.0730 10424 UI0Detect - ok
08:21:40.0747 10424 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
08:21:40.0771 10424 uliagpkx - ok
08:21:40.0790 10424 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\windows\System32\drivers\umbus.sys
08:21:40.0814 10424 umbus - ok
08:21:40.0820 10424 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\windows\System32\drivers\umpass.sys
08:21:40.0845 10424 UmPass - ok
08:21:40.0864 10424 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\windows\System32\umrdp.dll
08:21:40.0893 10424 UmRdpService - ok
08:21:40.0917 10424 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\windows\System32\upnphost.dll
08:21:40.0962 10424 upnphost - ok
08:21:40.0967 10424 urfsxdse - ok
08:21:40.0987 10424 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\windows\System32\drivers\usbccgp.sys
08:21:41.0013 10424 usbccgp - ok
08:21:41.0040 10424 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\windows\System32\drivers\usbcir.sys
08:21:41.0084 10424 usbcir - ok
08:21:41.0100 10424 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\windows\System32\drivers\usbehci.sys
08:21:41.0124 10424 usbehci - ok
08:21:41.0160 10424 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\windows\System32\drivers\usbhub.sys
08:21:41.0199 10424 usbhub - ok
08:21:41.0249 10424 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
08:21:41.0288 10424 USBHUB3 - ok
08:21:41.0307 10424 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\windows\System32\drivers\usbohci.sys
08:21:41.0335 10424 usbohci - ok
08:21:41.0366 10424 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\windows\System32\drivers\usbprint.sys
08:21:41.0393 10424 usbprint - ok
08:21:41.0429 10424 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
08:21:41.0459 10424 usbscan - ok
08:21:41.0481 10424 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
08:21:41.0512 10424 USBSTOR - ok
08:21:41.0531 10424 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\windows\System32\drivers\usbuhci.sys
08:21:41.0562 10424 usbuhci - ok
08:21:41.0600 10424 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
08:21:41.0633 10424 usbvideo - ok
08:21:41.0660 10424 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
08:21:41.0695 10424 USBXHCI - ok
08:21:41.0717 10424 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\windows\system32\lsass.exe
08:21:41.0744 10424 VaultSvc - ok
08:21:41.0776 10424 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
08:21:41.0801 10424 vdrvroot - ok
08:21:41.0872 10424 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\windows\System32\vds.exe
08:21:41.0912 10424 vds - ok
08:21:41.0939 10424 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
08:21:41.0970 10424 VerifierExt - ok
08:21:42.0002 10424 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\windows\System32\drivers\vhdmp.sys
08:21:42.0051 10424 vhdmp - ok
08:21:42.0077 10424 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\windows\system32\drivers\viaide.sys
08:21:42.0109 10424 viaide - ok
08:21:42.0127 10424 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\windows\system32\drivers\vmbus.sys
08:21:42.0156 10424 vmbus - ok
08:21:42.0162 10424 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
08:21:42.0191 10424 VMBusHID - ok
08:21:42.0227 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\windows\System32\ICSvc.dll
08:21:42.0257 10424 vmicheartbeat - ok
08:21:42.0267 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\windows\System32\ICSvc.dll
08:21:42.0297 10424 vmickvpexchange - ok
08:21:42.0306 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\windows\System32\ICSvc.dll
08:21:42.0337 10424 vmicrdv - ok
08:21:42.0347 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\windows\System32\ICSvc.dll
08:21:42.0377 10424 vmicshutdown - ok
08:21:42.0387 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\windows\System32\ICSvc.dll
08:21:42.0418 10424 vmictimesync - ok
08:21:42.0428 10424 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\windows\System32\ICSvc.dll
08:21:42.0458 10424 vmicvss - ok
08:21:42.0476 10424 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\windows\system32\drivers\volmgr.sys
08:21:42.0501 10424 volmgr - ok
08:21:42.0514 10424 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
08:21:42.0549 10424 volmgrx - ok
08:21:42.0584 10424 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\windows\system32\drivers\volsnap.sys
08:21:42.0625 10424 volsnap - ok
08:21:42.0652 10424 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\windows\System32\drivers\vpci.sys
08:21:42.0680 10424 vpci - ok
08:21:42.0718 10424 [ 1065A957523ED51AAFFF737CC63010A6 ] Vsdatant C:\windows\system32\drivers\vsdatant.sys
08:21:42.0753 10424 Vsdatant - ok
08:21:42.0808 10424 vsmon - ok
08:21:42.0820 10424 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
08:21:42.0854 10424 vsmraid - ok
08:21:42.0909 10424 [ EA658570314042C914964FC72AB50E6B ] VSS C:\windows\system32\vssvc.exe
08:21:42.0977 10424 VSS - ok
08:21:43.0019 10424 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
08:21:43.0057 10424 VSTXRAID - ok
08:21:43.0070 10424 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
08:21:43.0099 10424 vwifibus - ok
08:21:43.0119 10424 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
08:21:43.0151 10424 vwififlt - ok
08:21:43.0175 10424 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
08:21:43.0203 10424 vwifimp - ok
08:21:43.0235 10424 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\windows\system32\w32time.dll
08:21:43.0275 10424 W32Time - ok
08:21:43.0281 10424 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\windows\System32\drivers\wacompen.sys
08:21:43.0306 10424 WacomPen - ok
08:21:43.0331 10424 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
08:21:43.0358 10424 Wanarp - ok
08:21:43.0364 10424 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
08:21:43.0390 10424 Wanarpv6 - ok
08:21:43.0444 10424 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\windows\system32\wbengine.exe
08:21:43.0496 10424 wbengine - ok
08:21:43.0519 10424 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
08:21:43.0553 10424 WbioSrvc - ok
08:21:43.0563 10424 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\windows\System32\wcmsvc.dll
08:21:43.0596 10424 Wcmsvc - ok
08:21:43.0674 10424 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\windows\System32\wcncsvc.dll
08:21:43.0708 10424 wcncsvc - ok
08:21:43.0721 10424 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:21:43.0748 10424 WcsPlugInService - ok
08:21:43.0773 10424 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\windows\system32\drivers\wd.sys
08:21:43.0796 10424 Wd - ok
08:21:43.0832 10424 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
08:21:43.0856 10424 WdBoot - ok
08:21:44.0014 10424 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
08:21:44.0056 10424 Wdf01000 - ok
08:21:44.0081 10424 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\windows\system32\drivers\WdFilter.sys
08:21:44.0110 10424 WdFilter - ok
08:21:44.0133 10424 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\windows\system32\wdi.dll
08:21:44.0173 10424 WdiServiceHost - ok
08:21:44.0179 10424 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\windows\system32\wdi.dll
08:21:44.0218 10424 WdiSystemHost - ok
08:21:44.0304 10424 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\windows\System32\webclnt.dll
08:21:44.0338 10424 WebClient - ok
08:21:44.0364 10424 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\windows\system32\wecsvc.dll
08:21:44.0397 10424 Wecsvc - ok
08:21:44.0413 10424 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\windows\System32\wercplsupport.dll
08:21:44.0463 10424 wercplsupport - ok
08:21:44.0485 10424 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\windows\System32\WerSvc.dll
08:21:44.0521 10424 WerSvc - ok
08:21:44.0552 10424 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
08:21:44.0582 10424 WFPLWFS - ok
08:21:44.0605 10424 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\windows\System32\wiarpc.dll
08:21:44.0720 10424 WiaRpc - ok
08:21:44.0752 10424 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\windows\system32\drivers\wimmount.sys
08:21:44.0781 10424 WIMMount - ok
08:21:44.0829 10424 WinDefend - ok
08:21:44.0875 10424 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
08:21:44.0914 10424 WinHttpAutoProxySvc - ok
08:21:44.0963 10424 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
08:21:44.0995 10424 Winmgmt - ok
08:21:45.0065 10424 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\windows\system32\WsmSvc.dll
08:21:45.0142 10424 WinRM - ok
08:21:45.0179 10424 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
08:21:45.0222 10424 WinUsb - ok
08:21:45.0277 10424 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\windows\System32\wlansvc.dll
08:21:45.0326 10424 WlanSvc - ok
08:21:45.0423 10424 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\windows\system32\wlidsvc.dll
08:21:45.0482 10424 wlidsvc - ok
08:21:45.0516 10424 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
08:21:45.0540 10424 WmiAcpi - ok
08:21:45.0581 10424 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
08:21:45.0613 10424 wmiApSrv - ok
08:21:45.0662 10424 WMPNetworkSvc - ok
08:21:45.0688 10424 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
08:21:45.0713 10424 wpcfltr - ok
08:21:45.0739 10424 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\windows\System32\wpcsvc.dll
08:21:45.0766 10424 WPCSvc - ok
08:21:45.0796 10424 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
08:21:45.0823 10424 WPDBusEnum - ok
08:21:45.0839 10424 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
08:21:45.0863 10424 WpdUpFltr - ok
08:21:45.0909 10424 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
08:21:45.0935 10424 ws2ifsl - ok
08:21:45.0957 10424 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\windows\System32\wscsvc.dll
08:21:45.0986 10424 wscsvc - ok
08:21:45.0991 10424 WSearch - ok
08:21:46.0062 10424 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\windows\System32\WSService.dll
08:21:46.0168 10424 WSService - ok
08:21:46.0261 10424 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\windows\system32\wuaueng.dll
08:21:46.0341 10424 wuauserv - ok
08:21:46.0362 10424 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
08:21:46.0388 10424 WudfPf - ok
08:21:46.0404 10424 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
08:21:46.0433 10424 WUDFRd - ok
08:21:46.0461 10424 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
08:21:46.0488 10424 wudfsvc - ok
08:21:46.0497 10424 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
08:21:46.0525 10424 WUDFWpdFs - ok
08:21:46.0532 10424 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\windows\system32\DRIVERS\WUDFRd.sys
08:21:46.0560 10424 WUDFWpdMtp - ok
08:21:46.0610 10424 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\windows\System32\wwansvc.dll
08:21:46.0645 10424 WwanSvc - ok
08:21:46.0884 10424 [ 7055B389BD0DA0B19236BF43CDDF0E1A ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
08:21:46.0929 10424 ZeroConfigService - ok
08:21:46.0955 10424 ================ Scan global ===============================
08:21:46.0990 10424 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\windows\system32\basesrv.dll
08:21:47.0031 10424 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\windows\system32\winsrv.dll
08:21:47.0089 10424 [ BD7C6949984D19AAA609896B675E7357 ] C:\windows\system32\sxssrv.dll
08:21:47.0192 10424 [ 8F226143046435C75C033B0C52E90FFE ] C:\windows\system32\services.exe
08:21:47.0198 10424 [Global] - ok
08:21:47.0199 10424 ================ Scan MBR ==================================
08:21:47.0215 10424 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
08:21:47.0378 10424 \Device\Harddisk0\DR0 - ok
08:21:47.0773 10424 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
08:21:52.0126 10424 \Device\Harddisk1\DR1 - ok
08:21:52.0127 10424 ================ Scan VBR ==================================
08:21:52.0170 10424 [ 073989D4D699C0435AEFB3CB55230D9D ] \Device\Harddisk0\DR0\Partition1
08:21:52.0189 10424 \Device\Harddisk0\DR0\Partition1 - ok
08:21:52.0207 10424 [ CCE09C2A713527345C0994FC7FE48F2F ] \Device\Harddisk0\DR0\Partition2
08:21:52.0210 10424 \Device\Harddisk0\DR0\Partition2 - ok
08:21:52.0223 10424 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
08:21:52.0223 10424 \Device\Harddisk0\DR0\Partition3 - ok
08:21:52.0250 10424 [ F860E0507E09DCB1CDEC9E01BBBC60A4 ] \Device\Harddisk0\DR0\Partition4
08:21:52.0266 10424 \Device\Harddisk0\DR0\Partition4 - ok
08:21:52.0297 10424 [ 2F2272E967B4290DE917C86022B9A551 ] \Device\Harddisk0\DR0\Partition5
08:21:52.0302 10424 \Device\Harddisk0\DR0\Partition5 - ok
08:21:52.0316 10424 [ F2F2663408E4503D6C9A5BCCFCF07482 ] \Device\Harddisk0\DR0\Partition6
08:21:52.0317 10424 \Device\Harddisk0\DR0\Partition6 - ok
08:21:52.0318 10424 ============================================================
08:21:52.0318 10424 Scan finished
08:21:52.0318 10424 ============================================================
08:21:52.0346 11348 Detected object count: 1
08:21:52.0346 11348 Actual detected object count: 1
08:21:58.0149 11348 2dff9234 ( UnsignedFile.Multi.Generic ) - skipped by user
08:21:58.0150 11348 2dff9234 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 03.06.2013, 10:00   #7
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Das passt so.


Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    ATTFilter
    C:\Windows\SysNative\Drivers\2dff9234.sys
             
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.
__________________
cheers,
Leo

Alt 03.06.2013, 17:34   #8
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

das ist die URL

https://www.virustotal.com/de/file/559774a110abdb729783d120ef9f0bf94398e07f4c18fc216e73b9512576a0bc/analysis/1370277201/

Alt 03.06.2013, 18:55   #9
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

wie kommt denn hier ein nicht-signierter Treiber rein.. Obwohl auf Virustotal fast nicht erkannt, ist der ziemlich sicher krumm.


Schritt 1

Lade bitte folgendermassen Dateien zur Analyse hoch:
  • Deaktiviere bitte temporär deinen Virenscanner.
  • Suche folgende Datei
    C:\Windows\SysNative\Drivers\2dff9234.sys
    und packe sie in ein zip-Archiv (Rechtsklick darauf -> Senden an -> zip-komprimierten Ordner).
  • Gehe nun zum Trojaner-Board Upload-Channel:
    1. Drücke auf Durchsuchen..., wähle das erstellte zip-File aus und klicke Öffnen.
    2. Füge den Link deines Themas im Forum in das entsprechende Feld ein.
    3. Gib deinen Benutzernamen ein.
    4. Drücke auf den Button Hochladen.
  • Du kannst jetzt deinen Virenscanner wieder aktivieren.
    (bebilderte Anleitung)



Schritt 2

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese nun hier den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Log von FRST
__________________
cheers,
Leo

Alt 03.06.2013, 21:16   #10
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Entschuldige, die Anleitung für Schritt 2 ist nicht ganz korrekt.
Nimm stattdessen folgene Anleitung:


Schritt 2

Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun folgendermassen in die Eingabeaufforderung im Reperaturmodus starten:
  • Starte Windows 8 bis zur Kachelansicht.
  • Drücke nun die Tastenkombination Strg-Alt-Entf.
  • Wichtig: Halte nun die SHIFT-Taste gedrückt während du unten rechts auf das Ausschaltsymbol klickst und danach auf Neustart / Restart.
  • Klicke nun in der Reihenfolge:
    Problembehandlung > Erweiterte Optionen > Eingabeaufforderung
  • Nach einem Neustart wird eine Eingabeaufforderung angezeigt.

Wenn du jetzt in dieser Eingabeaufforderung angelangt bist, mach so weiter:
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese nun hier den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.
__________________
cheers,
Leo

Alt 03.06.2013, 22:33   #11
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 01
Ran by SYSTEM on 03-06-2013 23:25:32
Running from D:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-11-06] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13191312 2013-03-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp [11577216 2012-08-26] (Motorola Solutions, Inc.)
HKLM\...\Run: [ISW] [x]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
HKU\Tani\...\Run: [EPSON SX210 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Users\Tani\AppData\Local\Temp\E_S427.tmp" /EF "HKCU" [x]
HKU\Tani\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKU\Tani\...\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" [239488 2011-04-24] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [244184 2012-10-23] (NVIDIA Corporation)

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
S2 ETDService; C:\Program Files\Elantech\ETDService.exe [91472 2012-09-20] (ELAN Microelectronics Corp.)
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD.)
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S1 2dff9234; C:\windows\system32\drivers\2dff9234.sys [76744 2013-05-15] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130301.001\BHDrvx64.sys [1388120 2013-02-28] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-26] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-28] (Motorola Solutions, Inc.)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-13] (Symantec Corporation)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
S0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130316.002\IDSvia64.sys [513184 2013-03-12] (Symantec Corporation)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\ENG64.SYS [126192 2013-03-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130319.005\EX64.SYS [2087664 2013-03-13] (Symantec Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
S3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-03-12] (Symantec Corporation)
S1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
S3 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x]
S3 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]
S3 SymDS; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
S3 SymEFA; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
S4 SymELAM; \SystemRoot\system32\drivers\NISx64\1403010.016\SymELAM.sys [x]
S3 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x]
S3 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]
S1 urfsxdse; \??\C:\windows\system32\drivers\urfsxdse.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-03 23:25 - 2013-06-03 23:25 - 00000000 ____D C:\FRST
2013-06-03 12:53 - 2013-06-03 12:53 - 01916754 ____A (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-06-03 12:47 - 2013-06-03 12:47 - 00051947 ____A C:\Users\Tani\Desktop\2dff9234.zip
2013-06-02 22:20 - 2013-06-02 22:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller (1).exe
2013-06-02 22:17 - 2013-06-02 22:17 - 00000146 ____A C:\Users\Tani\Desktop\emsi.zip
2013-06-02 22:09 - 2013-06-02 22:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller.exe
2013-06-02 22:09 - 2013-06-02 22:09 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.09.24.txt
2013-06-02 22:08 - 2013-06-02 22:09 - 00000512 ____A C:\Users\Tani\Desktop\emsi.mbr
2013-06-02 22:05 - 2013-06-02 22:05 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Desktop\mbrmastr (1).exe
2013-06-02 22:05 - 2013-06-02 22:05 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.05.22.txt
2013-06-02 22:04 - 2013-06-02 22:04 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Downloads\mbrmastr.exe
2013-06-02 12:38 - 2013-06-02 12:38 - 00005232 ____A C:\Users\Tani\Desktop\gmer.log
2013-06-02 12:26 - 2013-06-02 12:26 - 00377856 ____A C:\Users\Tani\Desktop\gmer_2.1.19163 (1).exe
2013-06-02 12:23 - 2013-06-02 12:23 - 00377856 ____A C:\Users\Tani\Downloads\gmer_2.1.19163.exe
2013-06-02 12:01 - 2013-06-02 12:01 - 00130860 ____A C:\Users\Tani\Desktop\OTL.Txt
2013-06-02 12:01 - 2013-06-02 12:01 - 00051726 ____A C:\Users\Tani\Desktop\Extras.Txt
2013-06-02 11:53 - 2013-06-02 11:53 - 00051726 ____A C:\Users\Tani\Downloads\Extras.Txt
2013-06-02 11:52 - 2013-06-02 11:52 - 00130856 ____A C:\Users\Tani\Downloads\OTL.Txt
2013-06-02 11:39 - 2013-06-02 11:39 - 00602112 ____A (OldTimer Tools) C:\Users\Tani\Downloads\OTL.exe
2013-06-02 11:38 - 2013-06-02 11:40 - 00000470 ____A C:\Users\Tani\Downloads\defogger_disable.log
2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____A C:\Users\Tani\defogger_reenable
2013-06-02 11:37 - 2013-06-02 11:37 - 00050477 ____A C:\Users\Tani\Downloads\Defogger.exe
2013-06-02 11:12 - 2013-06-02 11:14 - 00417507 ____A C:\Windows\System32\Drivers\vsconfig.xml
2013-06-02 11:12 - 2013-06-02 11:12 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Users\Tani\Documents\ForceField Shared Files
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Users\Tani\AppData\Roaming\CheckPoint
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-02 11:10 - 2013-06-02 11:12 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-06-02 11:08 - 2013-06-02 11:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-06-02 10:57 - 2013-06-02 10:57 - 00000000 ____D C:\Users\Tani\AppData\Roaming\AVG2013
2013-06-02 10:56 - 2013-06-02 10:56 - 00000991 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\TuneUp Software
2013-06-02 10:55 - 2013-06-02 10:56 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-02 10:55 - 2013-06-02 10:55 - 00000000 ___HD C:\$AVG
2013-06-02 10:55 - 2012-07-25 19:05 - 01343488 ____A (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2013-06-02 10:54 - 2013-06-02 10:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-02 10:51 - 2013-06-02 10:51 - 00421792 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-24 18:37 - 2013-05-24 18:37 - 00113016 ____A C:\Users\Tani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-24 18:37 - 2013-05-24 18:37 - 00000000 ____D C:\Users\Tani\AppData\Roaming\PDF Architect
2013-05-24 18:33 - 2013-05-24 18:33 - 00001045 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-24 18:33 - 2013-05-24 18:33 - 00001011 ____A C:\Users\Tani\Desktop\PDF Architect.lnk
2013-05-24 18:33 - 2013-05-24 18:33 - 00000000 ____D C:\Users\Tani\Documents\PDF Architect Files
2013-05-24 18:33 - 2013-05-24 18:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-24 18:32 - 2013-05-24 18:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-24 18:32 - 2013-05-24 18:32 - 00000000 ____D C:\Users\Tani\AppData\Roaming\pdfforge
2013-05-24 18:32 - 2013-04-09 05:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-05-24 18:32 - 2012-05-05 01:54 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-05-24 18:32 - 2012-05-05 01:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-05-24 18:32 - 2012-05-05 01:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-05-24 18:32 - 1998-07-06 08:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-05-24 18:32 - 1998-07-06 08:55 - 00158208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-05-24 18:32 - 1998-07-06 08:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-05-24 17:58 - 2013-05-24 17:58 - 17502040 ____A (pdfforge GbR) C:\Users\Tani\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-23 14:07 - 2013-05-24 17:34 - 00000000 ____D C:\Users\Tani\Desktop\EC
2013-05-21 12:43 - 2013-04-08 21:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-21 12:43 - 2013-04-08 21:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-21 12:43 - 2013-04-08 21:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-21 12:43 - 2013-04-08 21:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-21 12:43 - 2013-04-08 21:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-21 12:43 - 2013-04-08 21:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-21 12:43 - 2013-04-08 21:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-21 12:43 - 2013-04-08 21:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-21 12:43 - 2013-04-08 20:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-21 12:43 - 2013-04-08 20:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-21 12:43 - 2013-04-08 20:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-21 12:43 - 2013-04-08 20:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-21 12:43 - 2013-04-08 20:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-21 12:43 - 2013-04-08 20:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-21 12:43 - 2013-04-08 20:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-21 12:43 - 2013-04-08 20:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-21 12:43 - 2013-04-08 20:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-21 12:43 - 2013-04-08 20:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-21 12:43 - 2013-04-08 20:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-21 12:43 - 2013-04-08 20:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-21 12:43 - 2013-04-08 20:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-21 12:43 - 2013-04-08 20:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-21 12:43 - 2013-04-08 18:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-21 12:43 - 2013-04-08 18:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-21 12:43 - 2013-04-08 18:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-21 12:43 - 2013-04-08 18:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-21 12:43 - 2013-04-08 18:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-21 12:43 - 2013-04-08 18:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-21 12:43 - 2013-04-08 18:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-21 12:43 - 2013-04-08 18:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-21 12:43 - 2013-04-08 18:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-21 12:43 - 2013-04-08 15:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-21 12:43 - 2013-04-08 15:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-21 12:43 - 2013-04-08 15:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-21 12:43 - 2013-04-08 15:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-21 12:43 - 2013-04-08 13:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-21 12:43 - 2013-04-08 13:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-21 12:43 - 2013-04-08 13:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-21 12:43 - 2013-04-08 13:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-21 12:43 - 2013-04-08 13:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-21 12:43 - 2013-04-08 13:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-21 12:43 - 2013-04-08 13:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-21 12:43 - 2013-04-08 13:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-21 12:43 - 2013-04-08 13:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-21 12:43 - 2013-04-04 15:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-21 12:43 - 2013-04-02 14:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-21 12:43 - 2013-03-30 10:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-21 12:43 - 2013-03-30 10:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-21 12:43 - 2013-03-28 14:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-21 12:43 - 2013-03-28 14:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-21 12:43 - 2013-03-15 14:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-21 12:43 - 2013-03-15 14:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-21 12:43 - 2012-12-12 20:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-21 12:43 - 2012-12-12 19:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-21 08:40 - 2013-05-07 12:07 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-21 08:40 - 2013-05-07 12:07 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-20 13:05 - 2013-04-09 15:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-20 13:05 - 2013-04-09 15:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-20 13:05 - 2013-04-09 15:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-20 13:05 - 2013-04-09 15:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-20 13:05 - 2013-04-09 15:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-20 13:05 - 2013-04-09 15:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-20 13:05 - 2013-04-09 15:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-20 13:05 - 2013-04-09 15:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-20 13:05 - 2013-04-09 15:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-20 13:05 - 2013-04-09 15:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-20 13:05 - 2013-04-09 14:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-20 13:05 - 2013-04-09 14:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-20 13:05 - 2013-04-09 14:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-20 01:45 - 2013-04-15 18:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 05:45 - 2013-03-05 23:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 05:45 - 2013-03-05 22:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 05:45 - 2013-03-05 22:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 05:45 - 2013-03-05 22:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-17 05:45 - 2013-03-05 21:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-17 05:45 - 2013-03-05 21:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-17 04:36 - 2013-03-14 16:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-17 02:01 - 2013-03-21 19:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-17 02:01 - 2013-03-21 14:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-16 06:03 - 2013-04-10 22:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-16 02:57 - 2013-05-16 02:57 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-05-15 23:32 - 2013-05-15 23:32 - 00001956 ____A C:\Users\Public\Desktop\SW Update.lnk
2013-05-15 06:02 - 2013-05-15 06:02 - 00076744 ____A C:\Windows\System32\Drivers\2dff9234.sys
2013-05-07 11:42 - 2013-05-07 11:42 - 02703499 ____A C:\Users\Tani\Desktop\BAH_Presentation_Tanja_Christa.pptx

