|
ZeuS/ZBot Schädling Schreiben der Telekom (Windows 7 32 und 64 bit) Wurde gestern von der Telekom angeschrieben, dass es unter meinem Internetanschluss einen Virus gibt. Über die Fritzbox habe ich 1 PC und 2 Laptops angeschlossen. Mit Malewarebytes habe ich alle 2 gescannt und auf einem Laptop wurden mehrere Funde gemeldet. 1.) Wenn der Fund nur auf dem Laptop gemeldet wurde, heisst das dann, dass die 2 anderen frei davon sind und dort auch keine Gefahr besteht? 1a.) Von den anderen 2 PC/Laptop kann er auch Passwörter geklaut haben? 2.) Wie bekomme ich ihn weg? Reicht es, wenn ich ihn einfach lösche oder muss ich alles neu aufsetzen? Danke für die Hilfe. Habe einen Scan mit Malewarebytes gemacht und die Funde dann gelöscht. Scanergebnis siehe unten (kann auch falsch gewesen sein, habe es aber bereits so gemacht). Danach hat Malewarebytes keine Funde mehr gebracht. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: CHRISTOPHS-ACER [Administrator] 08.12.2012 22:18:08 mbam-log-2012-12-08 (22-18-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226564 Laufzeit: 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\Christoph\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Kann es dennoch sein, das da etwas übrig geblieben ist? Wie kann ich es ausschliessen? Heute habe ich ein OTL gemacht (nachdem ich gestern die Funde mit Malewarebytes gelöscht habe). OTL logfile created on: 09.12.2012 17:53:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 75,07% Memory free 15,71 Gb Paging File | 13,35 Gb Available in Paging File | 84,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 371,16 Gb Free Space | 81,99% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHS-ACER | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christoph\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Users\Christoph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Steam\SDL.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Users\Christoph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}: C:\Program Files\Acer ProShield\FFExt20 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2107655383-2196893343-2133198507-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001..\Run: [Spotify Web Helper] C:\Users\Christoph\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-21-2107655383-2196893343-2133198507-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2107655383-2196893343-2133198507-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2107655383-2196893343-2133198507-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EF519CB-6278-40C8-9F4E-3D8B78B74500}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC06082A-D005-447B-9D15-3F482FA305BB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.09 17:52:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.08 16:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.08 16:14:00 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.08 16:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.08 16:13:51 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.08 16:13:51 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.08 16:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.08 16:07:21 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes [2012.12.08 16:07:17 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.08 16:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.08 16:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.03 21:29:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{B6100E7B-DB9F-4D3E-9425-BB1DB1CF48B8} [2012.12.03 21:29:11 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\{5FE891E9-0B8E-4B3D-96E6-380E7B7EF980} [2012.12.03 21:28:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Windows Live Writer [2012.12.03 21:28:57 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Local\Windows Live Writer [2012.11.20 17:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2012.11.20 17:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2012.11.17 17:26:30 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.17 17:26:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.17 17:19:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.17 17:19:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.17 17:19:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.17 17:19:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.17 17:19:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.17 17:19:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.17 17:19:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.17 17:19:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.17 17:19:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.17 17:19:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.17 17:19:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.17 17:19:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.17 17:19:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.17 17:19:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.17 17:19:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.17 17:16:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.17 17:16:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.17 17:16:00 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.17 17:16:00 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.16 16:53:10 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.16 16:53:10 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 16:53:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.16 16:53:06 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.16 16:53:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.16 16:53:06 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 16:53:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 16:53:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 16:53:05 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.16 16:52:44 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 16:52:44 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.09 17:52:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe [2012.12.09 16:23:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 16:23:50 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 16:19:17 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.09 16:19:17 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.09 16:19:17 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.09 16:19:17 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.09 16:19:17 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.09 16:14:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.09 16:14:07 | 2030,981,119 | -HS- | M] () -- C:\hiberfil.sys [2012.12.08 21:19:04 | 000,002,040 | ---- | M] () -- C:\Users\Christoph\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.12.08 21:19:04 | 000,001,969 | ---- | M] () -- C:\Users\Christoph\Desktop\Avira DE-Cleaner.lnk [2012.12.08 16:13:44 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.08 16:13:44 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.08 16:13:44 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.08 16:13:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.08 16:13:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.08 16:13:44 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.08 16:09:43 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.30 18:00:39 | 000,001,776 | ---- | M] () -- C:\Users\Christoph\Desktop\Dota 2.lnk [2012.11.17 17:47:36 | 000,431,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.11 16:28:46 | 000,000,051 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Christoph\AppData\Roaming\*.tmp files -> C:\Users\Christoph\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.08 21:19:04 | 000,002,040 | ---- | C] () -- C:\Users\Christoph\Desktop\Entfernen des Avira DE-Cleaners.lnk [2012.12.08 21:19:04 | 000,001,969 | ---- | C] () -- C:\Users\Christoph\Desktop\Avira DE-Cleaner.lnk [2012.12.08 16:07:18 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.11.30 18:00:39 | 000,001,776 | ---- | C] () -- C:\Users\Christoph\Desktop\Dota 2.lnk [2012.11.17 17:26:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 17:15:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.10.23 16:35:10 | 000,000,051 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\blckdom.res [2012.06.01 07:58:46 | 000,004,608 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.13 12:50:31 | 000,008,188 | ---- | C] () -- C:\Users\Christoph\AppData\Roaming\AbsoluteReminder.xml [2011.11.08 12:43:31 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll [2011.11.08 12:42:41 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe [2011.11.08 12:40:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.08 12:39:34 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.08 12:39:34 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.08 12:39:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.08 12:39:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2011.11.08 12:39:31 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.09.08 00:11:48 | 000,322,880 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.23 16:25:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\.minecraft [2012.10.26 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\.techniclauncher [2012.10.23 16:34:33 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\kock [2012.04.13 12:52:27 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Screensaver [2012.09.23 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Spotify [2012.10.26 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\UAs [2012.12.03 21:28:57 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Windows Live Writer [2012.10.26 17:43:48 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > OTL Extras logfile created on: 09.12.2012 17:53:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christoph\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,86 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 75,07% Memory free 15,71 Gb Paging File | 13,35 Gb Available in Paging File | 84,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 452,66 Gb Total Space | 371,16 Gb Free Space | 81,99% Space Free | Partition Type: NTFS Computer Name: CHRISTOPHS-ACER | User Name: Christoph | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1D1F1AB5-CE39-486C-82B1-9DAED3C051D5}" = lport=25565 | protocol=6 | dir=in | name=minecraft | "{3A86A965-C270-4F74-8AD0-F85A57A07377}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{4CB12544-DF96-43A0-A05A-2C380925BF95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{58A17667-567C-46F9-8BDC-0E4A498A73B6}" = lport=25565 | protocol=6 | dir=in | name=minecraft | "{A748E589-D0B5-4E75-9B20-C54E9BD24C40}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{212E8351-1B8C-4E50-A37B-ABC408050BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2286837F-9B67-48F3-92C3-A0CF4B738480}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{3DB7FEFF-0BBC-4D90-8D2E-A62A933D305C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{47978584-10F3-4EAA-B79D-26D155E8307E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4ED5E74B-9C1F-43A0-A86B-C01F08695233}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{61E32594-81BB-40CE-B7BB-D720307C349A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "{6F2A5FB0-103F-46DF-ADA6-4152654E997F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{7200F97C-A654-48AC-ACDB-FE490E3F67A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{74A698A0-74FD-4B2C-9E8E-B5E31B301907}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{7A54A8AE-6DDD-4157-8BDC-D87CAE77F0C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | "{9C771DA4-245E-4518-A947-DD4BE5170984}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe | "{A8CF7999-9C14-4C3C-B56C-C28A6EB05C04}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe | "{AC67D2AB-8779-4BAF-BEA3-666D389AD94E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe | "{CC49355F-3109-4DB1-9DAD-2E6C2802C494}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "{D335CE65-C54B-4317-955C-B29C1121BA0E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{D5D659CC-7EFE-411F-9037-A14BEA34D59E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{DDE3FEB3-2E42-4E51-94FA-FBCB9CEA9AF9}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "{EABAACA9-BB51-4B48-8A13-9B07227E05EA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | "TCP Query User{13EE6A7D-1937-4657-8DEC-B193F18B54B2}C:\users\christoph\desktop\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\christoph\desktop\warcraft iii\war3.exe | "TCP Query User{1633C657-9850-460C-A6F3-BAA1F0151BA0}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{2F20C03A-7F27-429E-9320-4E0BD7D1D53A}C:\users\christoph\desktop\filme\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\christoph\desktop\filme\warcraft iii\war3.exe | "TCP Query User{7E236DBE-D0DF-4E0E-962B-DB28F60CD331}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "TCP Query User{82019A28-F87A-4EC3-99DC-A8CD8E328A3D}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | "TCP Query User{84609D77-17D0-4C91-950A-62BA897A386B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{0EC4D512-05D2-4029-B278-F4702E3242FA}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe | "UDP Query User{30956C1A-CD7F-48EC-B5DE-2A79941FD7AD}C:\users\christoph\desktop\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\christoph\desktop\warcraft iii\war3.exe | "UDP Query User{4DF82A97-7DD5-4A2F-AFEC-BE4595595964}C:\users\christoph\desktop\filme\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\christoph\desktop\filme\warcraft iii\war3.exe | "UDP Query User{87F40FD2-E1F3-41E2-BB0D-BAD7D9236594}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | "UDP Query User{C09ECC13-6719-47B4-994A-6DDB63DFC671}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | "UDP Query User{CDDE4940-FDEB-4B60-8216-4CFDF8A9E385}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.25 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.25 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.25 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{40F4FF7A-B214-4453-B973-080B09CED019}" = Install Absolute Data Protect "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh "{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A34773-F701-46E1-9414-657F35391413}" = SlimComputer "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger "{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7 "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心 "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger "7-Zip" = 7-Zip 9.20 "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "ArcaniA" = ArcaniA - Gothic 4 "Avira AntiVir Desktop" = Avira Free Antivirus "Identity Card" = Identity Card "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "LManager" = Launch Manager "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Steam App 201790" = Orcs Must Die! 2 "Steam App 570" = Dota 2 "Warcraft III" = Warcraft III "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2107655383-2196893343-2133198507-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.12.2012 11:00:57 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 05.12.2012 12:00:35 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 06.12.2012 09:56:03 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 07.12.2012 10:44:39 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 08.12.2012 11:03:25 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 08.12.2012 17:21:49 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 08:56:14 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 10:26:23 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 10:38:57 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = Error - 09.12.2012 11:14:29 | Computer Name = Christophs-acer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 06.10.2012 12:16:29 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = Error - 06.10.2012 12:37:42 | Computer Name = Christophs-acer | Source = BROWSER | ID = 8032 Description = Error - 07.10.2012 05:18:25 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = Error - 07.10.2012 05:22:35 | Computer Name = Christophs-acer | Source = BROWSER | ID = 8032 Description = Error - 08.10.2012 10:56:38 | Computer Name = Christophs-acer | Source = BROWSER | ID = 8032 Description = Error - 10.10.2012 12:50:25 | Computer Name = Christophs-acer | Source = DCOM | ID = 10010 Description = Error - 13.10.2012 13:19:00 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = Error - 13.10.2012 13:21:03 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = Error - 13.10.2012 13:25:00 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = Error - 13.10.2012 13:30:07 | Computer Name = Christophs-acer | Source = bowser | ID = 8003 Description = < End of report > |
:hallo: Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Zitat:
Du wirst verstehen, dass es für mich schwierig ist zu sagen, ob noch Malware auf dem Rechner ist, wenn du nicht alle relevanten Informationen postest. ;) Ich seh noch Reste von Malware auf deinem Rechner. Aber bevor wir uns darum kümmern, brauche ich noch ein paar Informationen. :) So geht es weiter: Schritt 1 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 2 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 3
Code: C:\Users\Christoph\AppData\Roaming\*.
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, zuerst mal Danke für die Hilfe. Habe versucht alles nach bestem Wissen und Gewissen so auszuführen, wie Du es geschrieben hast. Wenn etwas nicht passen sollte, bitte um Info, da ich nicht der Experte bin. Der Laptop gehört meinem Sohn und ich kenne mich in der Materie nicht wirklich aus. Was ich gelöscht habe, ist der Fund von Malewarebytes. Der sah so aus: Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Datenbank Version: v2012.12.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: CHRISTOPHS-ACER [Administrator] 08.12.2012 22:18:08 mbam-log-2012-12-08 (22-18-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 226564 Laufzeit: 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 4 HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\Christoph\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Das war die Empfehlung in dem Schreiben der Telekom, ich solle mit Malewarebytes scannen und den Fund löschen. Gestern hatte ich noch mit CCleaner alles gelöscht, einfacher Lauf. Hier die 3 Schritte (defogger, aswMBR, OTL), hoffe, wie gewünscht. Defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:18 on 10/12/2012 (Christoph) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-10 20:19:26 ----------------------------- 20:19:26.041 OS Version: Windows x64 6.1.7601 Service Pack 1 20:19:26.042 Number of processors: 4 586 0x2A07 20:19:26.042 ComputerName: CHRISTOPHS-ACER UserName: Christoph 20:19:27.004 Initialize success 20:20:07.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:20:07.517 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 20:20:07.525 Disk 0 MBR read successfully 20:20:07.527 Disk 0 MBR scan 20:20:07.528 Disk 0 Windows 7 default MBR code 20:20:07.535 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 20:20:07.548 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024 20:20:07.565 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824 20:20:07.580 Disk 0 scanning C:\Windows\system32\drivers 20:20:12.412 Service scanning 20:20:30.174 Modules scanning 20:20:30.179 Disk 0 trace - called modules: 20:20:30.205 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:20:30.208 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a607060] 20:20:30.211 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007db4050] 20:20:30.214 Scan finished successfully 20:20:50.598 Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat" 20:20:50.601 The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-10 20:22:05 ----------------------------- 20:22:05.656 OS Version: Windows x64 6.1.7601 Service Pack 1 20:22:05.656 Number of processors: 4 586 0x2A07 20:22:05.657 ComputerName: CHRISTOPHS-ACER UserName: Christoph 20:22:06.522 Initialize success 20:22:09.910 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:22:09.911 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3 20:22:09.930 Disk 0 MBR read successfully 20:22:09.932 Disk 0 MBR scan 20:22:09.933 Disk 0 Windows 7 default MBR code 20:22:09.940 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048 20:22:09.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024 20:22:09.970 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 463526 MB offset 27469824 20:22:09.973 Disk 0 scanning C:\Windows\system32\drivers 20:22:13.770 Service scanning 20:22:30.211 Modules scanning 20:22:30.215 Disk 0 trace - called modules: 20:22:30.241 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:22:30.245 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a607060] 20:22:30.570 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007db4050] 20:22:30.573 Scan finished successfully 20:22:40.959 Disk 0 MBR has been saved successfully to "C:\Users\Christoph\Desktop\MBR.dat" 20:22:40.962 The log file has been saved successfully to "C:\Users\Christoph\Desktop\aswMBR.txt" OTLOTL Logfile: Code: OTL logfile created on: 10.12.2012 20:24:38 - Run 2 |
Servus, Scan mit Combofix
|
Habe Combofix laufen lassen. Was ich (denke ich) übersehen habe, ist die Firewall (war wohl nicht abgeschaltet und evtl. Skype?, ansonsten wiess ich nicht was noch ofen war). Wenn ich es nochmal machen soll, bitte sagen. Hast anhand der vorigen Scans erkennen könne, ob noch Schädlinge drauf sind? [Code] Combofix Logfile: Code: ComboFix 12-12-10.01 - Christoph 11.12.2012 19:53:37.1.4 - x64[Code] |
Servus, ComboFix hat noch was gelöscht. :) Aber es gibt nochmal Schädlinge zu löschen: Combofix-Skript
|
Hier di eneue Auswertung. Nach dem Lauf wurde de rPC nicht mehr runtergefahren dun ich habe den Tetx direkt aus der Datei, die sich dann neu geöffnet hat, übernommen. Ist das so ok? Combofix Logfile: Code: ComboFix 12-12-10.01 - Christoph 11.12.2012 21:21:58.2.4 - x64 |
Servus, ja, das ist gut so. :bussi: Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
Hallo, hier die Ergebnisse. [Code] Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.12.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christoph :: CHRISTOPHS-ACER [Administrator] 12.12.2012 21:42:36 mbam-log-2012-12-12 (21-42-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230330 Laufzeit: 3 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) [Code] [Code] ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f0668e73f1f40142b5fd608a7b6adf76 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-12 09:44:31 # local_time=2012-12-12 10:44:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 99 7324 101119154 110 0 # compatibility_mode=5893 16776574 100 94 23592230 106978521 0 0 # scanned=137542 # found=0 # cleaned=0 # scan_time=3051 [Code] [Code] Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 9 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.0 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` [Code] |
Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 2 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 3 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 4 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code: Combofix /UninstallDamit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 5 Downloade dir bitte delfix auf deinen Desktop.