==================== One Month Modified Files and Folders =======

2013-06-03 23:25 - 2013-06-03 23:25 - 00000000 ____D C:\FRST
2013-06-03 13:20 - 2013-03-02 15:24 - 00001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-03 13:20 - 2012-08-23 09:21 - 01292217 ____A C:\Windows\WindowsUpdate.log
2013-06-03 13:18 - 2013-03-12 15:40 - 00000000 ____D C:\ProgramData\WinClon
2013-06-03 13:16 - 2013-03-17 09:17 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype
2013-06-03 13:15 - 2012-07-25 23:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-03 13:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-03 12:53 - 2013-06-03 12:53 - 01916754 ____A (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-06-03 12:53 - 2012-08-24 01:54 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-03 12:53 - 2012-08-24 01:54 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-03 12:53 - 2012-07-25 23:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 12:47 - 2013-06-03 12:47 - 00051947 ____A C:\Users\Tani\Desktop\2dff9234.zip
2013-06-03 12:43 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-03 12:34 - 2013-03-02 15:24 - 00001118 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-03 09:36 - 2013-03-02 16:02 - 00000000 ____D C:\ProgramData\MFAData
2013-06-02 22:29 - 2012-08-05 13:07 - 00045758 ____A C:\Windows\PFRO.log
2013-06-02 22:20 - 2013-06-02 22:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller (1).exe
2013-06-02 22:17 - 2013-06-02 22:17 - 00000146 ____A C:\Users\Tani\Desktop\emsi.zip
2013-06-02 22:09 - 2013-06-02 22:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller.exe
2013-06-02 22:09 - 2013-06-02 22:09 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.09.24.txt
2013-06-02 22:09 - 2013-06-02 22:08 - 00000512 ____A C:\Users\Tani\Desktop\emsi.mbr
2013-06-02 22:05 - 2013-06-02 22:05 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Desktop\mbrmastr (1).exe
2013-06-02 22:05 - 2013-06-02 22:05 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.05.22.txt
2013-06-02 22:04 - 2013-06-02 22:04 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Downloads\mbrmastr.exe
2013-06-02 12:38 - 2013-06-02 12:38 - 00005232 ____A C:\Users\Tani\Desktop\gmer.log
2013-06-02 12:26 - 2013-06-02 12:26 - 00377856 ____A C:\Users\Tani\Desktop\gmer_2.1.19163 (1).exe
2013-06-02 12:23 - 2013-06-02 12:23 - 00377856 ____A C:\Users\Tani\Downloads\gmer_2.1.19163.exe
2013-06-02 12:01 - 2013-06-02 12:01 - 00130860 ____A C:\Users\Tani\Desktop\OTL.Txt
2013-06-02 12:01 - 2013-06-02 12:01 - 00051726 ____A C:\Users\Tani\Desktop\Extras.Txt
2013-06-02 11:53 - 2013-06-02 11:53 - 00051726 ____A C:\Users\Tani\Downloads\Extras.Txt
2013-06-02 11:52 - 2013-06-02 11:52 - 00130856 ____A C:\Users\Tani\Downloads\OTL.Txt
2013-06-02 11:40 - 2013-06-02 11:38 - 00000470 ____A C:\Users\Tani\Downloads\defogger_disable.log
2013-06-02 11:39 - 2013-06-02 11:39 - 00602112 ____A (OldTimer Tools) C:\Users\Tani\Downloads\OTL.exe
2013-06-02 11:38 - 2013-06-02 11:38 - 00000000 ____A C:\Users\Tani\defogger_reenable
2013-06-02 11:38 - 2013-03-02 15:20 - 00000000 ____D C:\users\Tani
2013-06-02 11:37 - 2013-06-02 11:37 - 00050477 ____A C:\Users\Tani\Downloads\Defogger.exe
2013-06-02 11:33 - 2013-04-02 11:34 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Ixik
2013-06-02 11:14 - 2013-06-02 11:12 - 00417507 ____A C:\Windows\System32\Drivers\vsconfig.xml
2013-06-02 11:12 - 2013-06-02 11:12 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Users\Tani\Documents\ForceField Shared Files
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Users\Tani\AppData\Roaming\CheckPoint
2013-06-02 11:12 - 2013-06-02 11:12 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-02 11:12 - 2013-06-02 11:10 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-06-02 11:08 - 2013-06-02 11:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-06-02 11:01 - 2013-03-02 16:02 - 00000000 ____D C:\Users\Tani\AppData\Local\Avg2013
2013-06-02 11:01 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-02 10:59 - 2012-07-25 21:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-02 10:58 - 2013-03-25 08:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Aqics
2013-06-02 10:58 - 2013-03-20 15:00 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Dequ
2013-06-02 10:57 - 2013-06-02 10:57 - 00000000 ____D C:\Users\Tani\AppData\Roaming\AVG2013
2013-06-02 10:56 - 2013-06-02 10:56 - 00000991 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-02 10:56 - 2013-06-02 10:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\TuneUp Software
2013-06-02 10:56 - 2013-06-02 10:55 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-02 10:56 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-06-02 10:55 - 2013-06-02 10:55 - 00000000 ___HD C:\$AVG
2013-06-02 10:54 - 2013-06-02 10:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-02 10:53 - 2013-03-20 15:00 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Beloa
2013-06-02 10:51 - 2013-06-02 10:51 - 00421792 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-02 10:46 - 2013-03-25 08:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Mobye
2013-05-24 18:37 - 2013-05-24 18:37 - 00113016 ____A C:\Users\Tani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-24 18:37 - 2013-05-24 18:37 - 00000000 ____D C:\Users\Tani\AppData\Roaming\PDF Architect
2013-05-24 18:33 - 2013-05-24 18:33 - 00001045 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-24 18:33 - 2013-05-24 18:33 - 00001011 ____A C:\Users\Tani\Desktop\PDF Architect.lnk
2013-05-24 18:33 - 2013-05-24 18:33 - 00000000 ____D C:\Users\Tani\Documents\PDF Architect Files
2013-05-24 18:33 - 2013-05-24 18:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-24 18:33 - 2013-05-24 18:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-24 18:32 - 2013-05-24 18:32 - 00000000 ____D C:\Users\Tani\AppData\Roaming\pdfforge
2013-05-24 17:58 - 2013-05-24 17:58 - 17502040 ____A (pdfforge GbR) C:\Users\Tani\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-24 17:46 - 2012-07-25 23:21 - 00035295 ____A C:\Windows\setupact.log
2013-05-24 17:34 - 2013-05-23 14:07 - 00000000 ____D C:\Users\Tani\Desktop\EC
2013-05-24 15:35 - 2013-03-02 15:26 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-23 21:57 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-05-23 14:26 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-23 14:26 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\WinStore
2013-05-19 15:19 - 2013-03-02 16:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 02:57 - 2013-05-16 02:57 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-05-16 02:55 - 2013-03-04 10:46 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 23:32 - 2013-05-15 23:32 - 00001956 ____A C:\Users\Public\Desktop\SW Update.lnk
2013-05-15 06:02 - 2013-05-15 06:02 - 00076744 ____A C:\Windows\System32\Drivers\2dff9234.sys
2013-05-13 02:56 - 2013-03-17 03:59 - 00011820 ____A C:\Users\Tani\Desktop\Mappe1.xlsx
2013-05-07 12:07 - 2013-05-21 08:40 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-07 12:07 - 2013-05-21 08:40 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-07 11:42 - 2013-05-07 11:42 - 02703499 ____A C:\Users\Tani\Desktop\BAH_Presentation_Tanja_Christa.pptx