Schritt 6 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
Hallo Matthias, zuerst mal vielen Dank für die Hilfe. Ich werde die beschriebenen Schritte durchführen und auch versuchen die Hinweise zu beachten (auch meinem Sohn nahelegen). Jetzt habe ich doch noch 2-3 Fragen, wenn es nicht zuviel wird. Ich habe ja 4 PC an der Fritzbox (1 PC und 2 Laptops im häufigen Gebrauch mit Window 7 und einen PC mit Windows XP - der seit Monaten nicht mehr genutzt wurde) 1.) Sollte nur der eine Laptop davon betroffen gewesen sein? Wie kann ich feststellen, ob die anderen frei sind? Kann ich da Scans (welche) machen die ich hier reinstellen kann, wo man sehen kann, ob sie frei sind? Ich habe schon Avira und Malewarebytes drüberlaufen lassen, aber ich habe da nicht das sichere Gefühl (obwohl kein Fund gemeldet wird), dass sie frei sind. 2.) Auf dem Windows XP habe ich mit Avira auch einen Schädling gefunden (der PC wurde seit ca. 5-6 Monaten nicht mehr genutzt). Jetzt wollte ich ihn hochfahren und habe zuerst alles aktualisiert und dann hat Avira einen Schädling gemeldet TR/Ransom.F.60 und Malewarebytes hat 2 gefunden PUM.Rightclick.Disabled. Bei diesem wäre es kein Problem, den Rechner neu aufzusetzen, da würde ich nicht bereinigen wollen, falls die schlimmer sind und nicht durch einfaches Entfernen wegzumachen sind. Was müsste ich machen, wenn ich die vorhandenen Treiber behalten wollte (AgfaScanner, Sony BS, etc., die sind schwer zu finden...) und nur das BS neu aufsetzen wollte - wenn es so überhaupt geht. Nochmals vielen Dank. Bitte auch Beitrag oben anschauen, dieser wurde nach dem Beitrag oben erstellt, aber noch befor ich die Schritte durchgeführt habe. Inzwischen habe ich alles so durchgeführt. Nur bei Combofix kam während der Aktion die Meldung, dass die neue Version gedownloaded wird (da habe ich abgebrochen), die Meldung, dass es deinstalliert wurde kam trotzdem (hoffe es ist so noch ok???). |
Servus, Zitat:
Wenn du möchtest, können wir uns den zweiten Laptop und/oder den anderen Desktop Rechner mit Windows 7 auch hier in diesem Thema einmal genauer ansehen. :) Zitat:
Gib mir Bescheid, ob wir einen weiteren Rechner unter die Lupe nehmen sollen oder nicht. ;) |
Ja, bisher haben wir den einen Laptop bearbeitet. Würde es gerne machen, es gibt noch ein Laptop und ein PC mit Windows 7 und einen PC mit Windows XP (der aber - wie gesagt - auch neu aufgesetzt werden kann). Soll ich dann immer CCleaner vor den Scans laufen lassen oder ist es kontraproduktiv? |
Ok, dann führe bitte die folgenden Schritte an dem 2. Laptop aus. :) Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, hier die Dateien von Laptop 2. bei aswMBR wurden 2 Dateien generiert (die zweite mit Sonderzeichen). ddsDDS Logfile: Code: DDS (Ver_2012-11-20.01) - NTFS_AMD64 dds attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 06.05.2012 14:18:21 System Uptime: 13.12.2012 21:15:59 (0 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RC530/RC730 Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz | CPU 1 | 2178/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 230 GiB total, 83,731 GiB free. D: is FIXED (NTFS) - 342 GiB total, 4,374 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP151: 18.11.2012 19:05:28 - Windows-Sicherung RP152: 20.11.2012 17:35:21 - Windows Update RP153: 26.11.2012 15:40:41 - Windows-Sicherung RP154: 27.11.2012 17:04:37 - Windows Update RP155: 28.11.2012 18:18:54 - Windows Update RP156: 02.12.2012 19:00:25 - Windows-Sicherung RP157: 04.12.2012 16:23:29 - Windows Update RP158: 09.12.2012 19:00:21 - Windows-Sicherung RP159: 11.12.2012 17:44:14 - Windows Update RP160: 12.12.2012 20:44:05 - Windows Update . ==== Installed Programs ====================== . ???? ??? Windows Live ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ???????? ?????????? Windows Live ?????????? Windows Live ??????????? ?? Windows Live Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 - Deutsch Agatha Christie - Death on the Nile Apple Application Support Apple Mobile Device Support Apple Software Update ArcaniA - Gothic 4 Artweaver Free 3.0 Audacity 2.0 Authorizer 2.0 Authorizer Ignition Key Support Avira Free Antivirus „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Messenger“ „Windows Live“ fotogalerija BatteryLifeExtender Bejeweled 2 Deluxe Bing Bar Bonjour Browser Manager Build-a-lot Camtasia Studio 7 CCleaner ChargeableUSB Chuzzle Deluxe Cinema 4D version R12 CyberLink Media Suite CyberLink Media+ Player10 CyberLink MediaShow CyberLink Power2Go CyberLink PowerDirector CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue Dota 2 Dota 2 Test Easy Content Share Easy Display Manager Easy Migration Easy Network Manager Easy SpeedUp Manager EasyBatteryManager EasyFileShare ETDWare PS/2-X64 8.0.7.2_WHQL Facebook Video Calling 1.2.0.287 Farm Frenzy Fast Start FL Studio 10 Fotogalerija Windows Live Fraps (remove only) Free Video to MP3 Converter version 5.0.17.903 Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live GIMP 2.8.0 Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) IL Download Manager IL Shared Libraries Insaniquarium Deluxe Intel PROSet Wireless Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Processor Graphics Intel(R) PROSet/Wireless WiFi Software Intel(R) Rapid Storage Technology iTunes Java 7 Update 9 Java Auto Updater Java(TM) 6 Update 32 (64-bit) Java(TM) 7 Update 4 (64-bit) JavaFX 2.1.1 John Deere Drive Green Junk Mail filter update Line 6 Uninstaller Malwarebytes Anti-Malware Version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared 64-bit MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Minecraft Texturepack Editor Movie Color Enhancer MSVCRT MSVCRT_amd64 Multimedia POP MyFreeCodec Native Instruments Guitar Rig 5 Native Instruments Guitar Rig Factory Selection for Maschine Native Instruments Komplete 8 Players Native Instruments Kontakt 5 Native Instruments Kontakt Factory Selection Native Instruments Massive Native Instruments Reaktor 5 Native Instruments Reaktor Factory Selection Native Instruments Service Center No-IP DUC Notepad++ NVIDIA Grafiktreiber 306.23 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Systemsteuerung 306.23 NVIDIA Update 1.10.8 NVIDIA Update Components Paint.NET v3.5.10 Peggle Penguins! PhoneShare Plants vs. Zombies Poczta uslugi Windows Live Podstawowe programy Windows Live Polar Golfer Pošta Windows Live Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Revo Uninstaller 1.94 S?????? f?t???af??? t?? Windows Live Samsung AnyWeb Print Samsung Kies Samsung Printer Live Update Samsung Recovery Solution 5 Samsung Support Center 1.0 Samsung Universal Print Driver Samsung Universal Scan Driver Samsung Update Plus SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Skype™ 5.10 SlimComputer Spotify Steam Text-To-Speech-Runtime The Mouth for Reaktor 1.0 Ulead COOL 360 1.0 Ulead Photo Explorer 8.5 Ulead PhotoImpact 10 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition User Guide VirtualDJ LE (BeatMix) Warcraft III WildTangent Games WildTangent ORB Game Console Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima WordCaptureX Pro YTD Video Downloader 3.9 Zuma Deluxe . ==== End Of File =========================== defogger defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:27 on 13/12/2012 (Lukas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-13 21:28:21 ----------------------------- 21:28:21.613 OS Version: Windows x64 6.1.7601 Service Pack 1 21:28:21.613 Number of processors: 8 586 0x2A07 21:28:21.614 ComputerName: LUKAS-PC UserName: Lukas 21:28:22.630 Initialize success 21:28:42.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:28:42.181 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 3 21:28:42.196 Disk 0 MBR read successfully 21:28:42.198 Disk 0 MBR scan 21:28:42.200 Disk 0 unknown MBR code 21:28:42.205 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:28:42.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 235520 MB offset 206848 21:28:42.220 Disk 0 Partition - 00 0F Extended LBA 350626 MB offset 482551808 21:28:42.244 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 24233 MB offset 1200633856 21:28:42.278 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 350625 MB offset 482553856 21:28:42.318 Disk 0 scanning C:\windows\system32\drivers 21:28:48.210 Service scanning 21:29:07.062 Modules scanning 21:29:07.072 Disk 0 trace - called modules: 21:29:07.094 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 21:29:07.098 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007a76790] 21:29:07.102 3 CLASSPNP.SYS[fffff88001b5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007882050] 21:29:07.106 Scan finished successfully 21:29:19.189 Disk 0 MBR has been saved successfully to "C:\Users\Lukas\Desktop\MBR.dat" 21:29:19.193 The log file has been saved successfully to "C:\Users\Lukas\Desktop\aswMBR.txt" MBR (Sonderzeichen, zweite Datei) 3ÀŽØŽÀŽÐ¼ tdsskiller 21:30:28.0249 3576 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:30:28.0763 3576 ============================================================ 21:30:28.0763 3576 Current date / time: 2012/12/13 21:30:28.0763 21:30:28.0763 3576 SystemInfo: 21:30:28.0763 3576 21:30:28.0763 3576 OS Version: 6.1.7601 ServicePack: 1.0 21:30:28.0763 3576 Product type: Workstation 21:30:28.0763 3576 ComputerName: LUKAS-PC 21:30:28.0763 3576 UserName: Lukas 21:30:28.0763 3576 Windows directory: C:\windows 21:30:28.0763 3576 System windows directory: C:\windows 21:30:28.0763 3576 Running under WOW64 21:30:28.0763 3576 Processor architecture: Intel x64 21:30:28.0763 3576 Number of processors: 8 21:30:28.0763 3576 Page size: 0x1000 21:30:28.0763 3576 Boot type: Normal boot 21:30:28.0763 3576 ============================================================ 21:30:29.0301 3576 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:30:29.0305 3576 ============================================================ 21:30:29.0305 3576 \Device\Harddisk0\DR0: 21:30:29.0305 3576 MBR partitions: 21:30:29.0306 3576 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:30:29.0306 3576 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1CC00000 21:30:29.0326 3576 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1CC33000, BlocksNum 0x2ACD0800 21:30:29.0326 3576 ============================================================ 21:30:29.0368 3576 C: <-> \Device\Harddisk0\DR0\Partition2 21:30:29.0396 3576 D: <-> \Device\Harddisk0\DR0\Partition3 21:30:29.0396 3576 ============================================================ 21:30:29.0396 3576 Initialize success 21:30:29.0396 3576 ============================================================ 21:30:31.0086 3944 ============================================================ 21:30:31.0086 3944 Scan started 21:30:31.0086 3944 Mode: Manual; 21:30:31.0086 3944 ============================================================ 21:30:31.0862 3944 ================ Scan system memory ======================== 21:30:31.0862 3944 System memory - ok 21:30:31.0862 3944 ================ Scan services ============================= 21:30:32.0158 3944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 21:30:32.0161 3944 1394ohci - ok 21:30:32.0202 3944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 21:30:32.0206 3944 ACPI - ok 21:30:32.0229 3944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 21:30:32.0230 3944 AcpiPmi - ok 21:30:32.0485 3944 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:30:32.0495 3944 AdobeFlashPlayerUpdateSvc - ok 21:30:32.0593 3944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 21:30:32.0598 3944 adp94xx - ok 21:30:32.0642 3944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 21:30:32.0645 3944 adpahci - ok 21:30:32.0654 3944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 21:30:32.0655 3944 adpu320 - ok 21:30:32.0682 3944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 21:30:32.0683 3944 AeLookupSvc - ok 21:30:32.0735 3944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 21:30:32.0739 3944 AFD - ok 21:30:32.0764 3944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 21:30:32.0765 3944 agp440 - ok 21:30:32.0788 3944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 21:30:32.0789 3944 ALG - ok 21:30:32.0823 3944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 21:30:32.0823 3944 aliide - ok 21:30:32.0832 3944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 21:30:32.0832 3944 amdide - ok 21:30:32.0856 3944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 21:30:32.0856 3944 AmdK8 - ok 21:30:32.0860 3944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 21:30:32.0861 3944 AmdPPM - ok 21:30:32.0901 3944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 21:30:32.0902 3944 amdsata - ok 21:30:32.0921 3944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 21:30:32.0923 3944 amdsbs - ok 21:30:32.0940 3944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 21:30:32.0940 3944 amdxata - ok 21:30:33.0040 3944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 21:30:33.0041 3944 AntiVirSchedulerService - ok 21:30:33.0076 3944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 21:30:33.0077 3944 AntiVirService - ok 21:30:33.0121 3944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 21:30:33.0122 3944 AppID - ok 21:30:33.0151 3944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 21:30:33.0152 3944 AppIDSvc - ok 21:30:33.0168 3944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 21:30:33.0169 3944 Appinfo - ok 21:30:33.0308 3944 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:30:33.0310 3944 Apple Mobile Device - ok 21:30:33.0339 3944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 21:30:33.0340 3944 arc - ok 21:30:33.0350 3944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 21:30:33.0350 3944 arcsas - ok 21:30:33.0447 3944 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:30:33.0454 3944 aspnet_state - ok 21:30:33.0492 3944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 21:30:33.0493 3944 AsyncMac - ok 21:30:33.0513 3944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 21:30:33.0513 3944 atapi - ok 21:30:33.0562 3944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 21:30:33.0568 3944 AudioEndpointBuilder - ok 21:30:33.0578 3944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 21:30:33.0582 3944 AudioSrv - ok 21:30:33.0613 3944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 21:30:33.0614 3944 avgntflt - ok 21:30:33.0641 3944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 21:30:33.0642 3944 avipbb - ok 21:30:33.0652 3944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 21:30:33.0652 3944 avkmgr - ok 21:30:33.0693 3944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 21:30:33.0694 3944 AxInstSV - ok 21:30:33.0730 3944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 21:30:33.0735 3944 b06bdrv - ok 21:30:33.0759 3944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 21:30:33.0761 3944 b57nd60a - ok 21:30:33.0832 3944 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 21:30:33.0841 3944 BBSvc - ok 21:30:33.0884 3944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 21:30:33.0885 3944 BDESVC - ok 21:30:33.0915 3944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 21:30:33.0915 3944 Beep - ok 21:30:33.0944 3944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 21:30:33.0951 3944 BFE - ok 21:30:33.0981 3944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 21:30:33.0990 3944 BITS - ok 21:30:34.0013 3944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 21:30:34.0013 3944 blbdrive - ok 21:30:34.0086 3944 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:30:34.0089 3944 Bonjour Service - ok 21:30:34.0134 3944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 21:30:34.0135 3944 bowser - ok 21:30:34.0171 3944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 21:30:34.0172 3944 BrFiltLo - ok 21:30:34.0175 3944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 21:30:34.0175 3944 BrFiltUp - ok 21:30:34.0190 3944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 21:30:34.0191 3944 Browser - ok 21:30:34.0321 3944 [ 0E39DB25920F7952C72A524565CCBAA6 ] Browser Manager C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe 21:30:34.0340 3944 Browser Manager - ok 21:30:34.0360 3944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 21:30:34.0362 3944 Brserid - ok 21:30:34.0365 3944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 21:30:34.0366 3944 BrSerWdm - ok 21:30:34.0382 3944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 21:30:34.0383 3944 BrUsbMdm - ok 21:30:34.0385 3944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 21:30:34.0386 3944 BrUsbSer - ok 21:30:34.0419 3944 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 21:30:34.0420 3944 BthEnum - ok 21:30:34.0428 3944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 21:30:34.0429 3944 BTHMODEM - ok 21:30:34.0451 3944 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 21:30:34.0452 3944 BthPan - ok 21:30:34.0487 3944 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 21:30:34.0492 3944 BTHPORT - ok 21:30:34.0526 3944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 21:30:34.0527 3944 bthserv - ok 21:30:34.0564 3944 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 21:30:34.0565 3944 BTHUSB - ok 21:30:34.0592 3944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 21:30:34.0594 3944 cdfs - ok 21:30:34.0613 3944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 21:30:34.0615 3944 cdrom - ok 21:30:34.0649 3944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 21:30:34.0650 3944 CertPropSvc - ok 21:30:34.0679 3944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 21:30:34.0680 3944 circlass - ok 21:30:34.0700 3944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 21:30:34.0704 3944 CLFS - ok 21:30:34.0754 3944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:30:34.0761 3944 clr_optimization_v2.0.50727_32 - ok 21:30:34.0798 3944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:30:34.0804 3944 clr_optimization_v2.0.50727_64 - ok 21:30:34.0862 3944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:30:34.0864 3944 clr_optimization_v4.0.30319_32 - ok 21:30:34.0892 3944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:30:34.0893 3944 clr_optimization_v4.0.30319_64 - ok 21:30:34.0934 3944 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys 21:30:34.0934 3944 clwvd - ok 21:30:34.0955 3944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 21:30:34.0956 3944 CmBatt - ok 21:30:34.0980 3944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 21:30:34.0980 3944 cmdide - ok 21:30:35.0018 3944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys 21:30:35.0022 3944 CNG - ok 21:30:35.0150 3944 [ 1C15404EA8FC42DAB8A7B3765ED53E58 ] CodeMeter.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe 21:30:35.0170 3944 CodeMeter.exe - ok 21:30:35.0220 3944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 21:30:35.0221 3944 Compbatt - ok 21:30:35.0249 3944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 21:30:35.0249 3944 CompositeBus - ok 21:30:35.0260 3944 COMSysApp - ok 21:30:35.0283 3944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 21:30:35.0283 3944 crcdisk - ok 21:30:35.0315 3944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 21:30:35.0317 3944 CryptSvc - ok 21:30:35.0346 3944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 21:30:35.0352 3944 DcomLaunch - ok 21:30:35.0390 3944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 21:30:35.0393 3944 defragsvc - ok 21:30:35.0412 3944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 21:30:35.0413 3944 DfsC - ok 21:30:35.0458 3944 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys 21:30:35.0459 3944 dg_ssudbus - ok 21:30:35.0495 3944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 21:30:35.0498 3944 Dhcp - ok 21:30:35.0507 3944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 21:30:35.0508 3944 discache - ok 21:30:35.0544 3944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 21:30:35.0544 3944 Disk - ok 21:30:35.0575 3944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 21:30:35.0583 3944 Dnscache - ok 21:30:35.0602 3944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 21:30:35.0604 3944 dot3svc - ok 21:30:35.0612 3944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 21:30:35.0614 3944 DPS - ok 21:30:35.0645 3944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 21:30:35.0646 3944 drmkaud - ok 21:30:35.0672 3944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 21:30:35.0678 3944 DXGKrnl - ok 21:30:35.0717 3944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 21:30:35.0719 3944 EapHost - ok 21:30:35.0786 3944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 21:30:35.0853 3944 ebdrv - ok 21:30:35.0888 3944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 21:30:35.0892 3944 EFS - ok 21:30:35.0966 3944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 21:30:35.0973 3944 ehRecvr - ok 21:30:35.0988 3944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 21:30:35.0989 3944 ehSched - ok 21:30:36.0031 3944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 21:30:36.0036 3944 elxstor - ok 21:30:36.0043 3944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 21:30:36.0044 3944 ErrDev - ok 21:30:36.0091 3944 [ 9D8739A2A2173C9D27C499A3FC6EDA3F ] ETD C:\windows\system32\DRIVERS\ETD.sys 21:30:36.0092 3944 ETD - ok 21:30:36.0136 3944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 21:30:36.0140 3944 EventSystem - ok 21:30:36.0161 3944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 21:30:36.0163 3944 exfat - ok 21:30:36.0183 3944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 21:30:36.0186 3944 fastfat - ok 21:30:36.0223 3944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 21:30:36.0230 3944 Fax - ok 21:30:36.0266 3944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 21:30:36.0267 3944 fdc - ok 21:30:36.0313 3944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 21:30:36.0314 3944 fdPHost - ok 21:30:36.0322 3944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 21:30:36.0323 3944 FDResPub - ok 21:30:36.0338 3944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 21:30:36.0338 3944 FileInfo - ok 21:30:36.0356 3944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 21:30:36.0357 3944 Filetrace - ok 21:30:36.0379 3944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 21:30:36.0380 3944 flpydisk - ok 21:30:36.0394 3944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 21:30:36.0397 3944 FltMgr - ok 21:30:36.0432 3944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 21:30:36.0444 3944 FontCache - ok 21:30:36.0487 3944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:30:36.0492 3944 FontCache3.0.0.0 - ok 21:30:36.0505 3944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 21:30:36.0505 3944 FsDepends - ok 21:30:36.0530 3944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 21:30:36.0530 3944 Fs_Rec - ok 21:30:36.0563 3944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 21:30:36.0565 3944 fvevol - ok 21:30:36.0597 3944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 21:30:36.0598 3944 gagp30kx - ok 21:30:36.0650 3944 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe 21:30:36.0664 3944 GameConsoleService - ok 21:30:36.0712 3944 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 21:30:36.0713 3944 GEARAspiWDM - ok 21:30:36.0750 3944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 21:30:36.0758 3944 gpsvc - ok 21:30:36.0837 3944 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:30:36.0839 3944 gupdate - ok 21:30:36.0844 3944 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:30:36.0845 3944 gupdatem - ok 21:30:36.0888 3944 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:30:36.0899 3944 gusvc - ok 21:30:36.0929 3944 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys 21:30:36.0930 3944 hamachi - ok 21:30:36.0973 3944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 21:30:36.0973 3944 hcw85cir - ok 21:30:36.0997 3944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 21:30:37.0000 3944 HdAudAddService - ok 21:30:37.0024 3944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 21:30:37.0025 3944 HDAudBus - ok 21:30:37.0050 3944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 21:30:37.0051 3944 HidBatt - ok 21:30:37.0055 3944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 21:30:37.0056 3944 HidBth - ok 21:30:37.0064 3944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 21:30:37.0065 3944 HidIr - ok 21:30:37.0082 3944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 21:30:37.0083 3944 hidserv - ok 21:30:37.0105 3944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 21:30:37.0105 3944 HidUsb - ok 21:30:37.0134 3944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 21:30:37.0135 3944 hkmsvc - ok 21:30:37.0169 3944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 21:30:37.0171 3944 HomeGroupListener - ok 21:30:37.0215 3944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 21:30:37.0218 3944 HomeGroupProvider - ok 21:30:37.0282 3944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 21:30:37.0283 3944 HpSAMD - ok 21:30:37.0317 3944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 21:30:37.0324 3944 HTTP - ok 21:30:37.0343 3944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 21:30:37.0344 3944 hwpolicy - ok 21:30:37.0371 3944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 21:30:37.0372 3944 i8042prt - ok 21:30:37.0403 3944 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 21:30:37.0406 3944 iaStor - ok 21:30:37.0441 3944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 21:30:37.0444 3944 iaStorV - ok 21:30:37.0486 3944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:30:37.0515 3944 idsvc - ok 21:30:37.0741 3944 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys 21:30:37.0955 3944 igfx - ok 21:30:37.0986 3944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 21:30:37.0986 3944 iirsp - ok 21:30:38.0020 3944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 21:30:38.0029 3944 IKEEXT - ok 21:30:38.0130 3944 [ 65F70696BE5ABC11634FCF96AF7D7896 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 21:30:38.0146 3944 IntcAzAudAddService - ok 21:30:38.0185 3944 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys 21:30:38.0189 3944 IntcDAud - ok 21:30:38.0207 3944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 21:30:38.0208 3944 intelide - ok 21:30:38.0239 3944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 21:30:38.0240 3944 intelppm - ok 21:30:38.0280 3944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 21:30:38.0282 3944 IPBusEnum - ok 21:30:38.0294 3944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 21:30:38.0295 3944 IpFilterDriver - ok 21:30:38.0346 3944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 21:30:38.0351 3944 iphlpsvc - ok 21:30:38.0355 3944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 21:30:38.0356 3944 IPMIDRV - ok 21:30:38.0386 3944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 21:30:38.0387 3944 IPNAT - ok 21:30:38.0482 3944 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 21:30:38.0488 3944 iPod Service - ok 21:30:38.0506 3944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 21:30:38.0506 3944 IRENUM - ok 21:30:38.0539 3944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 21:30:38.0539 3944 isapnp - ok 21:30:38.0553 3944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 21:30:38.0555 3944 iScsiPrt - ok 21:30:38.0579 3944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 21:30:38.0579 3944 kbdclass - ok 21:30:38.0590 3944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 21:30:38.0591 3944 kbdhid - ok 21:30:38.0621 3944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 21:30:38.0622 3944 KeyIso - ok 21:30:38.0646 3944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 21:30:38.0647 3944 KSecDD - ok 21:30:38.0665 3944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 21:30:38.0666 3944 KSecPkg - ok 21:30:38.0691 3944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 21:30:38.0691 3944 ksthunk - ok 21:30:38.0712 3944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 21:30:38.0726 3944 KtmRm - ok 21:30:38.0769 3944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 21:30:38.0772 3944 LanmanServer - ok 21:30:38.0791 3944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 21:30:38.0794 3944 LanmanWorkstation - ok 21:30:38.0821 3944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 21:30:38.0822 3944 lltdio - ok 21:30:38.0843 3944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 21:30:38.0852 3944 lltdsvc - ok 21:30:38.0870 3944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 21:30:38.0871 3944 lmhosts - ok 21:30:38.0943 3944 [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:30:38.0946 3944 LMS - ok 21:30:38.0977 3944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 21:30:38.0978 3944 LSI_FC - ok 21:30:39.0007 3944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 21:30:39.0008 3944 LSI_SAS - ok 21:30:39.0025 3944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 21:30:39.0025 3944 LSI_SAS2 - ok 21:30:39.0041 3944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 21:30:39.0042 3944 LSI_SCSI - ok 21:30:39.0064 3944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 21:30:39.0065 3944 luafv - ok 21:30:39.0094 3944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 21:30:39.0101 3944 Mcx2Svc - ok 21:30:39.0129 3944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 21:30:39.0130 3944 megasas - ok 21:30:39.0178 3944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 21:30:39.0180 3944 MegaSR - ok 21:30:39.0219 3944 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 21:30:39.0219 3944 MEIx64 - ok 21:30:39.0281 3944 Microsoft SharePoint Workspace Audit Service - ok 21:30:39.0326 3944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 21:30:39.0328 3944 MMCSS - ok 21:30:39.0334 3944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 21:30:39.0335 3944 Modem - ok 21:30:39.0359 3944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 21:30:39.0360 3944 monitor - ok 21:30:39.0385 3944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 21:30:39.0386 3944 mouclass - ok 21:30:39.0410 3944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 21:30:39.0410 3944 mouhid - ok 21:30:39.0423 3944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 21:30:39.0424 3944 mountmgr - ok 21:30:39.0446 3944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 21:30:39.0447 3944 mpio - ok 21:30:39.0464 3944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 21:30:39.0465 3944 mpsdrv - ok 21:30:39.0497 3944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 21:30:39.0512 3944 MpsSvc - ok 21:30:39.0523 3944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 21:30:39.0524 3944 MRxDAV - ok 21:30:39.0565 3944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 21:30:39.0567 3944 mrxsmb - ok 21:30:39.0607 3944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 21:30:39.0610 3944 mrxsmb10 - ok 21:30:39.0622 