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\de-DE => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-22 02:06:18
Restore point made on: 2013-05-13 00:43:23
Restore point made on: 2013-05-15 23:31:09
Restore point made on: 2013-05-19 15:17:43
Restore point made on: 2013-06-02 10:54:38

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 7893.53 MB
Available physical RAM: 7002.97 MB
Total Pagefile: 7893.53 MB
Available Pagefile: 7011.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.17 GB) (Free:857.1 GB) NTFS (Disk=0 Partition=4)
Drive d: () (Removable) (Total:1.96 GB) (Free:1.96 GB) FAT (Disk=2 Partition=1)
Drive e: (SAMSUNG_REC2) (Fixed) (Total:22.44 GB) (Free:0.99 GB) NTFS
Drive f: (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.22 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: C185C1F2)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 6F20736B)
Partition 1: (Not Active) - (Size=544 GB) - (Type=72)
Partition 2: (Not Active) - (Size=923 GB) - (Type=65)
Partition 3: (Not Active) - (Size=923 GB) - (Type=79)
Partition 4: (Not Active) - (Size=-336763289600) - (Type=0D)


Last Boot: 2013-06-03 08:39

==================== End Of Log ============================

Alt 04.06.2013, 12:43   #12
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

wir machen wieder im normalen Modus weiter. Verschiebe bitte die FRST64.exe vom USB-Stick auf deinen Desktop. Dann:


Schritt 1

Drücke die + R Taste und schreibe "notepad" in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
ATTFilter
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
S1 2dff9234; C:\windows\system32\drivers\2dff9234.sys [76744 2013-05-15] ()
C:\windows\system32\drivers\2dff9234.sys
S1 urfsxdse; \??\C:\windows\system32\drivers\urfsxdse.sys [x]
2013-06-02 11:33 - 2013-04-02 11:34 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Ixik
2013-06-02 10:58 - 2013-03-25 08:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Aqics
2013-06-02 10:58 - 2013-03-20 15:00 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Dequ
2013-06-02 10:53 - 2013-03-20 15:00 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Beloa
2013-06-02 10:46 - 2013-03-25 08:18 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Mobye
C:\Users\Tani\AppData\Roaming\Ipbyso
C:\Users\Tani\AppData\Roaming\Tyaxa
C:\Users\Tani\AppData\Roaming\Xora
C:\Users\Tani\AppData\Roaming\Ypuga
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
         
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt ebenfalls auf deinen Desktop neben FRST.
  • Starte nun FRST und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt. Poste mir deren Inhalt.



Schritt 2

Starte noch einmal FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von FRST
  • Logs von FRST
__________________
cheers,
Leo

Alt 05.06.2013, 23:26   #13
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-06-2013 01
Ran by Tani at 2013-06-06 00:15:13 Run:1
Running from C:\Users\Tani\Desktop
Boot Mode: Normal
==============================================

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
2dff9234 => Service deleted successfully.
C:\windows\system32\drivers\2dff9234.sys => Moved successfully.
urfsxdse => Service deleted successfully.
C:\Users\Tani\AppData\Roaming\Ixik => Moved successfully.
C:\Users\Tani\AppData\Roaming\Aqics => Moved successfully.
C:\Users\Tani\AppData\Roaming\Dequ => Moved successfully.
C:\Users\Tani\AppData\Roaming\Beloa => Moved successfully.
C:\Users\Tani\AppData\Roaming\Mobye => Moved successfully.
C:\Users\Tani\AppData\Roaming\Ipbyso => Moved successfully.
C:\Users\Tani\AppData\Roaming\Tyaxa => Moved successfully.
C:\Users\Tani\AppData\Roaming\Xora => Moved successfully.
C:\Users\Tani\AppData\Roaming\Ypuga => Moved successfully.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\SymSrv.yes" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-06-2013 01
Ran by Tani (administrator) on 06-06-2013 00:18:13
Running from C:\Users\Tani\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHTU.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2967352 2012-11-06] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13191312 2013-03-13] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [ISW]  [x]
HKCU\...\Run: [EPSON SX210 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Users\Tani\AppData\Local\Temp\E_S427.tmp" /EF "HKCU" [x]
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18643048 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73832 2013-03-27] (Check Point Software Technologies LTD)
AppInit_DLLs: C:\windows\system32\nvinitx.dll [244184 2012-10-23] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKCU SearchScopes: DefaultScope {C46AB014-AC2D-4E36-8028-703D4BBD0C91} URL = 
SearchScopes: HKCU - {C46AB014-AC2D-4E36-8028-703D4BBD0C91} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Norton Identity Protection) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0
CHR Extension: (Gmail) - C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [91472 2012-09-21] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [102224 2012-08-17] (Condusiv Technologies)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2921520 2013-04-09] (Samsung Electronics CO., LTD.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\system32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-03-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-03-13] (Symantec Corporation)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23376 2012-08-17] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [103248 2012-08-17] (Condusiv Technologies)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130604.001\IDSvia64.sys [513184 2013-06-01] (Symantec Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130605.002\ENG64.SYS [126040 2013-06-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130605.002\EX64.SYS [2098776 2013-06-04] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-03-13] (Symantec Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
R3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; \SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [x]
R3 ccSet_NIS; \SystemRoot\system32\drivers\NISx64\1403010.016\ccSetx64.sys [x]
R3 SRTSP; \SystemRoot\System32\Drivers\NISx64\1403010.016\SRTSP64.SYS [x]
R3 SRTSPX; \SystemRoot\system32\drivers\NISx64\1403010.016\SRTSPX64.SYS [x]
R3 SymDS; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMDS64.SYS [x]
R3 SymEFA; \SystemRoot\system32\drivers\NISx64\1403010.016\SYMEFA64.SYS [x]
S0 SymELAM; system32\drivers\NISx64\1403010.016\SymELAM.sys [x]
R3 SymIRON; \SystemRoot\system32\drivers\NISx64\1403010.016\Ironx64.SYS [x]
R3 SymNetS; \SystemRoot\System32\Drivers\NISx64\1403010.016\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-06 00:13 - 2013-06-03 22:53 - 01916754 ____A (Farbar) C:\Users\Tani\Desktop\FRST64.exe
2013-06-04 09:25 - 2013-06-06 00:15 - 00000000 ____D C:\FRST
2013-06-03 22:53 - 2013-06-03 22:53 - 01916754 ____A (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-06-03 22:47 - 2013-06-03 22:47 - 00051947 ____A C:\Users\Tani\Desktop\2dff9234.zip
2013-06-03 08:20 - 2013-06-03 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller (1).exe
2013-06-03 08:17 - 2013-06-03 08:17 - 00000146 ____A C:\Users\Tani\Desktop\emsi.zip
2013-06-03 08:09 - 2013-06-03 08:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller.exe
2013-06-03 08:09 - 2013-06-03 08:09 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.09.24.txt
2013-06-03 08:08 - 2013-06-03 08:09 - 00000512 ____A C:\Users\Tani\Desktop\emsi.mbr
2013-06-03 08:05 - 2013-06-03 08:05 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Desktop\mbrmastr (1).exe
2013-06-03 08:05 - 2013-06-03 08:05 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.05.22.txt
2013-06-03 08:04 - 2013-06-03 08:04 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Downloads\mbrmastr.exe
2013-06-02 22:38 - 2013-06-02 22:38 - 00005232 ____A C:\Users\Tani\Desktop\gmer.log
2013-06-02 22:26 - 2013-06-02 22:26 - 00377856 ____A C:\Users\Tani\Desktop\gmer_2.1.19163 (1).exe
2013-06-02 22:23 - 2013-06-02 22:23 - 00377856 ____A C:\Users\Tani\Downloads\gmer_2.1.19163.exe
2013-06-02 22:01 - 2013-06-02 22:01 - 00130860 ____A C:\Users\Tani\Desktop\OTL.Txt
2013-06-02 22:01 - 2013-06-02 22:01 - 00051726 ____A C:\Users\Tani\Desktop\Extras.Txt
2013-06-02 21:53 - 2013-06-02 21:53 - 00051726 ____A C:\Users\Tani\Downloads\Extras.Txt
2013-06-02 21:52 - 2013-06-02 21:52 - 00130856 ____A C:\Users\Tani\Downloads\OTL.Txt
2013-06-02 21:39 - 2013-06-02 21:39 - 00602112 ____A (OldTimer Tools) C:\Users\Tani\Downloads\OTL.exe
2013-06-02 21:38 - 2013-06-02 21:40 - 00000470 ____A C:\Users\Tani\Downloads\defogger_disable.log
2013-06-02 21:38 - 2013-06-02 21:38 - 00000000 ____A C:\Users\Tani\defogger_reenable
2013-06-02 21:37 - 2013-06-02 21:37 - 00050477 ____A C:\Users\Tani\Downloads\Defogger.exe
2013-06-02 21:12 - 2013-06-02 21:14 - 00417507 ____A C:\Windows\System32\Drivers\vsconfig.xml
2013-06-02 21:12 - 2013-06-02 21:12 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Users\Tani\Documents\ForceField Shared Files
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Users\Tani\AppData\Roaming\CheckPoint
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-02 21:10 - 2013-06-02 21:12 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-06-02 21:08 - 2013-06-02 21:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-06-02 20:57 - 2013-06-02 20:57 - 00000000 ____D C:\Users\Tani\AppData\Roaming\AVG2013
2013-06-02 20:56 - 2013-06-02 20:56 - 00000991 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-02 20:56 - 2013-06-02 20:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\TuneUp Software
2013-06-02 20:55 - 2013-06-02 20:56 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-02 20:55 - 2013-06-02 20:55 - 00000000 ___HD C:\$AVG
2013-06-02 20:55 - 2012-07-26 05:05 - 01343488 ____A (Microsoft Corporation) C:\Windows\System32\dbghelp.dll
2013-06-02 20:54 - 2013-06-02 20:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-02 20:51 - 2013-06-02 20:51 - 00421792 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-25 04:37 - 2013-05-25 04:37 - 00113016 ____A C:\Users\Tani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-25 04:37 - 2013-05-25 04:37 - 00000000 ____D C:\Users\Tani\AppData\Roaming\PDF Architect
2013-05-25 04:33 - 2013-05-25 04:33 - 00001045 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-25 04:33 - 2013-05-25 04:33 - 00001011 ____A C:\Users\Tani\Desktop\PDF Architect.lnk
2013-05-25 04:33 - 2013-05-25 04:33 - 00000000 ____D C:\Users\Tani\Documents\PDF Architect Files
2013-05-25 04:33 - 2013-05-25 04:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-25 04:32 - 2013-05-25 04:33 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-25 04:32 - 2013-05-25 04:32 - 00000000 ____D C:\Users\Tani\AppData\Roaming\pdfforge
2013-05-25 04:32 - 2013-04-09 15:13 - 00110264 ____A (pdfforge GmbH) C:\Windows\System32\pdfcmon.dll
2013-05-25 04:32 - 2012-05-05 11:54 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCT2.OCX