3944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 21:30:39.0623 3944 mrxsmb20 - ok 21:30:39.0644 3944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 21:30:39.0645 3944 msahci - ok 21:30:39.0659 3944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 21:30:39.0660 3944 msdsm - ok 21:30:39.0678 3944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 21:30:39.0686 3944 MSDTC - ok 21:30:39.0704 3944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 21:30:39.0705 3944 Msfs - ok 21:30:39.0717 3944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 21:30:39.0717 3944 mshidkmdf - ok 21:30:39.0723 3944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 21:30:39.0724 3944 msisadrv - ok 21:30:39.0750 3944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 21:30:39.0758 3944 MSiSCSI - ok 21:30:39.0760 3944 msiserver - ok 21:30:39.0795 3944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 21:30:39.0795 3944 MSKSSRV - ok 21:30:39.0804 3944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 21:30:39.0805 3944 MSPCLOCK - ok 21:30:39.0814 3944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 21:30:39.0815 3944 MSPQM - ok 21:30:39.0836 3944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 21:30:39.0839 3944 MsRPC - ok 21:30:39.0857 3944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 21:30:39.0858 3944 mssmbios - ok 21:30:39.0878 3944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 21:30:39.0879 3944 MSTEE - ok 21:30:39.0906 3944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 21:30:39.0907 3944 MTConfig - ok 21:30:39.0919 3944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 21:30:39.0920 3944 Mup - ok 21:30:39.0947 3944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 21:30:39.0952 3944 napagent - ok 21:30:39.0978 3944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 21:30:39.0981 3944 NativeWifiP - ok 21:30:40.0030 3944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 21:30:40.0039 3944 NDIS - ok 21:30:40.0074 3944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 21:30:40.0074 3944 NdisCap - ok 21:30:40.0099 3944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 21:30:40.0100 3944 NdisTapi - ok 21:30:40.0113 3944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 21:30:40.0114 3944 Ndisuio - ok 21:30:40.0127 3944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 21:30:40.0129 3944 NdisWan - ok 21:30:40.0153 3944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 21:30:40.0154 3944 NDProxy - ok 21:30:40.0176 3944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 21:30:40.0177 3944 NetBIOS - ok 21:30:40.0183 3944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 21:30:40.0185 3944 NetBT - ok 21:30:40.0198 3944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 21:30:40.0200 3944 Netlogon - ok 21:30:40.0240 3944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 21:30:40.0244 3944 Netman - ok 21:30:40.0292 3944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:40.0301 3944 NetMsmqActivator - ok 21:30:40.0323 3944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:40.0324 3944 NetPipeActivator - ok 21:30:40.0347 3944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 21:30:40.0351 3944 netprofm - ok 21:30:40.0371 3944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:40.0372 3944 NetTcpActivator - ok 21:30:40.0375 3944 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:30:40.0377 3944 NetTcpPortSharing - ok 21:30:40.0541 3944 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys 21:30:40.0686 3944 NETwNs64 - ok 21:30:40.0715 3944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 21:30:40.0715 3944 nfrd960 - ok 21:30:40.0769 3944 [ 0ECAAFE210CD89D14992A53300FEBF45 ] NIWinCDEmu C:\windows\system32\DRIVERS\NIWinCDEmu.sys 21:30:40.0770 3944 NIWinCDEmu - ok 21:30:40.0819 3944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 21:30:40.0823 3944 NlaSvc - ok 21:30:40.0839 3944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 21:30:40.0839 3944 Npfs - ok 21:30:40.0857 3944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 21:30:40.0858 3944 nsi - ok 21:30:40.0879 3944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 21:30:40.0880 3944 nsiproxy - ok 21:30:40.0935 3944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 21:30:40.0952 3944 Ntfs - ok 21:30:40.0966 3944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 21:30:40.0967 3944 Null - ok 21:30:41.0215 3944 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 21:30:41.0287 3944 nvlddmkm - ok 21:30:41.0326 3944 [ 1891184D09E8C16042E57D5373E4268E ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys 21:30:41.0327 3944 nvpciflt - ok 21:30:41.0373 3944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 21:30:41.0375 3944 nvraid - ok 21:30:41.0396 3944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 21:30:41.0397 3944 nvstor - ok 21:30:41.0467 3944 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\windows\system32\nvvsvc.exe 21:30:41.0474 3944 nvsvc - ok 21:30:41.0546 3944 [ 322B69422836F97B76F4AA59B47507BA ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 21:30:41.0556 3944 nvUpdatusService - ok 21:30:41.0599 3944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 21:30:41.0600 3944 nv_agp - ok 21:30:41.0605 3944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 21:30:41.0606 3944 ohci1394 - ok 21:30:41.0676 3944 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:30:41.0685 3944 ose - ok 21:30:41.0814 3944 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:30:41.0949 3944 osppsvc - ok 21:30:41.0983 3944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 21:30:41.0988 3944 p2pimsvc - ok 21:30:42.0002 3944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 21:30:42.0007 3944 p2psvc - ok 21:30:42.0043 3944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 21:30:42.0044 3944 Parport - ok 21:30:42.0070 3944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 21:30:42.0071 3944 partmgr - ok 21:30:42.0091 3944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 21:30:42.0094 3944 PcaSvc - ok 21:30:42.0117 3944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 21:30:42.0119 3944 pci - ok 21:30:42.0128 3944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 21:30:42.0129 3944 pciide - ok 21:30:42.0144 3944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 21:30:42.0146 3944 pcmcia - ok 21:30:42.0154 3944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 21:30:42.0155 3944 pcw - ok 21:30:42.0182 3944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 21:30:42.0188 3944 PEAUTH - ok 21:30:42.0270 3944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 21:30:42.0271 3944 PerfHost - ok 21:30:42.0325 3944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 21:30:42.0340 3944 pla - ok 21:30:42.0403 3944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 21:30:42.0408 3944 PlugPlay - ok 21:30:42.0423 3944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 21:30:42.0424 3944 PNRPAutoReg - ok 21:30:42.0450 3944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 21:30:42.0453 3944 PNRPsvc - ok 21:30:42.0481 3944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 21:30:42.0492 3944 PolicyAgent - ok 21:30:42.0509 3944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 21:30:42.0511 3944 Power - ok 21:30:42.0541 3944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 21:30:42.0542 3944 PptpMiniport - ok 21:30:42.0558 3944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 21:30:42.0559 3944 Processor - ok 21:30:42.0583 3944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 21:30:42.0586 3944 ProfSvc - ok 21:30:42.0599 3944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 21:30:42.0600 3944 ProtectedStorage - ok 21:30:42.0625 3944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 21:30:42.0627 3944 Psched - ok 21:30:42.0686 3944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 21:30:42.0702 3944 ql2300 - ok 21:30:42.0719 3944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 21:30:42.0720 3944 ql40xx - ok 21:30:42.0738 3944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 21:30:42.0742 3944 QWAVE - ok 21:30:42.0760 3944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 21:30:42.0761 3944 QWAVEdrv - ok 21:30:42.0773 3944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 21:30:42.0773 3944 RasAcd - ok 21:30:42.0804 3944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 21:30:42.0805 3944 RasAgileVpn - ok 21:30:42.0825 3944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 21:30:42.0828 3944 RasAuto - ok 21:30:42.0849 3944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 21:30:42.0850 3944 Rasl2tp - ok 21:30:42.0877 3944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 21:30:42.0881 3944 RasMan - ok 21:30:42.0911 3944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 21:30:42.0913 3944 RasPppoe - ok 21:30:42.0925 3944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 21:30:42.0925 3944 RasSstp - ok 21:30:42.0945 3944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 21:30:42.0948 3944 rdbss - ok 21:30:42.0977 3944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 21:30:42.0978 3944 rdpbus - ok 21:30:42.0992 3944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 21:30:42.0992 3944 RDPCDD - ok 21:30:43.0008 3944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 21:30:43.0008 3944 RDPENCDD - ok 21:30:43.0013 3944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 21:30:43.0014 3944 RDPREFMP - ok 21:30:43.0041 3944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 21:30:43.0043 3944 RDPWD - ok 21:30:43.0069 3944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 21:30:43.0071 3944 rdyboost - ok 21:30:43.0091 3944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 21:30:43.0093 3944 RemoteAccess - ok 21:30:43.0119 3944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 21:30:43.0122 3944 RemoteRegistry - ok 21:30:43.0175 3944 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 21:30:43.0177 3944 RFCOMM - ok 21:30:43.0276 3944 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 21:30:43.0279 3944 RichVideo - ok 21:30:43.0289 3944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 21:30:43.0291 3944 RpcEptMapper - ok 21:30:43.0306 3944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 21:30:43.0307 3944 RpcLocator - ok 21:30:43.0335 3944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 21:30:43.0340 3944 RpcSs - ok 21:30:43.0372 3944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 21:30:43.0373 3944 rspndr - ok 21:30:43.0415 3944 [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys 21:30:43.0417 3944 RTL8167 - ok 21:30:43.0436 3944 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys 21:30:43.0437 3944 SABI - ok 21:30:43.0443 3944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 21:30:43.0445 3944 SamSs - ok 21:30:43.0487 3944 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe 21:30:43.0498 3944 Samsung UPD Service - ok 21:30:43.0516 3944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 21:30:43.0517 3944 sbp2port - ok 21:30:43.0545 3944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 21:30:43.0548 3944 SCardSvr - ok 21:30:43.0556 3944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 21:30:43.0557 3944 scfilter - ok 21:30:43.0582 3944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 21:30:43.0592 3944 Schedule - ok 21:30:43.0616 3944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 21:30:43.0617 3944 SCPolicySvc - ok 21:30:43.0642 3944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 21:30:43.0645 3944 SDRSVC - ok 21:30:43.0712 3944 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 21:30:43.0714 3944 SeaPort - ok 21:30:43.0743 3944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 21:30:43.0744 3944 secdrv - ok 21:30:43.0765 3944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 21:30:43.0766 3944 seclogon - ok 21:30:43.0795 3944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 21:30:43.0797 3944 SENS - ok 21:30:43.0811 3944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 21:30:43.0813 3944 SensrSvc - ok 21:30:43.0844 3944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys 21:30:43.0844 3944 Serenum - ok 21:30:43.0866 3944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys 21:30:43.0867 3944 Serial - ok 21:30:43.0886 3944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 21:30:43.0886 3944 sermouse - ok 21:30:43.0922 3944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 21:30:43.0925 3944 SessionEnv - ok 21:30:43.0928 3944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 21:30:43.0928 3944 sffdisk - ok 21:30:43.0935 3944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 21:30:43.0936 3944 sffp_mmc - ok 21:30:43.0939 3944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 21:30:43.0939 3944 sffp_sd - ok 21:30:43.0952 3944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 21:30:43.0952 3944 sfloppy - ok 21:30:43.0980 3944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 21:30:43.0984 3944 SharedAccess - ok 21:30:44.0002 3944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 21:30:44.0005 3944 ShellHWDetection - ok 21:30:44.0030 3944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 21:30:44.0031 3944 SiSRaid2 - ok 21:30:44.0038 3944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 21:30:44.0039 3944 SiSRaid4 - ok 21:30:44.0099 3944 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:30:44.0139 3944 SkypeUpdate - ok 21:30:44.0165 3944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 21:30:44.0166 3944 Smb - ok 21:30:44.0195 3944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 21:30:44.0197 3944 SNMPTRAP - ok 21:30:44.0215 3944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 21:30:44.0215 3944 spldr - ok 21:30:44.0239 3944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 21:30:44.0243 3944 Spooler - ok 21:30:44.0316 3944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 21:30:44.0378 3944 sppsvc - ok 21:30:44.0386 3944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 21:30:44.0388 3944 sppuinotify - ok 21:30:44.0433 3944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 21:30:44.0437 3944 srv - ok 21:30:44.0459 3944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 21:30:44.0462 3944 srv2 - ok 21:30:44.0495 3944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 21:30:44.0497 3944 srvnet - ok 21:30:44.0530 3944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 21:30:44.0533 3944 SSDPSRV - ok 21:30:44.0549 3944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 21:30:44.0551 3944 SstpSvc - ok 21:30:44.0589 3944 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys 21:30:44.0591 3944 ssudmdm - ok 21:30:44.0622 3944 Steam Client Service - ok 21:30:44.0653 3944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 21:30:44.0653 3944 stexstor - ok 21:30:44.0698 3944 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys 21:30:44.0699 3944 StillCam - ok 21:30:44.0737 3944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 21:30:44.0744 3944 stisvc - ok 21:30:44.0761 3944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 21:30:44.0762 3944 swenum - ok 21:30:44.0790 3944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 21:30:44.0797 3944 swprv - ok 21:30:44.0839 3944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 21:30:44.0857 3944 SysMain - ok 21:30:44.0873 3944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 21:30:44.0875 3944 TabletInputService - ok 21:30:44.0891 