2013-05-25 04:32 - 2012-05-05 11:54 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-05-25 04:32 - 2012-05-05 11:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-05-25 04:32 - 1998-07-06 18:56 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-05-25 04:32 - 1998-07-06 18:55 - 00158208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2013-05-25 04:32 - 1998-07-06 18:55 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2013-05-25 03:58 - 2013-05-25 03:58 - 17502040 ____A (pdfforge GbR) C:\Users\Tani\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-24 00:07 - 2013-05-25 03:34 - 00000000 ____D C:\Users\Tani\Desktop\EC
2013-05-21 22:43 - 2013-04-09 07:33 - 00489576 ____A (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2013-05-21 22:43 - 2013-04-09 07:33 - 00446792 ____A (Microsoft Corporation) C:\Windows\System32\AudioSes.dll
2013-05-21 22:43 - 2013-04-09 07:33 - 00253544 ____A (Microsoft Corporation) C:\Windows\System32\audiodg.exe
2013-05-21 22:43 - 2013-04-09 07:27 - 00284424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\spaceport.sys
2013-05-21 22:43 - 2013-04-09 07:20 - 00306952 ____A (Microsoft Corporation) C:\Windows\System32\kd_02_10ec.dll
2013-05-21 22:43 - 2013-04-09 07:20 - 00086280 ____A (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2013-05-21 22:43 - 2013-04-09 07:18 - 00077960 ____A (Microsoft Corporation) C:\Windows\System32\kdvm.dll
2013-05-21 22:43 - 2013-04-09 07:17 - 01829408 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-05-21 22:43 - 2013-04-09 06:52 - 00816128 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2013-05-21 22:43 - 2013-04-09 06:52 - 00804352 ____A (Microsoft Corporation) C:\Windows\System32\RecoveryDrive.exe
2013-05-21 22:43 - 2013-04-09 06:52 - 00373760 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2013-05-21 22:43 - 2013-04-09 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2013-05-21 22:43 - 2013-04-09 06:52 - 00126464 ____A (Microsoft Corporation) C:\Windows\System32\Robocopy.exe
2013-05-21 22:43 - 2013-04-09 06:51 - 14267904 ____A (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 13648384 ____A (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 10116096 ____A (Microsoft Corporation) C:\Windows\System32\twinui.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 03552768 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 00595456 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 00523264 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 00456704 ____A (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-05-21 22:43 - 2013-04-09 06:51 - 00367616 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-05-21 22:43 - 2013-04-09 06:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 02107904 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 01285632 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00745984 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00435200 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00422400 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00414720 ____A (Microsoft Corporation) C:\Windows\System32\GenuineCenter.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2013-05-21 22:43 - 2013-04-09 06:50 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 01444864 ____A (Microsoft Corporation) C:\Windows\System32\MSAudDecMFT.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00817152 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00468992 ____A (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00281088 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\fhengine.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00210432 ____A (Microsoft Corporation) C:\Windows\System32\iuilp.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00196096 ____A (Microsoft Corporation) C:\Windows\System32\dmvdsitf.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\dwmredir.dll
2013-05-21 22:43 - 2013-04-09 06:49 - 00050176 ____A (Microsoft Corporation) C:\Windows\System32\fmifs.dll
2013-05-21 22:43 - 2013-04-09 06:48 - 02303488 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-21 22:43 - 2013-04-09 06:48 - 00785408 ____A (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2013-05-21 22:43 - 2013-04-09 06:48 - 00419840 ____A (Microsoft Corporation) C:\Windows\System32\intl.cpl
2013-05-21 22:43 - 2013-04-09 06:48 - 00169472 ____A (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll
2013-05-21 22:43 - 2013-04-09 04:35 - 04038144 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-21 22:43 - 2013-04-09 04:34 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2013-05-21 22:43 - 2013-04-09 04:34 - 00083968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-05-21 22:43 - 2013-04-09 04:34 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\hidusb.sys
2013-05-21 22:43 - 2013-04-09 04:33 - 00623104 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2013-05-21 22:43 - 2013-04-09 04:33 - 00060416 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndproxy.sys
2013-05-21 22:43 - 2013-04-09 04:32 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\PEAuth.sys
2013-05-21 22:43 - 2013-04-09 04:31 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2013-05-21 22:43 - 2013-04-09 04:31 - 00083456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wanarp.sys
2013-05-21 22:43 - 2013-04-09 01:44 - 00123880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2013-05-21 22:43 - 2013-04-09 01:39 - 01408896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-05-21 22:43 - 2013-04-09 01:37 - 00426024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2013-05-21 22:43 - 2013-04-09 01:37 - 00324368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2013-05-21 22:43 - 2013-04-08 23:52 - 11878912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-05-21 22:43 - 2013-04-08 23:52 - 00670208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2013-05-21 22:43 - 2013-04-08 23:52 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-21 22:43 - 2013-04-08 23:52 - 00302592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2013-05-21 22:43 - 2013-04-08 23:52 - 00171008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2013-05-21 22:43 - 2013-04-08 23:52 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2013-05-21 22:43 - 2013-04-08 23:51 - 10789888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 08857088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 02767360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 02035200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 01593344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 01113600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSAudDecMFT.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00659456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00656896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00411136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00403968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00389632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2013-05-21 22:43 - 2013-04-08 23:51 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00324096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00214528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00186880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00155648 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fmifs.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00035328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2013-05-21 22:43 - 2013-04-08 23:51 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2013-05-21 22:43 - 2013-04-05 01:30 - 00503080 ____A (Microsoft Corporation) C:\Windows\System32\ci.dll
2013-05-21 22:43 - 2013-04-03 00:08 - 00387688 ____A C:\Windows\System32\ApnDatabase.xml
2013-05-21 22:43 - 2013-03-30 20:16 - 01403784 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2013-05-21 22:43 - 2013-03-30 20:16 - 01267424 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2013-05-21 22:43 - 2013-03-29 00:09 - 01217328 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2013-05-21 22:43 - 2013-03-29 00:09 - 01093880 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2013-05-21 22:43 - 2013-03-16 00:05 - 00298456 ____A (Microsoft Corporation) C:\Windows\System32\rsaenh.dll
2013-05-21 22:43 - 2013-03-16 00:05 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2013-05-21 22:43 - 2012-12-13 06:00 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-21 22:43 - 2012-12-13 05:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-05-21 18:40 - 2013-05-07 22:07 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-21 18:40 - 2013-05-07 22:07 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-20 23:05 - 2013-04-10 01:17 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-20 23:05 - 2013-04-10 01:17 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-20 23:05 - 2013-04-10 01:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-20 23:05 - 2013-04-10 01:17 - 00915968 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2013-05-20 23:05 - 2013-04-10 01:17 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-20 23:05 - 2013-04-10 01:17 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-20 23:05 - 2013-04-10 01:16 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-20 23:05 - 2013-04-10 01:16 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-20 23:05 - 2013-04-10 01:16 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-20 23:05 - 2013-04-10 01:16 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-20 23:05 - 2013-04-10 00:30 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-20 23:05 - 2013-04-10 00:30 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-20 23:05 - 2013-04-10 00:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-20 11:45 - 2013-04-16 04:34 - 01455368 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 15:45 - 2013-03-06 09:10 - 00112872 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 15:45 - 2013-03-06 08:31 - 19758592 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 15:45 - 2013-03-06 08:31 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 15:45 - 2013-03-06 08:29 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-17 15:45 - 2013-03-06 07:03 - 17561600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-17 15:45 - 2013-03-06 07:03 - 00199168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-17 14:36 - 2013-03-15 02:17 - 00861184 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2013-05-17 12:01 - 2013-03-22 05:49 - 02382336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2013-05-17 12:01 - 2013-03-22 00:47 - 02851840 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2013-05-16 16:03 - 2013-04-11 08:40 - 06987528 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-16 12:57 - 2013-05-16 12:57 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-05-16 09:32 - 2013-05-16 09:32 - 00001956 ____A C:\Users\Public\Desktop\SW Update.lnk
2013-05-07 21:42 - 2013-05-07 21:42 - 02703499 ____A C:\Users\Tani\Desktop\BAH_Presentation_Tanja_Christa.pptx

==================== One Month Modified Files and Folders =======

2013-06-06 00:15 - 2013-06-04 09:25 - 00000000 ____D C:\FRST
2013-06-06 00:08 - 2013-03-17 19:17 - 00000000 ____D C:\Users\Tani\AppData\Roaming\Skype
2013-06-05 23:35 - 2013-03-03 02:02 - 00000000 ____D C:\ProgramData\MFAData
2013-06-05 23:34 - 2013-03-03 01:24 - 00001118 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-05 23:00 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\System32\sru
2013-06-05 22:35 - 2012-08-23 19:21 - 01462628 ____A C:\Windows\WindowsUpdate.log
2013-06-05 18:37 - 2013-03-03 01:26 - 00002195 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-05 18:34 - 2013-03-03 01:24 - 00001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-05 18:31 - 2013-03-13 01:40 - 00000000 ____D C:\ProgramData\WinClon
2013-06-03 23:49 - 2012-08-24 11:54 - 00753134 ____A C:\Windows\System32\perfh007.dat
2013-06-03 23:49 - 2012-08-24 11:54 - 00155826 ____A C:\Windows\System32\perfc007.dat
2013-06-03 23:49 - 2012-07-26 09:28 - 01745416 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 23:28 - 2012-07-26 09:22 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-03 22:53 - 2013-06-06 00:13 - 01916754 ____A (Farbar) C:\Users\Tani\Desktop\FRST64.exe
2013-06-03 22:53 - 2013-06-03 22:53 - 01916754 ____A (Farbar) C:\Users\Tani\Downloads\FRST64.exe
2013-06-03 22:47 - 2013-06-03 22:47 - 00051947 ____A C:\Users\Tani\Desktop\2dff9234.zip
2013-06-03 22:43 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-06-03 08:29 - 2012-08-05 23:07 - 00045758 ____A C:\Windows\PFRO.log
2013-06-03 08:20 - 2013-06-03 08:20 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller (1).exe
2013-06-03 08:17 - 2013-06-03 08:17 - 00000146 ____A C:\Users\Tani\Desktop\emsi.zip
2013-06-03 08:09 - 2013-06-03 08:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Tani\Downloads\tdsskiller.exe
2013-06-03 08:09 - 2013-06-03 08:09 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.09.24.txt
2013-06-03 08:09 - 2013-06-03 08:08 - 00000512 ____A C:\Users\Tani\Desktop\emsi.mbr
2013-06-03 08:05 - 2013-06-03 08:05 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Desktop\mbrmastr (1).exe
2013-06-03 08:05 - 2013-06-03 08:05 - 00000999 ____A C:\Users\Tani\Desktop\MBRMastr_2013.06.03_08.05.22.txt
2013-06-03 08:04 - 2013-06-03 08:04 - 00788728 ____A (Emsisoft GmbH) C:\Users\Tani\Downloads\mbrmastr.exe
2013-06-02 22:38 - 2013-06-02 22:38 - 00005232 ____A C:\Users\Tani\Desktop\gmer.log
2013-06-02 22:26 - 2013-06-02 22:26 - 00377856 ____A C:\Users\Tani\Desktop\gmer_2.1.19163 (1).exe
2013-06-02 22:23 - 2013-06-02 22:23 - 00377856 ____A C:\Users\Tani\Downloads\gmer_2.1.19163.exe
2013-06-02 22:01 - 2013-06-02 22:01 - 00130860 ____A C:\Users\Tani\Desktop\OTL.Txt
2013-06-02 22:01 - 2013-06-02 22:01 - 00051726 ____A C:\Users\Tani\Desktop\Extras.Txt
2013-06-02 21:53 - 2013-06-02 21:53 - 00051726 ____A C:\Users\Tani\Downloads\Extras.Txt
2013-06-02 21:52 - 2013-06-02 21:52 - 00130856 ____A C:\Users\Tani\Downloads\OTL.Txt
2013-06-02 21:40 - 2013-06-02 21:38 - 00000470 ____A C:\Users\Tani\Downloads\defogger_disable.log
2013-06-02 21:39 - 2013-06-02 21:39 - 00602112 ____A (OldTimer Tools) C:\Users\Tani\Downloads\OTL.exe
2013-06-02 21:38 - 2013-06-02 21:38 - 00000000 ____A C:\Users\Tani\defogger_reenable
2013-06-02 21:38 - 2013-03-03 01:20 - 00000000 ____D C:\users\Tani
2013-06-02 21:37 - 2013-06-02 21:37 - 00050477 ____A C:\Users\Tani\Downloads\Defogger.exe
2013-06-02 21:14 - 2013-06-02 21:12 - 00417507 ____A C:\Windows\System32\Drivers\vsconfig.xml
2013-06-02 21:12 - 2013-06-02 21:12 - 00000762 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Users\Tani\Documents\ForceField Shared Files
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Users\Tani\AppData\Roaming\CheckPoint
2013-06-02 21:12 - 2013-06-02 21:12 - 00000000 ____D C:\Program Files\CheckPoint
2013-06-02 21:12 - 2013-06-02 21:10 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2013-06-02 21:08 - 2013-06-02 21:08 - 00000000 ____D C:\ProgramData\CheckPoint
2013-06-02 21:01 - 2013-03-03 02:02 - 00000000 ____D C:\Users\Tani\AppData\Local\Avg2013
2013-06-02 21:01 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\ELAM
2013-06-02 20:59 - 2012-07-26 07:26 - 00262144 __ASH C:\Windows\System32\config\BBI
2013-06-02 20:57 - 2013-06-02 20:57 - 00000000 ____D C:\Users\Tani\AppData\Roaming\AVG2013
2013-06-02 20:56 - 2013-06-02 20:56 - 00000991 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-06-02 20:56 - 2013-06-02 20:56 - 00000000 ____D C:\Users\Tani\AppData\Roaming\TuneUp Software
2013-06-02 20:56 - 2013-06-02 20:55 - 00000000 ____D C:\ProgramData\AVG2013
2013-06-02 20:56 - 2012-07-26 10:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-06-02 20:55 - 2013-06-02 20:55 - 00000000 ___HD C:\$AVG
2013-06-02 20:54 - 2013-06-02 20:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-06-02 20:51 - 2013-06-02 20:51 - 00421792 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-25 04:37 - 2013-05-25 04:37 - 00113016 ____A C:\Users\Tani\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-25 04:37 - 2013-05-25 04:37 - 00000000 ____D C:\Users\Tani\AppData\Roaming\PDF Architect
2013-05-25 04:33 - 2013-05-25 04:33 - 00001045 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-25 04:33 - 2013-05-25 04:33 - 00001011 ____A C:\Users\Tani\Desktop\PDF Architect.lnk
2013-05-25 04:33 - 2013-05-25 04:33 - 00000000 ____D C:\Users\Tani\Documents\PDF Architect Files
2013-05-25 04:33 - 2013-05-25 04:33 - 00000000 ____D C:\Program Files (x86)\PDF Architect
2013-05-25 04:33 - 2013-05-25 04:32 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-25 04:32 - 2013-05-25 04:32 - 00000000 ____D C:\Users\Tani\AppData\Roaming\pdfforge
2013-05-25 03:58 - 2013-05-25 03:58 - 17502040 ____A (pdfforge GbR) C:\Users\Tani\Downloads\PDFCreator-1_7_0_setup.exe
2013-05-25 03:46 - 2012-07-26 09:21 - 00035295 ____A C:\Windows\setupact.log
2013-05-25 03:34 - 2013-05-24 00:07 - 00000000 ____D C:\Users\Tani\Desktop\EC
2013-05-24 07:57 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2013-05-24 00:26 - 2012-07-26 10:12 - 00000000 ___RD C:\Windows\ToastData
2013-05-24 00:26 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\WinStore
2013-05-20 01:19 - 2013-03-03 02:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-16 12:57 - 2013-05-16 12:57 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-05-16 12:55 - 2013-03-04 20:46 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-16 09:32 - 2013-05-16 09:32 - 00001956 ____A C:\Users\Public\Desktop\SW Update.lnk
2013-05-13 12:56 - 2013-03-17 13:59 - 00011820 ____A C:\Users\Tani\Desktop\Mappe1.xlsx
2013-05-07 22:07 - 2013-05-21 18:40 - 00693112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-07 22:07 - 2013-05-21 18:40 - 00078200 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-07 21:42 - 2013-05-07 21:42 - 02703499 ____A C:\Users\Tani\Desktop\BAH_Presentation_Tanja_Christa.pptx

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-06-04 23:40

==================== End Of Log ============================

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 03-06-2013 01
Ran by Tani at 2013-06-06 00:19:21 Run:
Running from C:\Users\Tani\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
AVG 2013 (Version: 13.0.2904)
AVG 2013 (Version: 13.0.3184)
AVG 2013 (Version: 2013.0.2904)
Citavi (Version: 3.4.0.2)
CyberLink Power2Go 8 (Version: 8.0.0.1912)
CyberLink PowerDVD 10 (Version: 10.0.4421.02)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Easy File Share (Version: 1.3.4)
EPSON BX535WD Series Printer Uninstall
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Handbuch
EPSON SX210 Series Printer Uninstall
ETDWare PS/2-X64 11.14.1.3_WHQL (Version: 11.14.1.3)
ExpressCache (Version: 1.0.94)
Free YouTube to MP3 Converter version 3.12.2.430 (Version: 3.12.2.430)
FreeMind (Version: 0.9.0)
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Help Desk (Version: 1.0.7)
HyperSnap 7 (Version: 7.23.02)
Intel PROSet Wireless
Intel(R) Processor Graphics (Version: 9.17.10.2932)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.5.4.0423)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.6.1209.0268)
Intel(R) Rapid Storage Technology (Version: 11.5.2.1001)
Intel® PROSet/Wireless WiFi-Software (Version: 15.05.6000.1620)
Java Auto Updater (Version: 2.0.2.4)
Java(TM) 6 Update 23 (Version: 6.0.230)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Norton Internet Security (Version: 20.3.1.22)
Norton Online Backup (Version: 2.2.3.51)
Norton Online Backup ARA (Version: 4.1.0.14)
NVIDIA Grafiktreiber 307.32 (Version: 307.32)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA Systemsteuerung 307.32 (Version: 307.32)
NVIDIA Update Components (Version: 1.10.8)
PDF Architect (Version: 1.1.83.9982)
PDFCreator (Version: 1.7.0)
Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6699)
Recovery (Version: 6.0.6.5)
S Agent (Version: 1.1.30)
Settings (Version: 2.0.0)
Skype™ 6.3 (Version: 6.3.105)
Support Center (Version: 2.0.15)
Support Center FAQ (Version: 1.0.5)
SW Update (Version: 2.1.14)
Synaptics Pointing Device Driver (Version: 16.2.21.0)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
User Guide (Version: 1.3.00)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.2 (Version: 2.0.2)
ZoneAlarm Firewall (Version: 11.0.000.504)
ZoneAlarm Free Firewall (Version: 11.0.000.504)
ZoneAlarm LTD Toolbar
ZoneAlarm Security (Version: 11.0.000.504)

==================== Restore Points  =========================

22-04-2013 10:06:08 Geplanter Prüfpunkt
13-05-2013 08:42:49 Geplanter Prüfpunkt
16-05-2013 07:30:48 Installed SW Update
19-05-2013 23:17:24 Windows Update
02-06-2013 18:54:19 Installed AVG 2013

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2013 11:29:51 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ZeroConfigService.exe, Version: 15.5.5.0, Zeitstempel: 0x5060e311
Name des fehlerhaften Moduls: MurocApi.dll, Version: 15.5.5.0, Zeitstempel: 0x5060e22c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000265e0
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xZeroConfigService.exe0
Pfad der fehlerhaften Anwendung: ZeroConfigService.exe1
Pfad des fehlerhaften Moduls: ZeroConfigService.exe2
Berichtskennung: ZeroConfigService.exe3
Vollständiger Name des fehlerhaften Pakets: ZeroConfigService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ZeroConfigService.exe5

Error: (06/02/2013 11:36:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.13.732, Zeitstempel: 0x508676e8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x10b0
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvvsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvvsvc.exe5

Error: (06/02/2013 11:36:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.732, Zeitstempel: 0x508665b7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x20a0
Startzeit der fehlerhaften Anwendung: 0xnvxdsync.exe0
Pfad der fehlerhaften Anwendung: nvxdsync.exe1
Pfad des fehlerhaften Moduls: nvxdsync.exe2
Berichtskennung: nvxdsync.exe3
Vollständiger Name des fehlerhaften Pakets: nvxdsync.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvxdsync.exe5

Error: (06/02/2013 10:07:05 PM) (Source: RasClient) (User: )
Description: CoID={DC4CD176-B605-4591-B12C-AC2B7763B3B9}: Der Benutzer "Tanja\Tani" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (06/02/2013 10:02:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvvsvc.exe, Version: 8.17.13.732, Zeitstempel: 0x508676e8
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1500
Startzeit der fehlerhaften Anwendung: 0xnvvsvc.exe0
Pfad der fehlerhaften Anwendung: nvvsvc.exe1
Pfad des fehlerhaften Moduls: nvvsvc.exe2
Berichtskennung: nvvsvc.exe3
Vollständiger Name des fehlerhaften Pakets: nvvsvc.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvvsvc.exe5

Error: (06/02/2013 10:02:18 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: nvxdsync.exe, Version: 8.17.13.732, Zeitstempel: 0x508665b7
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x10c0
Startzeit der fehlerhaften Anwendung: 0xnvxdsync.exe0
Pfad der fehlerhaften Anwendung: nvxdsync.exe1
Pfad des fehlerhaften Moduls: nvxdsync.exe2
Berichtskennung: nvxdsync.exe3
Vollständiger Name des fehlerhaften Pakets: nvxdsync.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: nvxdsync.exe5

Error: (06/02/2013 09:30:23 PM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16537 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 101c

Startzeit: 01ce5fc382ad6d4c

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: d69aad48-cbba-11e2-be85-c48508c7e79f