3944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 21:30:44.0895 3944 TapiSrv - ok 21:30:44.0902 3944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 21:30:44.0904 3944 TBS - ok 21:30:44.0972 3944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 21:30:44.0992 3944 Tcpip - ok 21:30:45.0038 3944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 21:30:45.0049 3944 TCPIP6 - ok 21:30:45.0081 3944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 21:30:45.0082 3944 tcpipreg - ok 21:30:45.0110 3944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 21:30:45.0111 3944 TDPIPE - ok 21:30:45.0137 3944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 21:30:45.0138 3944 TDTCP - ok 21:30:45.0173 3944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 21:30:45.0174 3944 tdx - ok 21:30:45.0192 3944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 21:30:45.0193 3944 TermDD - ok 21:30:45.0220 3944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 21:30:45.0228 3944 TermService - ok 21:30:45.0253 3944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 21:30:45.0255 3944 Themes - ok 21:30:45.0304 3944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 21:30:45.0306 3944 THREADORDER - ok 21:30:45.0324 3944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 21:30:45.0327 3944 TrkWks - ok 21:30:45.0380 3944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 21:30:45.0382 3944 TrustedInstaller - ok 21:30:45.0397 3944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 21:30:45.0398 3944 tssecsrv - ok 21:30:45.0428 3944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 21:30:45.0429 3944 TsUsbFlt - ok 21:30:45.0441 3944 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 21:30:45.0442 3944 TsUsbGD - ok 21:30:45.0467 3944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 21:30:45.0468 3944 tunnel - ok 21:30:45.0505 3944 [ 48743B69EA47C020A792D8649F753F44 ] TurboB C:\windows\system32\DRIVERS\TurboB.sys 21:30:45.0506 3944 TurboB - ok 21:30:45.0557 3944 [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 21:30:45.0567 3944 TurboBoost - ok 21:30:45.0599 3944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 21:30:45.0600 3944 uagp35 - ok 21:30:45.0623 3944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 21:30:45.0626 3944 udfs - ok 21:30:45.0653 3944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 21:30:45.0655 3944 UI0Detect - ok 21:30:45.0686 3944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 21:30:45.0687 3944 uliagpkx - ok 21:30:45.0714 3944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 21:30:45.0714 3944 umbus - ok 21:30:45.0730 3944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 21:30:45.0730 3944 UmPass - ok 21:30:45.0864 3944 [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:30:45.0888 3944 UNS - ok 21:30:45.0918 3944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 21:30:45.0923 3944 upnphost - ok 21:30:45.0976 3944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 21:30:45.0977 3944 usbaudio - ok 21:30:46.0004 3944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 21:30:46.0005 3944 usbccgp - ok 21:30:46.0036 3944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 21:30:46.0037 3944 usbcir - ok 21:30:46.0052 3944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 21:30:46.0052 3944 usbehci - ok 21:30:46.0103 3944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 21:30:46.0107 3944 usbhub - ok 21:30:46.0116 3944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 21:30:46.0117 3944 usbohci - ok 21:30:46.0135 3944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys 21:30:46.0136 3944 usbprint - ok 21:30:46.0161 3944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 21:30:46.0162 3944 USBSTOR - ok 21:30:46.0208 3944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 21:30:46.0209 3944 usbuhci - ok 21:30:46.0240 3944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 21:30:46.0242 3944 usbvideo - ok 21:30:46.0264 3944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 21:30:46.0270 3944 UxSms - ok 21:30:46.0299 3944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 21:30:46.0300 3944 VaultSvc - ok 21:30:46.0332 3944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 21:30:46.0332 3944 vdrvroot - ok 21:30:46.0350 3944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 21:30:46.0357 3944 vds - ok 21:30:46.0379 3944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 21:30:46.0380 3944 vga - ok 21:30:46.0393 3944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 21:30:46.0394 3944 VgaSave - ok 21:30:46.0424 3944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 21:30:46.0426 3944 vhdmp - ok 21:30:46.0434 3944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 21:30:46.0435 3944 viaide - ok 21:30:46.0461 3944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 21:30:46.0462 3944 volmgr - ok 21:30:46.0477 3944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 21:30:46.0481 3944 volmgrx - ok 21:30:46.0493 3944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 21:30:46.0496 3944 volsnap - ok 21:30:46.0528 3944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 21:30:46.0529 3944 vsmraid - ok 21:30:46.0577 3944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 21:30:46.0592 3944 VSS - ok 21:30:46.0602 3944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 21:30:46.0603 3944 vwifibus - ok 21:30:46.0652 3944 [ 13A0DECD1794DE60A8427862C8669D27 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 21:30:46.0653 3944 vwififlt - ok 21:30:46.0682 3944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 21:30:46.0687 3944 W32Time - ok 21:30:46.0702 3944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 21:30:46.0703 3944 WacomPen - ok 21:30:46.0721 3944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 21:30:46.0722 3944 WANARP - ok 21:30:46.0725 3944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 21:30:46.0726 3944 Wanarpv6 - ok 21:30:46.0792 3944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 21:30:46.0822 3944 WatAdminSvc - ok 21:30:46.0869 3944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 21:30:46.0885 3944 wbengine - ok 21:30:46.0903 3944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 21:30:46.0906 3944 WbioSrvc - ok 21:30:46.0933 3944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 21:30:46.0938 3944 wcncsvc - ok 21:30:46.0949 3944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 21:30:46.0951 3944 WcsPlugInService - ok 21:30:46.0975 3944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 21:30:46.0976 3944 Wd - ok 21:30:47.0009 3944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 21:30:47.0017 3944 Wdf01000 - ok 21:30:47.0037 3944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 21:30:47.0039 3944 WdiServiceHost - ok 21:30:47.0043 3944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 21:30:47.0045 3944 WdiSystemHost - ok 21:30:47.0060 3944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 21:30:47.0063 3944 WebClient - ok 21:30:47.0076 3944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 21:30:47.0079 3944 Wecsvc - ok 21:30:47.0099 3944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 21:30:47.0101 3944 wercplsupport - ok 21:30:47.0115 3944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 21:30:47.0118 3944 WerSvc - ok 21:30:47.0154 3944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 21:30:47.0155 3944 WfpLwf - ok 21:30:47.0169 3944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 21:30:47.0170 3944 WIMMount - ok 21:30:47.0190 3944 WinDefend - ok 21:30:47.0196 3944 WinHttpAutoProxySvc - ok 21:30:47.0243 3944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 21:30:47.0246 3944 Winmgmt - ok 21:30:47.0306 3944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 21:30:47.0329 3944 WinRM - ok 21:30:47.0405 3944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 21:30:47.0405 3944 WinUsb - ok 21:30:47.0443 3944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 21:30:47.0452 3944 Wlansvc - ok 21:30:47.0514 3944 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 21:30:47.0521 3944 wlcrasvc - ok 21:30:47.0616 3944 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:30:47.0637 3944 wlidsvc - ok 21:30:47.0653 3944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 21:30:47.0654 3944 WmiAcpi - ok 21:30:47.0682 3944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 21:30:47.0684 3944 wmiApSrv - ok 21:30:47.0712 3944 WMPNetworkSvc - ok 21:30:47.0753 3944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 21:30:47.0755 3944 WPCSvc - ok 21:30:47.0765 3944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 21:30:47.0767 3944 WPDBusEnum - ok 21:30:47.0779 3944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 21:30:47.0780 3944 ws2ifsl - ok 21:30:47.0792 3944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 21:30:47.0794 3944 wscsvc - ok 21:30:47.0798 3944 WSearch - ok 21:30:47.0859 3944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 21:30:47.0885 3944 wuauserv - ok 21:30:47.0919 3944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 21:30:47.0920 3944 WudfPf - ok 21:30:47.0950 3944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 21:30:47.0952 3944 WUDFRd - ok 21:30:47.0966 3944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 21:30:47.0968 3944 wudfsvc - ok 21:30:47.0999 3944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 21:30:48.0003 3944 WwanSvc - ok 21:30:48.0033 3944 ================ Scan global =============================== 21:30:48.0061 3944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 21:30:48.0106 3944 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 21:30:48.0118 3944 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll 21:30:48.0142 3944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 21:30:48.0157 3944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 21:30:48.0160 3944 [Global] - ok 21:30:48.0160 3944 ================ Scan MBR ================================== 21:30:48.0167 3944 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 21:30:48.0447 3944 \Device\Harddisk0\DR0 - ok 21:30:48.0448 3944 ================ Scan VBR ================================== 21:30:48.0453 3944 [ A6E204B39A5CBAA29A2851ADFA33E058 ] \Device\Harddisk0\DR0\Partition1 21:30:48.0455 3944 \Device\Harddisk0\DR0\Partition1 - ok 21:30:48.0466 3944 [ 07062ADF7EE6EE0C92BBED93AEAF17B8 ] \Device\Harddisk0\DR0\Partition2 21:30:48.0468 3944 \Device\Harddisk0\DR0\Partition2 - ok 21:30:48.0493 3944 [ 93E34A4462BB759563D076B409DA6511 ] \Device\Harddisk0\DR0\Partition3 21:30:48.0495 3944 \Device\Harddisk0\DR0\Partition3 - ok 21:30:48.0495 3944 ============================================================ 21:30:48.0495 3944 Scan finished 21:30:48.0495 3944 ============================================================ 21:30:48.0504 1504 Detected object count: 0 21:30:48.0504 1504 Actual detected object count: 0 21:31:57.0544 5924 Deinitialize success Sollte ich die in "Codes" setzen" oder ist es so ok? |
Servus, du hast alles richtig gemacht. :daumenhoc Es kann sein, dass AdwCleaner und JRT deinen Rechner mehrmals neu starten, um den Löschvorgang abzuschließen, also keine Sorge, wenn das der Fall sein sollte. ;) Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. http://imageshack.us/a/img841/7292/thisisujrt.gif Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
Hallo, hier die Dateien. Vorher noch ne Frage, kann ich zwischendurch den PC immer ganz normal nutzen? Mein Sohn hat zwischendurch Dota gespielt. und noch eine...und...war auch auf diesem Laptop ein Schädling??? AwDCleaner # AdwCleaner v2.100 - Datei am 14/12/2012 um 20:00:44 erstellt # Aktualisiert am 09/12/2012 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Lukas - LUKAS-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Lukas\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** Gestoppt & Gelöscht : Browser Manager ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Gelöscht mit Neustart : C:\ProgramData\Browser Manager Ordner Gelöscht : C:\Program Files (x86)\Conduit Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Lukas\AppData\Local\Conduit Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\BabylonToolbar Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Conduit Ordner Gelöscht : C:\Users\Lukas\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Lukas\AppData\Roaming\yourfiledownloader ***** [Registrierungsdatenbank] ***** Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23762~1.17\{16cdf~1\browse~1.dll Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\DataMngr Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\Software\Conduit Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope] Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/MON00032/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com ************************* AdwCleaner[S1].txt - [3918 octets] - [14/12/2012 20:00:44] ########## EOF - C:\AdwCleaner[S1].txt - [3978 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.1.3 (12.14.2012:1) OS: Windows 7 Home Premium x64 Ran by Lukas on 14.12.2012 at 20:05:34,60 Blog: Malware Analysis and Removal ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.12.2012 at 20:11:27,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Combofix Combofix Logfile: Code: ComboFix 12-12-14.01 - Lukas 14.12.2012 20:16:22.1.8 - x64 |
Servus, Zitat:
Zitat:
Schlimmere Infektionen konnte ich bislang auf diesem 2. Laptop nicht finden. Wir lassen auf dem 2. Laptop noch OTL zur Analyse laufen: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code: activex
|
Hallo Matthias, wie kann ich sicher gehen, dass alle Programme geschlossen sind? Es war noch der Haken bei "Inclusive 64 bit Scans", habe ich gelassen. Hier die Dateien OTL TextOTL Logfile: Code: OTL logfile created on: 12/15/2012 11:50:42 AM - Run 1 |
Beitrag wäre zu groß geworden, habe es auf zwei aufgeteilt. OTL ExtrasOTL EXTRAS Logfile: Code: OTL Extras logfile created on: 12/15/2012 11:50:42 AM - Run 1 |
Servus, alle Programme sind geschlossen, wenn du halt auf der Taskleiste keine Programme mehr siehst bzw. dort halt keine Programme mehr angezeigt sind. :) Ein paar Reste müssen wir noch entfernen und dann kontrollieren wir auf dem 2. Laptop gleich noch alles. :) Schritt 1 Fixen mit OTL
Code: :OTL
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, hier die Dateien. Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free anti-malware download Datenbank Version: v2012.12.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lukas :: LUKAS-PC [Administrator] 15.12.2012 12:41:41 mbam-log-2012-12-15 (12-41-41).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 253136 Laufzeit: 3 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=a1d2fbe1393fc04ca9af6a8db18cc643 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-16 10:23:31 # local_time=2012-12-16 11:23:31 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 99 154748 101423894 147529 0 # compatibility_mode=5893 16776573 100 94 73881 107283261 0 0 # scanned=252784 # found=0 # cleaned=0 # scan_time=11562 Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 JavaFX 2.1.1 Java 7 Update 9 Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader und lade dir die neue Version von Hier herunter- Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome. Schritt 2 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 3 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code: Combofix /UninstallDamit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 4 Downloade dir bitte delfix auf deinen Desktop.
Schritt 5 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. |
Hallo Matthias, hat wunderbar geklappt. Vielen Dank. Könntest Du mich auch noch beim PC unterstützen bzw. anschliessend noch den PC mit XP? |
Servus, Zitat:
:hallo: Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, hier die Dateien. aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-16 20:50:09 ----------------------------- 20:50:09.537 OS Version: Windows x64 6.1.7601 Service Pack 1 20:50:09.537 Number of processors: 2 586 0x602 20:50:09.537 ComputerName: USER1-PC UserName: user1_2 20:50:10.566 Initialize success 20:50:13.116 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 20:50:13.116 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 11 20:50:13.116 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-7 20:50:13.132 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11 20:50:13.132 Disk 0 MBR read successfully 20:50:13.148 Disk 0 MBR scan 20:50:13.148 Disk 0 Windows 7 default MBR code 20:50:13.163 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 20:50:13.179 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 206879 MB offset 206848 20:50:13.194 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269958 MB offset 423895040 20:50:13.194 Disk 0 scanning C:\Windows\system32\drivers 20:50:19.107 Service scanning 20:50:32.008 Modules scanning 20:50:32.024 Disk 0 trace - called modules: 20:50:32.554 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 20:50:32.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004946060] 20:50:32.570 3 CLASSPNP.SYS[fffff8800197c43f] -> nt!IofCallDriver -> [0xfffffa8004718520] 20:50:32.585 5 ACPI.sys[fffff88000f477a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80047ce1f0] 20:50:32.601 Scan finished successfully 20:50:40.198 Disk 0 MBR has been saved successfully to "C:\MBR.dat" 20:50:40.198 The log file has been saved successfully to "C:\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-12-16 21:01:32 ----------------------------- 21:01:32.521 OS Version: Windows x64 6.1.7601 Service Pack 1 21:01:32.521 Number of processors: 2 586 0x602 21:01:32.521 ComputerName: USER1-PC UserName: user1_2 21:01:33.816 Initialize success 21:01:36.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 21:01:36.246 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ10001 Size: 476940MB BusType: 11 21:01:36.246 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-7 21:01:36.261 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 11 21:01:36.277 Disk 0 MBR read successfully 21:01:36.277 Disk 0 MBR scan 21:01:36.277 Disk 0 Windows 7 default MBR code 21:01:36.277 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:01:36.292 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 206879 MB offset 206848 21:01:36.308 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 269958 MB offset 423895040 21:01:36.324 Disk 0 scanning C:\Windows\system32\drivers 21:01:44.982 Service scanning 21:01:59.692 Modules scanning 21:01:59.708 Disk 0 trace - called modules: 21:01:59.724 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:01:59.739 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004968700] 21:01:59.739 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80046d11e0] 21:01:59.739 5 ACPI.sys[fffff88000f157a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa8004468060] 21:01:59.755 Scan finished successfully 21:02:23.716 Disk 0 MBR has been saved successfully to "C:\Users\user1_2\Desktop\MBR.dat" 21:02:23.732 The log file has been saved successfully to "C:\Users\user1_2\Desktop\aswMBR.txt" 21:02:40.426 Disk 0 MBR has been saved successfully to "C:\MBR.dat" 21:02:40.441 The log file has been saved successfully to "C:\aswMBR.txt" 20:29:35.0552 1472 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:29:35.0864 1472 ============================================================ 20:29:35.0864 1472 Current date / time: 2012/12/16 20:29:35.0864 20:29:35.0864 1472 SystemInfo: 20:29:35.0864 1472 20:29:35.0864 1472 OS Version: 6.1.7601 ServicePack: 1.0 20:29:35.0864 1472 Product type: Workstation 20:29:35.0864 1472 ComputerName: USER1-PC 20:29:35.0864 1472 UserName: user1_2 20:29:35.0864 1472 Windows directory: C:\Windows 20:29:35.0864 1472 System windows directory: C:\Windows 20:29:35.0864 1472 Running under WOW64 20:29:35.0864 1472 Processor architecture: Intel x64 20:29:35.0864 1472 Number of processors: 2 20:29:35.0864 1472 Page size: 0x1000 20:29:35.0864 1472 Boot type: Normal boot 20:29:35.0864 1472 ============================================================ 20:29:36.0832 1472 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040 20:29:36.0832 1472 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040 20:29:36.0878 1472 ============================================================ 20:29:36.0878 1472 \Device\Harddisk0\DR0: 20:29:36.0878 1472 MBR partitions: 20:29:36.0878 1472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:29:36.0878 1472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1940F800 20:29:36.0878 1472 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19442000, BlocksNum 0x20F43000 20:29:36.0878 1472 \Device\Harddisk1\DR1: 20:29:36.0878 1472 MBR partitions: 20:29:36.0878 1472 ============================================================ 20:29:36.0956 1472 C: <-> \Device\Harddisk0\DR0\Partition2 20:29:37.0284 1472 D: <-> \Device\Harddisk0\DR0\Partition3 20:29:37.0284 1472 ============================================================ 20:29:37.0284 1472 Initialize success 20:29:37.0284 1472 ============================================================ 20:29:46.0753 2304 ============================================================ 20:29:46.0753 2304 Scan started 20:29:46.0753 2304 Mode: Manual; 20:29:46.0753 2304 ============================================================ 20:29:47.0627 2304 ================ Scan system memory ======================== 20:29:47.0627 2304 System memory - ok 20:29:47.0627 2304 ================ Scan services ============================= 20:29:47.0892 2304 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:29:47.0892 2304 1394ohci - ok 20:29:47.0970 2304 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:29:47.0970 2304 ACPI - ok 20:29:48.0001 2304 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:29:48.0001 2304 AcpiPmi - ok 20:29:48.0048 2304 [ 5C4219C10B5887DFF85E1D2779AED55B ] ActionReplayDS C:\Windows\system32\Drivers\ActionReplayDS_x64.sys 20:29:48.0048 2304 ActionReplayDS - ok 20:29:48.0220 2304 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:29:48.0220 2304 AdobeARMservice - ok 20:29:48.0266 2304 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:29:48.0266 2304 adp94xx - ok 20:29:48.0298 2304 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:29:48.0313 2304 adpahci - ok 20:29:48.0329 2304 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:29:48.0329 2304 adpu320 - ok 20:29:48.0376 2304 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:29:48.0376 2304 AeLookupSvc - ok 20:29:48.0422 2304 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:29:48.0422 2304 AFD - ok 20:29:48.0469 2304 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:29:48.0469 2304 agp440 - ok 20:29:48.0485 2304 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:29:48.0485 2304 ALG - ok 20:29:48.0485 2304 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:29:48.0500 2304 aliide - ok 20:29:48.0516 2304 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:29:48.0516 2304 AMD External Events Utility - ok 20:29:48.0532 2304 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:29:48.0532 2304 amdide - ok 20:29:48.0547 2304 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:29:48.0547 2304 AmdK8 - ok 20:29:48.0578 2304 [ C27E46C19D5A48CA02C11E3C9B58F4C1 ] AmdLLD64 C:\Windows\system32\DRIVERS\AmdLLD64.sys 20:29:48.0578 2304 AmdLLD64 - ok 20:29:48.0594 2304 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:29:48.0594 2304 AmdPPM - ok 20:29:48.0610 2304 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:29:48.0610 2304 amdsata - ok 20:29:48.0641 2304 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:29:48.0641 2304 amdsbs - ok 20:29:48.0656 2304 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:29:48.0656 2304 amdxata - ok 20:29:48.0734 2304 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 20:29:48.0734 2304 AntiVirSchedulerService - ok 20:29:48.0797 2304 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 20:29:48.0797 2304 AntiVirService - ok 20:29:48.0859 2304 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:29:48.0859 2304 AppID - ok 20:29:48.0890 2304 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:29:48.0906 2304 AppIDSvc - ok 20:29:48.0937 2304 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:29:48.0937 2304 Appinfo - ok 20:29:48.0968 2304 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:29:48.0968 2304 arc - ok 20:29:48.0984 2304 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:29:48.0984 2304 arcsas - ok 20:29:49.0000 2304 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:29:49.0000 2304 AsyncMac - ok 20:29:49.0031 2304 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:29:49.0031 2304 atapi - ok 20:29:49.0187 2304 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:29:49.0249 2304 atikmdag - ok 20:29:49.0296 2304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:29:49.0296 2304 AudioEndpointBuilder - ok 20:29:49.0312 2304 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:29:49.0312 2304 AudioSrv - ok 20:29:49.0374 2304 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 20:29:49.0374 2304 avgntflt - ok 20:29:49.0421 2304 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 20:29:49.0421 2304 avipbb - ok 20:29:49.0436 2304 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 20:29:49.0436 2304 avkmgr - ok 20:29:49.0499 2304 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:29:49.0499 2304 AxInstSV - ok 20:29:49.0530 2304 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:29:49.0546 2304 b06bdrv - ok 20:29:49.0577 2304 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:29:49.0592 2304 b57nd60a - ok 20:29:49.0639 2304 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:29:49.0639 2304 BDESVC - ok 20:29:49.0655 2304 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:29:49.0655 2304 Beep - ok 20:29:49.0733 2304 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:29:49.0748 2304 BFE - ok 20:29:49.0795 2304 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:29:49.0795 2304 BITS - ok 20:29:49.0826 2304 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:29:49.0826 2304 blbdrive - ok 20:29:49.0873 2304 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:29:49.0873 2304 bowser - ok 20:29:49.0904 2304 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:29:49.0904 2304 BrFiltLo - ok 20:29:49.0936 2304 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:29:49.0936 2304 BrFiltUp - ok 20:29:49.0998 2304 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:29:49.0998 2304 Browser - ok 20:29:50.0060 2304 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:29:50.0060 2304 Brserid - ok 20:29:50.0092 2304 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:29:50.0092 2304 BrSerWdm - ok 20:29:50.0123 2304 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:29:50.0123 2304 BrUsbMdm - ok 20:29:50.0123 2304 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:29:50.0123 2304 BrUsbSer - ok 20:29:50.0154 2304 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:29:50.0154 2304 BTHMODEM - ok 20:29:50.0185 2304 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:29:50.0185 2304 bthserv - ok 20:29:50.0201 2304 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:29:50.0201 2304 cdfs - ok 20:29:50.0232 2304 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:29:50.0232 2304 cdrom - ok 20:29:50.0279 2304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:29:50.0279 2304 CertPropSvc - ok 20:29:50.0294 2304 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:29:50.0310 2304 circlass - ok 20:29:50.0341 2304 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:29:50.0357 2304 CLFS - ok 20:29:50.0497 2304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:29:50.0513 2304 clr_optimization_v2.0.50727_32 - ok 20:29:50.0560 2304 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:29:50.0575 2304 clr_optimization_v2.0.50727_64 - ok 20:29:50.0653 2304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:29:50.0653 2304 clr_optimization_v4.0.30319_32 - ok 20:29:50.0716 2304 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:29:50.0716 2304 clr_optimization_v4.0.30319_64 - ok 20:29:50.0762 2304 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:29:50.0762 2304 CmBatt - ok 20:29:50.0794 2304 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:29:50.0794 2304 cmdide - ok 20:29:50.0840 2304 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:29:50.0856 2304 CNG - ok 20:29:50.0872 2304 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:29:50.0872 2304 Compbatt - ok 20:29:50.0887 2304 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:29:50.0903 2304 CompositeBus - ok 20:29:50.0903 2304 COMSysApp - ok 20:29:50.0934 2304 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:29:50.0934 2304 crcdisk - ok 20:29:50.0965 2304 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:29:50.0965 2304 CryptSvc - ok 20:29:51.0012 2304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:29:51.0028 2304 DcomLaunch - ok 20:29:51.0059 2304 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:29:51.0059 2304 defragsvc - ok 20:29:51.0106 2304 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:29:51.0106 2304 DfsC - ok 20:29:51.0137 2304 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 20:29:51.0137 2304 dg_ssudbus - ok 20:29:51.0168 2304 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:29:51.0168 2304 Dhcp - ok 20:29:51.0184 2304 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:29:51.0184 2304 discache - ok 20:29:51.0215 2304 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:29:51.0215 2304 Disk - ok 20:29:51.0246 2304 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:29:51.0246 2304 Dnscache - ok 20:29:51.0293 2304 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:29:51.0293 2304 dot3svc - ok 20:29:51.0324 2304 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:29:51.0324 2304 DPS - ok 20:29:51.0355 2304 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:29:51.0355 2304 drmkaud - ok 20:29:51.0418 2304 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:29:51.0433 2304 DXGKrnl - ok 20:29:51.0433 2304 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:29:51.0449 2304 EapHost - ok 20:29:51.0761 2304 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:29:51.0823 2304 ebdrv - ok 20:29:51.0854 2304 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:29:51.0854 2304 EFS - ok 20:29:51.0886 2304 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:29:51.0901 2304 ehRecvr - ok 20:29:51.0932 2304 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:29:51.0932 2304 ehSched - ok 20:29:51.0964 2304 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:29:51.0964 2304 elxstor - ok 20:29:52.0010 2304 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:29:52.0010 2304 ErrDev - ok 20:29:52.0057 2304 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:29:52.0057 2304 EventSystem - ok 20:29:52.0120 2304 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:29:52.0120 2304 exfat - ok 20:29:52.0151 2304 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:29:52.0151 2304 fastfat - ok 20:29:52.0213 2304 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:29:52.0229 2304 Fax - ok 20:29:52.0244 2304 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:29:52.0244 2304 fdc - ok 20:29:52.0260 2304 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:29:52.0260 2304 fdPHost - ok 20:29:52.0276 2304 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:29:52.0276 2304 FDResPub - ok 20:29:52.0291 2304 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:29:52.0291 2304 FileInfo - ok 20:29:52.0307 2304 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:29:52.0307 2304 Filetrace - ok 20:29:52.0322 2304 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:29:52.0322 2304 flpydisk - ok 20:29:52.0338 2304 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:29:52.0338 2304 FltMgr - ok 20:29:52.0385 2304 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:29:52.0400 2304 FontCache - ok 20:29:52.0447 2304 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:29:52.0447 2304 FontCache3.0.0.0 - ok 20:29:52.0478 2304 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:29:52.0478 2304 FsDepends - ok 20:29:52.0525 2304 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:29:52.0525 2304 fssfltr - ok 20:29:52.0619 2304 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:29:52.0634 2304 fsssvc - ok 20:29:52.0650 2304 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:29:52.0650 2304 Fs_Rec - ok 20:29:52.0712 2304 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:29:52.0712 2304 fvevol - ok 20:29:52.0759 2304 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:29:52.0759 2304 gagp30kx - ok 20:29:52.0837 2304 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:29:52.0853 2304 gpsvc - ok 20:29:52.0931 2304 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:29:52.0931 2304 gupdate - ok 20:29:52.0962 2304 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:29:52.0962 2304 gupdatem - ok 20:29:52.0993 2304 [ 408DDD80EEDE47175F6844817B90213E ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 20:29:52.0993 2304 gusvc - ok 20:29:53.0040 2304 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 20:29:53.0040 2304 hamachi - ok 20:29:53.0071 2304 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:29:53.0071 2304 hcw85cir - ok 20:29:53.0118 2304 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:29:53.0118 2304 HdAudAddService - ok 20:29:53.0165 2304 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 20:29:53.0180 2304 HDAudBus - ok 20:29:53.0212 2304 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:29:53.0212 2304 HidBatt - ok 20:29:53.0243 2304 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:29:53.0243 2304 HidBth - ok 20:29:53.0274 2304 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:29:53.0274 2304 HidIr - ok 20:29:53.0321 2304 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:29:53.0336 2304 hidserv - ok 20:29:53.0368 2304 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:29:53.0368 2304 HidUsb - ok 20:29:53.0399 2304 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:29:53.0414 2304 hkmsvc - ok 20:29:53.0461 2304 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:29:53.0461 2304 HomeGroupListener - ok 20:29:53.0492 2304 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:29:53.0508 2304 HomeGroupProvider - ok 20:29:53.0524 2304 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:29:53.0524 2304 HpSAMD - ok 20:29:53.0555 2304 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:29:53.0570 2304 HTTP - ok 20:29:53.0602 2304 