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (06/02/2013 08:52:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avgrunasx.exe, Version: 13.0.0.2780, Zeitstempel: 0x50851e3b
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00024726
ID des fehlerhaften Prozesses: 0x1578
Startzeit der fehlerhaften Anwendung: 0xavgrunasx.exe0
Pfad der fehlerhaften Anwendung: avgrunasx.exe1
Pfad des fehlerhaften Moduls: avgrunasx.exe2
Berichtskennung: avgrunasx.exe3
Vollständiger Name des fehlerhaften Pakets: avgrunasx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: avgrunasx.exe5

Error: (05/25/2013 02:10:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Tanja)
Description: Das Paket „Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (05/20/2013 11:36:40 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16433, Zeitstempel: 0x50763312
Name des fehlerhaften Moduls: thumbcache.dll, Version: 6.2.9200.16384, Zeitstempel: 0x501080ee
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000021db3
ID des fehlerhaften Prozesses: 0x1a4
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5


System errors:
=============
Error: (06/05/2013 06:34:20 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:34:11 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:34:02 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:30:25 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:30:16 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:30:07 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:29:57 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:29:48 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:29:39 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869

Error: (06/05/2013 06:29:30 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue[::]:2869


Microsoft Office Sessions:
=========================
Error: (06/03/2013 11:29:51 PM) (Source: Application Error)(User: )
Description: ZeroConfigService.exe15.5.5.05060e311MurocApi.dll15.5.5.05060e22cc000000500000000000265e0c4401ce60a16df60291C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exeC:\Program Files\Intel\WiFi\bin\MurocApi.dllb92543be-cc94-11e2-be89-c48508c7e79f

Error: (06/02/2013 11:36:37 PM) (Source: Application Error)(User: )
Description: nvvsvc.exe8.17.13.732508676e8unknown0.0.0.000000000c0000005000000000000000010b001ce5fd942389fa9C:\windows\system32\nvvsvc.exeunknown805c62c3-cbcc-11e2-be85-c48508c7e79f

Error: (06/02/2013 11:36:37 PM) (Source: Application Error)(User: )
Description: nvxdsync.exe8.17.13.732508665b7unknown0.0.0.000000000c0000005000000000000000020a001ce5fd9422cb3e9C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeunknown80553bbb-cbcc-11e2-be85-c48508c7e79f

Error: (06/02/2013 10:07:05 PM) (Source: RasClient)(User: )
Description: {DC4CD176-B605-4591-B12C-AC2B7763B3B9}Tanja\TaniBreitbandverbindung651

Error: (06/02/2013 10:02:18 PM) (Source: Application Error)(User: )
Description: nvvsvc.exe8.17.13.732508676e8unknown0.0.0.000000000c00000050000000000000000150001ce5fcc15027066C:\windows\system32\nvvsvc.exeunknown535ea654-cbbf-11e2-be85-c48508c7e79f

Error: (06/02/2013 10:02:18 PM) (Source: Application Error)(User: )
Description: nvxdsync.exe8.17.13.732508665b7unknown0.0.0.000000000c0000005000000000000000010c001ce5fcc14c93733C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeunknown5345328c-cbbf-11e2-be85-c48508c7e79f

Error: (06/02/2013 09:30:23 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16537101c01ce5fc382ad6d4c0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEd69aad48-cbba-11e2-be85-c48508c7e79f

Error: (06/02/2013 08:52:12 PM) (Source: Application Error)(User: )
Description: avgrunasx.exe13.0.0.278050851e3bunknown0.0.0.000000000c000000500024726157801ce5fc249e165b6C:\ProgramData\MFAData\pack\avgrunasx.exeunknown88cc3d9c-cbb5-11e2-be84-c48508c7e79f

Error: (05/25/2013 02:10:40 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Tanja)
Description: Microsoft.Reader_6.2.8516.0_x64__8wekyb3d8bbwe

Error: (05/20/2013 11:36:40 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.2.9200.1643350763312thumbcache.dll6.2.9200.16384501080eec00000050000000000021db31a401ce55998a510b98C:\windows\Explorer.EXEC:\Windows\System32\thumbcache.dll5b293fe0-c195-11e2-be81-c48508c7e79f


CodeIntegrity Errors:
===================================
  Date: 2013-06-03 23:27:48.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\2dff9234.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-03 23:14:46.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\2dff9234.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-03 23:05:11.848
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\2dff9234.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-03 08:29:27.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\Drivers\2dff9234.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-03 08:16:36.793
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-03 08:03:53.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 23:15:48.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 22:24:00.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 22:02:10.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-02 21:47:59.600
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 7893.53 MB
Available physical RAM: 5343.31 MB
Total Pagefile: 9365.53 MB
Available Pagefile: 5992.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:907.17 GB) (Free:856.22 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

==================== End Of Log ============================
         
--- --- ---

Alt 06.06.2013, 10:38   #14
aharonov
/// TB-Ausbilder
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



Hallo,

sieht schon besser aus.


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von MBAR
  • Log von OTL
__________________
cheers,
Leo

Alt 10.06.2013, 23:35   #15
Tanja_183
 
Brief von Telekom Abuse Team erhalten- Spamversand. - Standard

Brief von Telekom Abuse Team erhalten- Spamversand.



hallo, hat ein bisschen gedauert hier die ergebnisse :-)AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 10/06/2013 um 23:37:00 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzer : Tani - TANJA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tani\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Tani\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2774 octets] - [10/06/2013 23:37:00]

########## EOF - C:\AdwCleaner[S1].txt - [2834 octets] ##########
         
--- --- ---

Hier der MBRA LOG:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Tani :: TANJA [limited]

10.06.2013 23:51:53
mbar-log-2013-06-10 (23-51-53).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 256859
Time elapsed: 10 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 5
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\n (Trojan.0Access) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-18\$e875a33fce4a1825704d257ec25f7be7\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

da 2 Scans damit durchgeführt wurden hier der zweite LOG:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.10.08

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16580
Tani :: TANJA [limited]

11.06.2013 00:11:44
mbar-log-2013-06-11 (00-11-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 256288
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

und hier der OTL-Text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.06.2013 00:26:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tani\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16580)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,71 Gb Total Physical Memory | 4,50 Gb Available Physical Memory | 58,37% Memory free
9,02 Gb Paging File | 5,58 Gb Available in Paging File | 61,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907,17 Gb Total Space | 857,79 Gb Free Space | 94,56% Space Free | Partition Type: NTFS
Drive E: | 3,69 Gb Total Space | 3,53 Gb Free Space | 95,69% Space Free | Partition Type: FAT32
 