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:29:53.0602 2304 hwpolicy - ok 20:29:53.0648 2304 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:29:53.0648 2304 i8042prt - ok 20:29:53.0680 2304 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:29:53.0680 2304 iaStorV - ok 20:29:53.0726 2304 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:29:53.0726 2304 idsvc - ok 20:29:53.0758 2304 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:29:53.0758 2304 iirsp - ok 20:29:53.0929 2304 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:29:53.0960 2304 IKEEXT - ok 20:29:53.0992 2304 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:29:53.0992 2304 intelide - ok 20:29:54.0007 2304 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:29:54.0007 2304 intelppm - ok 20:29:54.0038 2304 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:29:54.0038 2304 IPBusEnum - ok 20:29:54.0070 2304 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:29:54.0070 2304 IpFilterDriver - ok 20:29:54.0116 2304 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:29:54.0132 2304 iphlpsvc - ok 20:29:54.0148 2304 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:29:54.0148 2304 IPMIDRV - ok 20:29:54.0179 2304 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:29:54.0179 2304 IPNAT - ok 20:29:54.0210 2304 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:29:54.0210 2304 IRENUM - ok 20:29:54.0241 2304 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:29:54.0241 2304 isapnp - ok 20:29:54.0335 2304 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:29:54.0350 2304 iScsiPrt - ok 20:29:54.0366 2304 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:29:54.0366 2304 kbdclass - ok 20:29:54.0382 2304 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:29:54.0382 2304 kbdhid - ok 20:29:54.0397 2304 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:29:54.0397 2304 KeyIso - ok 20:29:54.0444 2304 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:29:54.0444 2304 KSecDD - ok 20:29:54.0506 2304 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:29:54.0506 2304 KSecPkg - ok 20:29:54.0522 2304 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:29:54.0538 2304 ksthunk - ok 20:29:54.0553 2304 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:29:54.0569 2304 KtmRm - ok 20:29:54.0600 2304 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:29:54.0600 2304 LanmanServer - ok 20:29:54.0647 2304 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:29:54.0647 2304 LanmanWorkstation - ok 20:29:54.0678 2304 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:29:54.0678 2304 lltdio - ok 20:29:54.0709 2304 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:29:54.0725 2304 lltdsvc - ok 20:29:54.0756 2304 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:29:54.0772 2304 lmhosts - ok 20:29:54.0803 2304 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:29:54.0803 2304 LSI_FC - ok 20:29:54.0834 2304 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:29:54.0834 2304 LSI_SAS - ok 20:29:54.0850 2304 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:29:54.0850 2304 LSI_SAS2 - ok 20:29:54.0865 2304 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:29:54.0865 2304 LSI_SCSI - ok 20:29:54.0881 2304 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:29:54.0881 2304 luafv - ok 20:29:54.0912 2304 LVPr2M64 - ok 20:29:54.0943 2304 [ EF2BE2F45D4F06410A3BD2A3467325B0 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 20:29:54.0943 2304 LVRS64 - ok 20:29:55.0068 2304 [ AC22F92C6078640FE8A70D662A2F3AD5 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 20:29:55.0115 2304 LVUVC64 - ok 20:29:55.0146 2304 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:29:55.0162 2304 Mcx2Svc - ok 20:29:55.0177 2304 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:29:55.0177 2304 megasas - ok 20:29:55.0208 2304 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:29:55.0208 2304 MegaSR - ok 20:29:55.0271 2304 Microsoft SharePoint Workspace Audit Service - ok 20:29:55.0302 2304 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:29:55.0318 2304 MMCSS - ok 20:29:55.0349 2304 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:29:55.0349 2304 Modem - ok 20:29:55.0364 2304 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:29:55.0364 2304 monitor - ok 20:29:55.0396 2304 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:29:55.0396 2304 mouclass - ok 20:29:55.0411 2304 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:29:55.0411 2304 mouhid - ok 20:29:55.0458 2304 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:29:55.0458 2304 mountmgr - ok 20:29:55.0552 2304 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:29:55.0567 2304 MozillaMaintenance - ok 20:29:55.0614 2304 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:29:55.0614 2304 mpio - ok 20:29:55.0645 2304 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:29:55.0661 2304 mpsdrv - ok 20:29:55.0723 2304 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:29:55.0739 2304 MpsSvc - ok 20:29:55.0801 2304 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:29:55.0817 2304 MRxDAV - ok 20:29:55.0895 2304 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:29:55.0895 2304 mrxsmb - ok 20:29:55.0973 2304 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:29:55.0988 2304 mrxsmb10 - ok 20:29:56.0020 2304 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:29:56.0020 2304 mrxsmb20 - ok 20:29:56.0035 2304 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:29:56.0035 2304 msahci - ok 20:29:56.0082 2304 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:29:56.0082 2304 msdsm - ok 20:29:56.0098 2304 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:29:56.0113 2304 MSDTC - ok 20:29:56.0144 2304 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:29:56.0144 2304 Msfs - ok 20:29:56.0176 2304 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:29:56.0176 2304 mshidkmdf - ok 20:29:56.0207 2304 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:29:56.0222 2304 msisadrv - ok 20:29:56.0238 2304 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:29:56.0254 2304 MSiSCSI - ok 20:29:56.0254 2304 msiserver - ok 20:29:56.0300 2304 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:29:56.0300 2304 MSKSSRV - ok 20:29:56.0332 2304 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:29:56.0332 2304 MSPCLOCK - ok 20:29:56.0347 2304 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:29:56.0347 2304 MSPQM - ok 20:29:56.0394 2304 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:29:56.0394 2304 MsRPC - ok 20:29:56.0441 2304 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:29:56.0441 2304 mssmbios - ok 20:29:56.0456 2304 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:29:56.0456 2304 MSTEE - ok 20:29:56.0472 2304 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:29:56.0472 2304 MTConfig - ok 20:29:56.0503 2304 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:29:56.0503 2304 Mup - ok 20:29:56.0597 2304 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:29:56.0612 2304 napagent - ok 20:29:56.0644 2304 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:29:56.0659 2304 NativeWifiP - ok 20:29:56.0722 2304 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:29:56.0737 2304 NDIS - ok 20:29:56.0768 2304 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:29:56.0768 2304 NdisCap - ok 20:29:56.0800 2304 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:29:56.0800 2304 NdisTapi - ok 20:29:56.0846 2304 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:29:56.0846 2304 Ndisuio - ok 20:29:56.0893 2304 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:29:56.0893 2304 NdisWan - ok 20:29:56.0956 2304 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:29:56.0956 2304 NDProxy - ok 20:29:56.0971 2304 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:29:56.0971 2304 NetBIOS - ok 20:29:57.0018 2304 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:29:57.0018 2304 NetBT - ok 20:29:57.0049 2304 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:29:57.0049 2304 Netlogon - ok 20:29:57.0096 2304 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:29:57.0112 2304 Netman - ok 20:29:57.0127 2304 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:29:57.0143 2304 netprofm - ok 20:29:57.0205 2304 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 20:29:57.0221 2304 netr28ux - ok 20:29:57.0236 2304 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:29:57.0236 2304 NetTcpPortSharing - ok 20:29:57.0392 2304 [ 82FFC84EC3AFC2F2D38DB880F50157C0 ] Netzmanager Service C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe 20:29:57.0424 2304 Netzmanager Service - ok 20:29:57.0439 2304 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:29:57.0439 2304 nfrd960 - ok 20:29:57.0486 2304 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:29:57.0486 2304 NlaSvc - ok 20:29:57.0548 2304 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe 20:29:57.0548 2304 NMSAccess - ok 20:29:57.0564 2304 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:29:57.0564 2304 Npfs - ok 20:29:57.0595 2304 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:29:57.0595 2304 nsi - ok 20:29:57.0611 2304 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:29:57.0611 2304 nsiproxy - ok 20:29:57.0720 2304 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:29:57.0751 2304 Ntfs - ok 20:29:57.0767 2304 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:29:57.0767 2304 Null - ok 20:29:57.0798 2304 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:29:57.0798 2304 nvraid - ok 20:29:57.0860 2304 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:29:57.0860 2304 nvstor - ok 20:29:57.0907 2304 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:29:57.0907 2304 nv_agp - ok 20:29:57.0923 2304 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:29:57.0923 2304 ohci1394 - ok 20:29:58.0032 2304 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:29:58.0032 2304 ose - ok 20:29:58.0531 2304 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:29:58.0578 2304 osppsvc - ok 20:29:58.0625 2304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:29:58.0625 2304 p2pimsvc - ok 20:29:58.0640 2304 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:29:58.0656 2304 p2psvc - ok 20:29:58.0687 2304 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:29:58.0687 2304 Parport - ok 20:29:58.0718 2304 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:29:58.0734 2304 partmgr - ok 20:29:58.0781 2304 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:29:58.0796 2304 PcaSvc - ok 20:29:58.0843 2304 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 20:29:58.0843 2304 pccsmcfd - ok 20:29:58.0890 2304 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:29:58.0906 2304 pci - ok 20:29:58.0921 2304 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:29:58.0921 2304 pciide - ok 20:29:59.0030 2304 [ 1BEBE7DE8508A02650CDCE45C664C2A2 ] PCLEPCI C:\Windows\SysWOW64\drivers\pclepci.sys 20:29:59.0030 2304 PCLEPCI - ok 20:29:59.0062 2304 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:29:59.0062 2304 pcmcia - ok 20:29:59.0077 2304 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:29:59.0093 2304 pcw - ok 20:29:59.0108 2304 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:29:59.0124 2304 PEAUTH - ok 20:29:59.0140 2304 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:29:59.0155 2304 PerfHost - ok 20:29:59.0218 2304 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:29:59.0233 2304 pla - ok 20:29:59.0280 2304 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:29:59.0296 2304 PlugPlay - ok 20:29:59.0327 2304 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:29:59.0327 2304 PNRPAutoReg - ok 20:29:59.0342 2304 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:29:59.0342 2304 PNRPsvc - ok 20:29:59.0374 2304 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:29:59.0389 2304 PolicyAgent - ok 20:29:59.0405 2304 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:29:59.0405 2304 Power - ok 20:29:59.0452 2304 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:29:59.0452 2304 PptpMiniport - ok 20:29:59.0467 2304 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:29:59.0467 2304 Processor - ok 20:29:59.0530 2304 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:29:59.0545 2304 ProfSvc - ok 20:29:59.0545 2304 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:29:59.0561 2304 ProtectedStorage - ok 20:29:59.0608 2304 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:29:59.0608 2304 Psched - ok 20:29:59.0654 2304 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 20:29:59.0654 2304 PSI - ok 20:29:59.0748 2304 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:29:59.0779 2304 ql2300 - ok 20:29:59.0810 2304 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:29:59.0810 2304 ql40xx - ok 20:29:59.0842 2304 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:29:59.0842 2304 QWAVE - ok 20:29:59.0857 2304 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:29:59.0857 2304 QWAVEdrv - ok 20:29:59.0873 2304 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:29:59.0873 2304 RasAcd - ok 20:29:59.0888 2304 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:29:59.0888 2304 RasAgileVpn - ok 20:29:59.0904 2304 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:29:59.0904 2304 RasAuto - ok 20:29:59.0951 2304 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:29:59.0951 2304 Rasl2tp - ok 20:30:00.0029 2304 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:30:00.0044 2304 RasMan - ok 20:30:00.0076 2304 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:30:00.0076 2304 RasPppoe - ok 20:30:00.0091 2304 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:30:00.0091 2304 RasSstp - ok 20:30:00.0138 2304 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:30:00.0154 2304 rdbss - ok 20:30:00.0169 2304 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:30:00.0169 2304 rdpbus - ok 20:30:00.0185 2304 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:30:00.0185 2304 RDPCDD - ok 20:30:00.0216 2304 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:30:00.0216 2304 RDPENCDD - ok 20:30:00.0232 2304 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:30:00.0232 2304 RDPREFMP - ok 20:30:00.0294 2304 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:30:00.0310 2304 RDPWD - ok 20:30:00.0341 2304 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:30:00.0356 2304 rdyboost - ok 20:30:00.0497 2304 [ DCD47436476140ECC3998672C0B85BE3 ] ReminderFoxUpdater C:\Users\user1\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe 20:30:00.0497 2304 ReminderFoxUpdater - ok 20:30:00.0544 2304 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:30:00.0559 2304 RemoteAccess - ok 20:30:00.0575 2304 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:30:00.0590 2304 RemoteRegistry - ok 20:30:00.0622 2304 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:30:00.0622 2304 RpcEptMapper - ok 20:30:00.0637 2304 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:30:00.0653 2304 RpcLocator - ok 20:30:00.0684 2304 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:30:00.0684 2304 RpcSs - ok 20:30:00.0715 2304 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:30:00.0715 2304 rspndr - ok 20:30:00.0762 2304 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:30:00.0762 2304 RTL8167 - ok 20:30:00.0809 2304 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:30:00.0809 2304 SamSs - ok 20:30:00.0887 2304 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\WNt500x64\Sandra.sys 20:30:00.0887 2304 SANDRA - ok 20:30:00.0902 2304 [ F14A709D72B0DADF671CF0DE86B9DACD ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP1d\RpcAgentSrv.exe 20:30:00.0902 2304 SandraAgentSrv - ok 20:30:00.0949 2304 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:30:00.0949 2304 sbp2port - ok 20:30:00.0965 2304 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:30:00.0980 2304 SCardSvr - ok 20:30:01.0012 2304 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:30:01.0012 2304 scfilter - ok 20:30:01.0074 2304 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:30:01.0090 2304 Schedule - ok 20:30:01.0121 2304 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:30:01.0121 2304 SCPolicySvc - ok 20:30:01.0168 2304 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:30:01.0168 2304 SDRSVC - ok 20:30:01.0183 2304 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:30:01.0183 2304 secdrv - ok 20:30:01.0230 2304 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:30:01.0230 2304 seclogon - ok 20:30:01.0495 2304 [ 9901DCF2B6DD2AD12CB42BD559E0C92D ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe 20:30:01.0526 2304 Secunia PSI Agent - ok 20:30:01.0558 2304 [ 4F2056349F8BA4154D5213BF8A476B14 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe 20:30:01.0558 2304 Secunia Update Agent - ok 20:30:01.0589 2304 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:30:01.0589 2304 SENS - ok 20:30:01.0604 2304 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:30:01.0604 2304 SensrSvc - ok 20:30:01.0620 2304 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:30:01.0620 2304 Serenum - ok 20:30:01.0651 2304 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:30:01.0651 2304 Serial - ok 20:30:01.0682 2304 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:30:01.0682 2304 sermouse - ok 20:30:01.0838 2304 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 20:30:01.0854 2304 ServiceLayer - ok 20:30:01.0901 2304 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:30:01.0901 2304 SessionEnv - ok 20:30:01.0932 2304 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:30:01.0932 2304 sffdisk - ok 20:30:01.0948 2304 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:30:01.0948 2304 sffp_mmc - ok 20:30:01.0963 2304 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:30:01.0963 2304 sffp_sd - ok 20:30:01.0979 2304 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:30:01.0979 2304 sfloppy - ok 20:30:02.0072 2304 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:30:02.0088 2304 SharedAccess - ok 20:30:02.0119 2304 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:30:02.0135 2304 ShellHWDetection - ok 20:30:02.0166 2304 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:30:02.0166 2304 SiSRaid2 - ok 20:30:02.0182 2304 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:30:02.0182 2304 SiSRaid4 - ok 20:30:02.0681 2304 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 20:30:02.0712 2304 Skype C2C Service - ok 20:30:02.0821 2304 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:30:02.0821 2304 SkypeUpdate - ok 20:30:02.0852 2304 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:30:02.0868 2304 Smb - ok 20:30:02.0899 2304 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:30:02.0915 2304 SNMPTRAP - ok 20:30:02.0930 2304 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:30:02.0930 2304 spldr - ok 20:30:02.0977 2304 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:30:02.0977 2304 Spooler - ok 20:30:03.0383 2304 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:30:03.0414 