Computer Name: TANJA | User Name: Tani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.11 00:25:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tani\Downloads\OTL (3).exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.07 18:29:26 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
PRC - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013.03.27 13:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.23 19:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012.10.19 17:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012.10.19 17:34:16 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012.10.19 17:34:06 | 002,624,120 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012.09.06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2012.08.27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2012.08.15 21:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012.06.08 05:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012.04.03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.05.14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2012.10.19 17:34:20 | 000,110,200 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012.10.19 17:34:14 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012.10.19 17:34:08 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012.10.19 17:34:02 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012.10.19 17:34:02 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012.06.08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012.06.08 05:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.1.22\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.04.09 06:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.22 16:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.09.24 17:03:12 | 001,153,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012.09.24 17:02:54 | 000,272,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012.09.24 17:02:42 | 000,617,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012.09.24 17:02:16 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012.09.21 03:51:08 | 000,091,472 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Program Files\Elantech\ETDService.exe -- (ETDService)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.09.13 05:33:50 | 000,731,688 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012.08.17 18:09:12 | 000,102,224 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012.08.15 18:08:14 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.04.09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013.04.08 18:44:12 | 001,320,496 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2013.04.08 18:43:36 | 000,799,280 | ---- | M] (pdfforge GmbH) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.03.27 14:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2013.02.28 20:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (NIS)
SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe -- (EraserSvc11220)
SRV - [2012.12.14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.23 19:35:14 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.19 17:34:18 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012.09.06 05:50:40 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012.08.27 09:45:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2012.08.15 12:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012.04.03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.09 07:27:43 | 000,284,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.13 01:37:35 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.12.14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.12.13 11:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2012.11.22 16:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.11.06 12:19:24 | 000,461,624 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.10.26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012.10.23 19:35:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.10.10 12:18:16 | 004,309,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NETwew00.sys -- (NETwNe64)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.24 08:22:34 | 000,321,936 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.09.13 05:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012.09.13 05:35:08 | 000,162,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012.08.29 09:36:54 | 000,857,472 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2012.08.27 09:48:12 | 000,121,728 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2012.08.17 18:09:24 | 000,103,248 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2012.08.17 18:09:24 | 000,023,376 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV:64bit: - [2012.08.06 12:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\iBtFltCoex.sys -- (ibtfltcoex)
DRV:64bit: - [2012.07.31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.07.27 22:00:04 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.06.25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012.06.20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1403010.016\symelam.sys -- (SymELAM)
DRV:64bit: - [2012.06.12 14:41:22 | 000,683,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012.05.26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2011.07.09 06:53:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\SABI.sys -- (SABI)
DRV - [2013.06.04 11:34:02 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130606.004\ex64.sys -- (NAVEX15)
DRV - [2013.06.04 11:34:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130606.004\eng64.sys -- (NAVENG)
DRV - [2013.06.01 03:04:08 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130605.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.03.13 22:56:48 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.13 22:56:48 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{C46AB014-AC2D-4E36-8028-703D4BBD0C91}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{C46AB014-AC2D-4E36-8028-703D4BBD0C91}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-265458620-2719425478-174326876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
IE - HKU\S-1-5-21-265458620-2719425478-174326876-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
IE - HKU\S-1-5-21-265458620-2719425478-174326876-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-265458620-2719425478-174326876-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-265458620-2719425478-174326876-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.06.02 21:12:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013.06.02 21:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013.03.13 08:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013.05.25 04:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.06.02 21:12:35 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\
CHR - Extension: Google Mail = C:\Users\Tani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-265458620-2719425478-174326876-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-265458620-2719425478-174326876-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW]  File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-265458620-2719425478-174326876-1001..\Run: [EPLTarget\P0000000000000001] C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHTU.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus Office BX535WD" File not found
O4 - HKU\S-1-5-21-265458620-2719425478-174326876-1001..\Run: [EPSON SX210 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Users\Tani\AppData\Local\Temp\E_S427.tmp" /EF "HKCU" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O8 - Extra context menu item: An Bluetooth senden - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76E1CD84-F8C0-479A-8536-FF9107713FF6}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck msln)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.11 00:16:44 | 000,067,632 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\msln.exe
[2013.06.10 23:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.10 23:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.10 23:49:37 | 000,000,000 | ---D | C] -- C:\Users\Tani\Desktop\mbar-1.06.0.1003
[2013.06.10 23:46:07 | 000,000,000 | ---D | C] -- C:\Users\Tani\Desktop\Neuer Ordner
[2013.06.10 23:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.06.04 09:25:29 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.02 22:01:09 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Local\Diagnostics
[2013.06.02 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tani\Documents\ForceField Shared Files
[2013.06.02 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\CheckPoint
[2013.06.02 21:12:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.06.02 21:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.06.02 21:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.06.02 21:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.06.02 20:57:12 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\AVG2013
[2013.06.02 20:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.06.02 20:56:23 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\TuneUp Software
[2013.06.02 20:55:18 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.06.02 20:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.06.02 20:54:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.05.25 04:37:01 | 000,000,000 | ---D | C] -- C:\Users\Tani\AppData\Roaming\PDF Architect
[2013.05.25 04:33:31 | 000,000,000 | ---D | C] -- C:\Users\Tani\Documents\PDF Architect Files
[2013.05.25 04:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2013.05.25 04:33:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2013.05.25 04:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2013.05.25 04:32:56 | 000,110,264 | ---- | C] (pdfforge GmbH) -- C:\windows\SysNative\pdfcmon.dll
[2013.05.25 04:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2013.05.24 00:07:27 | 000,000,000 | ---D | C] -- C:\Users\Tani\Desktop\EC
[2013.03.13 01:53:02 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.11 00:16:44 | 000,067,632 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\msln.exe
[2013.06.11 00:07:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013.06.11 00:05:53 | 000,001,114 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.11 00:05:20 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.06.11 00:05:19 | 2326,601,727 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.10 23:37:22 | 000,000,101 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013.06.10 23:34:00 | 000,001,118 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.10 23:33:17 | 013,169,742 | ---- | M] () -- C:\Users\Tani\Desktop\mbar-1.06.0.1003.zip
[2013.06.10 23:32:42 | 000,648,201 | ---- | M] () -- C:\Users\Tani\Desktop\adwcleaner.exe
[2013.06.09 23:03:45 | 002,365,943 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1337.jpg
[2013.06.09 23:02:24 | 002,131,416 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1340.jpg
[2013.06.09 22:59:57 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1342 - Verknüpfung.lnk
[2013.06.09 22:59:43 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1338 - Verknüpfung.lnk
[2013.06.09 22:40:41 | 001,795,447 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1326.jpg
[2013.06.09 22:40:14 | 001,774,803 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1330.jpg
[2013.06.09 22:39:49 | 002,003,773 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1322.jpg
[2013.06.09 22:38:53 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1330 - Verknüpfung.lnk
[2013.06.09 22:38:47 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1326 - Verknüpfung.lnk
[2013.06.09 22:38:36 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1322 - Verknüpfung.lnk
[2013.06.09 22:34:38 | 001,716,968 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1343.jpg
[2013.06.09 22:32:34 | 000,001,255 | ---- | M] () -- C:\Users\Tani\Desktop\CIMG1343 - Verknüpfung.lnk
[2013.06.09 22:24:32 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013.06.09 22:24:32 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013.06.09 22:24:32 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013.06.09 22:24:32 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013.06.09 22:24:32 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013.06.05 18:37:22 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.02 21:38:22 | 000,000,000 | ---- | M] () -- C:\Users\Tani\defogger_reenable
[2013.06.02 21:14:47 | 000,417,507 | ---- | M] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2013.06.02 21:12:07 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.06.02 20:56:24 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.02 20:51:28 | 000,421,792 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.26 21:38:52 | 002,663,286 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213851.jpg
[2013.05.26 21:38:42 | 002,494,992 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213841.jpg
[2013.05.26 21:38:38 | 003,047,381 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213837.jpg
[2013.05.26 21:36:17 | 002,715,596 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213617.jpg
[2013.05.26 21:36:10 | 002,780,260 | ---- | M] () -- C:\Users\Tani\Desktop\IMG_20130526_213610.jpg
[2013.05.25 10:29:56 | 146,551,997 | ---- | M] () -- C:\Users\Tani\Desktop\FINAL VERSION THESIS.pdf
[2013.05.25 04:33:00 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.05.25 03:48:14 | 002,684,769 | ---- | M] () -- C:\Users\Tani\Desktop\Aktuelle Version BA.pdf
[2013.05.16 12:57:31 | 000,000,206 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013.05.16 09:32:22 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\SW Update.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.10 23:37:11 | 000,000,101 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013.06.10 23:33:03 | 013,169,742 | ---- | C] () -- C:\Users\Tani\Desktop\mbar-1.06.0.1003.zip
[2013.06.10 23:32:04 | 000,648,201 | ---- | C] () -- C:\Users\Tani\Desktop\adwcleaner.exe
[2013.06.09 23:03:44 | 002,365,943 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1337.jpg
[2013.06.09 23:02:23 | 002,131,416 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1340.jpg
[2013.06.09 22:59:57 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1342 - Verknüpfung.lnk
[2013.06.09 22:59:43 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1338 - Verknüpfung.lnk
[2013.06.09 22:40:40 | 001,795,447 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1326.jpg
[2013.06.09 22:40:13 | 001,774,803 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1330.jpg
[2013.06.09 22:39:49 | 002,003,773 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1322.jpg
[2013.06.09 22:38:53 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1330 - Verknüpfung.lnk
[2013.06.09 22:38:47 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1326 - Verknüpfung.lnk
[2013.06.09 22:38:36 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1322 - Verknüpfung.lnk
[2013.06.09 22:34:37 | 001,716,968 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1343.jpg
[2013.06.09 22:32:34 | 000,001,255 | ---- | C] () -- C:\Users\Tani\Desktop\CIMG1343 - Verknüpfung.lnk
[2013.06.02 21:38:22 | 000,000,000 | ---- | C] () -- C:\Users\Tani\defogger_reenable
[2013.06.02 21:12:45 | 000,417,507 | ---- | C] () -- C:\windows\SysNative\drivers\vsconfig.xml
[2013.06.02 21:12:07 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2013.06.02 20:56:23 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.02 20:51:23 | 000,421,792 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013.05.26 21:46:02 | 002,663,286 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213851.jpg
[2013.05.26 21:46:01 | 003,047,381 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213837.jpg
[2013.05.26 21:46:01 | 002,494,992 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213841.jpg
[2013.05.26 21:46:00 | 002,780,260 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213610.jpg
[2013.05.26 21:46:00 | 002,715,596 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130526_213617.jpg
[2013.05.26 21:44:53 | 002,579,831 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130401_212353.jpg
[2013.05.26 21:44:50 | 002,296,235 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130401_212329.jpg
[2013.05.26 21:44:45 | 001,358,364 | ---- | C] () -- C:\Users\Tani\Desktop\IMG_20130401_212245.jpg
[2013.05.25 10:29:38 | 146,551,997 | ---- | C] () -- C:\Users\Tani\Desktop\FINAL VERSION THESIS.pdf
[2013.05.25 04:33:00 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2013.05.25 03:48:14 | 002,684,769 | ---- | C] () -- C:\Users\Tani\Desktop\Aktuelle Version BA.pdf
[2013.05.21 22:43:28 | 000,387,688 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013.05.16 12:57:31 | 000,000,206 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2013.05.16 09:32:21 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\SW Update.lnk
[2013.03.13 01:53:02 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013.03.07 20:09:18 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013.03.03 18:14:47 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2013.03.03 18:14:46 | 000,111,932 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2013.03.03 18:14:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2013.03.03 18:14:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2013.03.03 18:14:46 | 000,026,154 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2013.03.03 18:14:46 | 000,024,903 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2013.03.03 18:14:46 | 000,021,390 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2013.03.03 18:14:46 | 000,020,148 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2013.03.03 18:14:46 | 000,011,811 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2013.03.03 18:14:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2013.03.03 18:14:46 | 000,001,146 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_DU.dat
[2013.03.03 18:14:46 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2013.03.03 18:14:46 | 000,001,139 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2013.03.03 18:14:46 | 000,001,136 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2013.03.03 18:14:46 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2013.03.03 18:14:46 | 000,001,129 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2013.03.03 18:14:46 | 000,001,120 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_IT.dat
[2013.03.03 18:14:46 | 000,001,107 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_GE.dat
[2013.03.03 18:14:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012.12.14 03:42:24 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012.12.14 03:42:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2013.03.03 01:29:40 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.02 20:57:12 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\AVG2013
[2013.06.10 23:37:13 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\CheckPoint
[2013.05.02 17:21:32 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\DVDVideoSoft
[2013.05.25 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\PDF Architect
[2013.03.03 01:31:05 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Swiss Academic Software
[2013.03.03 12:44:55 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\Synaptics
[2013.06.02 20:56:23 | 000,000,000 | ---D | M] -- C:\Users\Tani\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Antwort

Themen zu Brief von Telekom Abuse Team erhalten- Spamversand.
abuse, abuse team, account, beste, besten, brief, einzelne, einzelnen, erhalte, erhalten, geschlossen, gesendet, installiert, interne, internetzugang, mails, pcs, port, spam, spam-mails, spamversand, telekom, telekom abuse team, versendet, vorgehen, windows, überprüfe, überprüfen, zugang



Ähnliche Themen: Brief von Telekom Abuse Team erhalten- Spamversand.


  1. Email vom Abuse-Team der Telekom
    Plagegeister aller Art und deren Bekämpfung - 11.08.2015 (14)
  2. Bedep , Skinhole, Meldung Telekom Abuse Team
    Log-Analyse und Auswertung - 31.07.2015 (21)
  3. Brief von Telekom-Abuse-Team (Sinkhole)
    Log-Analyse und Auswertung - 01.07.2015 (7)
  4. Deutsche Telekom Abuse-Team - Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 25.04.2015 (19)
  5. Spamversand über meinen Anschluß, Telekom Abuse Team sperrt Mailversand
    Log-Analyse und Auswertung - 03.04.2015 (11)
  6. Telekom Abuse Team, Infektion: generic
    Plagegeister aller Art und deren Bekämpfung - 01.03.2015 (13)
  7. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Windows - 25.02.2015 (27)
  8. Telekom Abuse Team - generic Trojaner/Virus
    Alles rund um Mac OSX & Linux - 20.02.2015 (9)
  9. Telekom Abuse Team E-Mail - generic Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (9)
  10. Sicherheitswarnung Telekom Abuse Team
    Log-Analyse und Auswertung - 10.02.2015 (13)
  11. Mail von der Telekom/Abuse Team erhalten, dass mein PC mit einem Virus/Trojaner infiziert ist
    Log-Analyse und Auswertung - 14.01.2015 (24)
  12. Telekom Abuse Team warnt vor Bedrohung.
    Plagegeister aller Art und deren Bekämpfung - 31.12.2014 (13)
  13. E-Mail von Telekom Abuse Team erhalten, SMS wurden (nicht von mir) gesendet
    Log-Analyse und Auswertung - 09.07.2013 (11)
  14. Email von Telekom-Abuse-Team | Log-File anbei
    Log-Analyse und Auswertung - 14.02.2013 (11)
  15. Telekom Brief von Abuse-Team
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (9)
  16. Telekom Brief (per Post) vom Abuse Team - PC 1
    Log-Analyse und Auswertung - 26.10.2012 (8)
  17. Telekom Abuse: Spamversand
    Log-Analyse und Auswertung - 23.07.2012 (1)

Zum Thema Brief von Telekom Abuse Team erhalten- Spamversand. - Hallo wir haben vom Telekom Abuse Team einen Brief erhalten, dass von unserem Internetzugang aus Spam versendet wird und der Port 25 geschlossen wird. Nun haben wir mehrere PCs und - Brief von Telekom Abuse Team erhalten- Spamversand....
Archiv
Du betrachtest: Brief von Telekom Abuse Team erhalten- Spamversand. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.