2304 sppsvc - ok 20:30:03.0445 2304 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:30:03.0445 2304 sppuinotify - ok 20:30:03.0492 2304 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:30:03.0508 2304 srv - ok 20:30:03.0539 2304 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:30:03.0554 2304 srv2 - ok 20:30:03.0570 2304 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:30:03.0570 2304 srvnet - ok 20:30:03.0586 2304 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:30:03.0586 2304 SSDPSRV - ok 20:30:03.0601 2304 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:30:03.0601 2304 SstpSvc - ok 20:30:03.0648 2304 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 20:30:03.0648 2304 ssudmdm - ok 20:30:03.0695 2304 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys 20:30:03.0710 2304 StarOpen - ok 20:30:03.0742 2304 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:30:03.0742 2304 stexstor - ok 20:30:03.0788 2304 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:30:03.0804 2304 stisvc - ok 20:30:03.0835 2304 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:30:03.0835 2304 swenum - ok 20:30:03.0913 2304 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:30:03.0929 2304 swprv - ok 20:30:04.0147 2304 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:30:04.0194 2304 SysMain - ok 20:30:04.0225 2304 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:30:04.0241 2304 TabletInputService - ok 20:30:04.0272 2304 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:30:04.0288 2304 TapiSrv - ok 20:30:04.0303 2304 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:30:04.0303 2304 TBS - ok 20:30:04.0678 2304 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:30:04.0724 2304 Tcpip - ok 20:30:04.0756 2304 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:30:04.0771 2304 TCPIP6 - ok 20:30:04.0787 2304 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:30:04.0787 2304 tcpipreg - ok 20:30:04.0802 2304 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:30:04.0802 2304 TDPIPE - ok 20:30:04.0849 2304 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:30:04.0849 2304 TDTCP - ok 20:30:04.0896 2304 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:30:04.0912 2304 tdx - ok 20:30:05.0052 2304 [ 4283D7125BA4BD0CB50BB0F78B54257A ] TelekomNM6 C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys 20:30:05.0068 2304 TelekomNM6 - ok 20:30:05.0099 2304 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:30:05.0114 2304 TermDD - ok 20:30:05.0255 2304 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:30:05.0270 2304 TermService - ok 20:30:05.0302 2304 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:30:05.0302 2304 Themes - ok 20:30:05.0333 2304 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:30:05.0333 2304 THREADORDER - ok 20:30:05.0348 2304 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:30:05.0348 2304 TrkWks - ok 20:30:05.0380 2304 [ EA43DE1743C1BA0D2D17B8DB90C91D88 ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 20:30:05.0380 2304 truecrypt - ok 20:30:05.0442 2304 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:30:05.0458 2304 TrustedInstaller - ok 20:30:05.0489 2304 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:30:05.0489 2304 tssecsrv - ok 20:30:05.0536 2304 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:30:05.0536 2304 TsUsbFlt - ok 20:30:05.0582 2304 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:30:05.0582 2304 tunnel - ok 20:30:05.0614 2304 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:30:05.0614 2304 uagp35 - ok 20:30:05.0692 2304 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:30:05.0707 2304 udfs - ok 20:30:05.0723 2304 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:30:05.0723 2304 UI0Detect - ok 20:30:05.0754 2304 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:30:05.0754 2304 uliagpkx - ok 20:30:05.0785 2304 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 20:30:05.0801 2304 umbus - ok 20:30:05.0816 2304 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:30:05.0816 2304 UmPass - ok 20:30:05.0926 2304 [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 20:30:05.0926 2304 UMVPFSrv - ok 20:30:05.0972 2304 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:30:05.0972 2304 upnphost - ok 20:30:06.0019 2304 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:30:06.0019 2304 usbaudio - ok 20:30:06.0050 2304 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:30:06.0050 2304 usbccgp - ok 20:30:06.0097 2304 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:30:06.0097 2304 usbcir - ok 20:30:06.0128 2304 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:30:06.0128 2304 usbehci - ok 20:30:06.0191 2304 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:30:06.0191 2304 usbhub - ok 20:30:06.0222 2304 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:30:06.0222 2304 usbohci - ok 20:30:06.0253 2304 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:30:06.0253 2304 usbprint - ok 20:30:06.0300 2304 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:30:06.0300 2304 usbscan - ok 20:30:06.0347 2304 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 20:30:06.0347 2304 usbser - ok 20:30:06.0362 2304 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:30:06.0362 2304 USBSTOR - ok 20:30:06.0378 2304 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:30:06.0378 2304 usbuhci - ok 20:30:06.0409 2304 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:30:06.0425 2304 UxSms - ok 20:30:06.0425 2304 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:30:06.0440 2304 VaultSvc - ok 20:30:06.0472 2304 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:30:06.0472 2304 vdrvroot - ok 20:30:06.0612 2304 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:30:06.0612 2304 vds - ok 20:30:06.0628 2304 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:30:06.0628 2304 vga - ok 20:30:06.0659 2304 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:30:06.0659 2304 VgaSave - ok 20:30:06.0690 2304 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:30:06.0690 2304 vhdmp - ok 20:30:06.0706 2304 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:30:06.0706 2304 viaide - ok 20:30:06.0752 2304 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:30:06.0752 2304 volmgr - ok 20:30:06.0830 2304 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:30:06.0846 2304 volmgrx - ok 20:30:06.0862 2304 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:30:06.0862 2304 volsnap - ok 20:30:06.0893 2304 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:30:06.0893 2304 vsmraid - ok 20:30:06.0971 2304 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:30:06.0986 2304 VSS - ok 20:30:07.0002 2304 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:30:07.0002 2304 vwifibus - ok 20:30:07.0033 2304 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:30:07.0033 2304 vwififlt - ok 20:30:07.0064 2304 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:30:07.0064 2304 W32Time - ok 20:30:07.0096 2304 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:30:07.0096 2304 WacomPen - ok 20:30:07.0127 2304 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:30:07.0127 2304 WANARP - ok 20:30:07.0142 2304 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:30:07.0142 2304 Wanarpv6 - ok 20:30:07.0330 2304 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:30:07.0361 2304 wbengine - ok 20:30:07.0392 2304 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:30:07.0392 2304 WbioSrvc - ok 20:30:07.0423 2304 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:30:07.0439 2304 wcncsvc - ok 20:30:07.0454 2304 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:30:07.0470 2304 WcsPlugInService - ok 20:30:07.0486 2304 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:30:07.0486 2304 Wd - ok 20:30:07.0532 2304 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:30:07.0548 2304 Wdf01000 - ok 20:30:07.0564 2304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:30:07.0579 2304 WdiServiceHost - ok 20:30:07.0579 2304 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:30:07.0579 2304 WdiSystemHost - ok 20:30:07.0626 2304 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:30:07.0626 2304 WebClient - ok 20:30:07.0642 2304 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:30:07.0657 2304 Wecsvc - ok 20:30:07.0673 2304 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:30:07.0673 2304 wercplsupport - ok 20:30:07.0688 2304 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:30:07.0688 2304 WerSvc - ok 20:30:07.0720 2304 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:30:07.0720 2304 WfpLwf - ok 20:30:07.0735 2304 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:30:07.0735 2304 WIMMount - ok 20:30:07.0751 2304 WinDefend - ok 20:30:07.0766 2304 WinHttpAutoProxySvc - ok 20:30:08.0000 2304 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:30:08.0016 2304 Winmgmt - ok 20:30:08.0078 2304 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:30:08.0110 2304 WinRM - ok 20:30:08.0172 2304 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:30:08.0188 2304 WinUsb - ok 20:30:08.0234 2304 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:30:08.0250 2304 Wlansvc - ok 20:30:08.0297 2304 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:30:08.0297 2304 WmiAcpi - ok 20:30:08.0328 2304 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:30:08.0328 2304 wmiApSrv - ok 20:30:08.0359 2304 WMPNetworkSvc - ok 20:30:08.0515 2304 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 20:30:08.0531 2304 WMZuneComm - ok 20:30:08.0546 2304 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:30:08.0546 2304 WPCSvc - ok 20:30:08.0593 2304 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:30:08.0593 2304 WPDBusEnum - ok 20:30:08.0624 2304 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:30:08.0624 2304 ws2ifsl - ok 20:30:08.0656 2304 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:30:08.0656 2304 wscsvc - ok 20:30:08.0656 2304 WSearch - ok 20:30:08.0765 2304 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:30:08.0812 2304 wuauserv - ok 20:30:08.0843 2304 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:30:08.0843 2304 WudfPf - ok 20:30:08.0874 2304 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:30:08.0874 2304 WUDFRd - ok 20:30:08.0890 2304 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:30:08.0905 2304 wudfsvc - ok 20:30:08.0921 2304 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:30:08.0921 2304 WwanSvc - ok 20:30:09.0077 2304 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 20:30:09.0139 2304 ZuneNetworkSvc - ok 20:30:09.0186 2304 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 20:30:09.0202 2304 ZuneWlanCfgSvc - ok 20:30:09.0248 2304 ================ Scan global =============================== 20:30:09.0264 2304 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:30:09.0295 2304 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 20:30:09.0311 2304 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 20:30:09.0342 2304 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:30:09.0436 2304 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:30:09.0436 2304 [Global] - ok 20:30:09.0436 2304 ================ Scan MBR ================================== 20:30:09.0451 2304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:30:10.0044 2304 \Device\Harddisk0\DR0 - ok 20:30:10.0060 2304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 20:30:10.0060 2304 \Device\Harddisk1\DR1 - ok 20:30:10.0060 2304 ================ Scan VBR ================================== 20:30:10.0075 2304 [ 1B5014B26B769FC146A83D53FF84F737 ] \Device\Harddisk0\DR0\Partition1 20:30:10.0091 2304 \Device\Harddisk0\DR0\Partition1 - ok 20:30:10.0106 2304 [ A9DC98A1E29379D49748EFA3989ABFAC ] \Device\Harddisk0\DR0\Partition2 20:30:10.0122 2304 \Device\Harddisk0\DR0\Partition2 - ok 20:30:10.0138 2304 [ F527930A2C2BCAE5EFB1B2D66FD0BE1C ] \Device\Harddisk0\DR0\Partition3 20:30:10.0169 2304 \Device\Harddisk0\DR0\Partition3 - ok 20:30:10.0169 2304 ============================================================ 20:30:10.0169 2304 Scan finished 20:30:10.0169 2304 ============================================================ 20:30:10.0184 2196 Detected object count: 0 20:30:10.0184 2196 Actual detected object count: 0 20:30:22.0165 4704 Deinitialize success defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:14 on 16/12/2012 (user1_2) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code: DDS (Ver_2012-11-20.01) |
siehe oben. (hatte die dateien etwas durcheinander, habe dann alles geordnet.) |
Servus, Schritt 1 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 2 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code: activex
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, hier die Dateien. Gab/Gibt es einen Schädling oder nur lästige Adware? Code: # AdwCleaner v2.101 - Datei am 17/12/2012 um 19:08:57 erstelltOTL Logfile: Code: OTL logfile created on: 17.12.2012 19:13:39 - Run 2[/CODE] OTL Logfile: Code: OTL Extras logfile created on: 17.12.2012 19:13:39 - Run 2[/CODE] |
Servus, Zitat:
Servus, Schritt 1 Fixen mit OTL
Code: :OTL
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, der PC wird/wurde von mir genutzt, von meiner Frau, von 2 Kindern und von einem Freund der Kinder (damit alle 3 spielen können). Meintest du mit "Dreck" die installierten Programme oder die "Schädlinge/Adware/usw."? Code: All processes killedCode: Malwarebytes Anti-Malware 1.65.1.1000Code: ESETSmartInstaller@High as downloader log:Code: Results of screen317's Security Check version 0.99.56 |
Servus, Zitat:
Lösche bitte die folgenden zip Dateien per Hand: D:\USER1-PC\Backup Set 2012-06-03 190046\Backup Files 2012-07-08 190002\Backup files 1.zip D:\USER1-PC\Backup Set 2012-06-03 190046\Backup Files 2012-07-15 232404\Backup files 1.zip Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Downloade und installiere als Erstes: Internet Explorer 9 Mozilla Thunderbird Schritt 1
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 2 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 3 Downloade dir bitte delfix auf deinen Desktop.
Schritt 4 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
Hallo Matthias, Danke für die Hilfe. Sind die Funde (3) die mit Eset angezeigt wurden nicht problematisch? Könntest du mir noch bei dem PC mit Windows XP helfen? |
Servus, Zitat:
Zu 2 der 3 Einträge habe ich dir gesagt, was du machen sollst damit. Der andere Eintrag zeigt nichts Schädliches, ich an deiner Stelle würde aber OptimizerPro entfernen. ;) Zitat:
Schritt 1 Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop. dds.com dds.exe
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. Schritt 4 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
Hallo, natürlich lese ich was du schreibst. Habe nur 3 Schädlinge gesehen und wußte nicht was damit war. Habe Optimizer mit Revo deinstalliert. Hoffe es ist so ok. Die zwei anderen angegeben Dateien sind unter User1-PC und ich komme nicht so richtig dazu, da sie nicht angezeigt werden. Wie kann ich die Dateien/Verzeichnisse drunter richtig sehen? Werde jetzt die angegebenen Schritte am Windows XP Pc machen. Hallo, hier die Scans. DDS Logfile: DDS Logfile: Code: DDS (Ver_2012-11-20.01) - NTFS_x86 --- --- --- --- --- --- [/CODE] Code: .Code: defogger_disable by jpshortstuff (23.02.10.1)Code: aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST SoftwareCode: 20:07:10.0609 3096 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 |
Servus, Zitat:
alle Windows Dateien sichtbar machen Ich sehe schon wieder jede Menge Adware... wo du das nur herhast... :lach: Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden. http://imageshack.us/a/img841/7292/thisisujrt.gif Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
Hallo, wenn ich auf User1-PC gehe, dann öffnet sich ein Fenster mit "Wählen sie eine Option für die ausgewählte Sicherheit aus. 1. Eigene Dateien aus der Sicherung wiederherstellen. 2. Dateien für alle Benutzer dieses Computers wiederherstellen. 3. Speicherplatz verwalten, der von dieser Sicherung belegt wird." Ich nehme dann den 1.ten Punkt und dann kann ich nach Dateien suchen, die ichlöschen könnte, aber der gleiche Dateiname, wie die 2 Dateien siehe oben heissen, kann ich nicht finden. Es sind viele "backups", aber auch nach dem Datum kann ich nicht die gleichen finden. Sorry (bin wirklich nicht so beandert damit). Hallo, hier die Dateien. Code: # AdwCleaner v2.101 - Datei am 19/12/2012 um 21:22:59 erstelltCode: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Code: Combofix Logfile: |
Servus, Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
Hallo Matthias, hier noch eine Frage zu dem PC mit Windows 7, auf dem ich 2 Backups löschen sollte. Wenn ich auf User1-PC gehe, dann öffnet sich ein Fenster mit "Wählen sie eine Option für die ausgewählte Sicherheit aus. 1. Eigene Dateien aus der Sicherung wiederherstellen. 2. Dateien für alle Benutzer dieses Computers wiederherstellen. 3. Speicherplatz verwalten, der von dieser Sicherung belegt wird." Ich nehme dann den 1.ten Punkt und dann kann ich nach Dateien suchen, die ichlöschen könnte, aber der gleiche Dateiname, wie die 2 Dateien siehe oben heissen, kann ich nicht finden. Es sind viele "backups", aber auch nach dem Datum kann ich nicht die gleichen finden. Sorry (bin wirklich nicht so bewandert damit). Hallo, hier die Dateien für den "jetzigen" PC mit XP. OTL Logfile: Code: OTL logfile created on: 20.12.2012 19:45:44 - Run 2[/CODE] OTL Logfile: Code: OTL Extras logfile created on: 20.12.2012 19:45:44 - Run 2[/CODE] |
Servus, Zitat:
Auf dem "XP-Rechner" geht es so weiter: Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
|
Hier das Ergebnis Code: SystemLook 30.07.11 by jpshortstuff |
Servus, wir entfernen noch letzte Reste von Adware und führen die (hoffentlich) letzten Kontrollscans durch: Schritt 1 Fixen mit OTL
Code: :files
Schritt 2
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
Hallo Matthias, hier die Scans. Code: All processes killedCode: Malwarebytes Anti-Malware 1.65.1.1000Code: ESETSmartInstaller@High as downloader log:Code: |
Servus, Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber. :daumenhoc Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Schritt 2 Deine Version von Adobe Flash Player ist veraltet. Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:
Schritt 3
Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen: Schritt 4 Starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 5 Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code: Combofix /UninstallDamit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. Schritt 6 Downloade dir bitte delfix auf deinen Desktop.
Schritt 7 Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
Hallo Matthias, vielen Dank. Zu dem PC mit Windows 7 meintest Du, sollte ich zum schluß nachmal zurückkommen. Hier noch eine Frage zu dem PC mit Windows 7, auf dem ich 2 Backups löschen sollte. Wenn ich auf User1-PC gehe, dann öffnet sich ein Fenster mit "Wählen sie eine Option für die ausgewählte Sicherheit aus. 1. Eigene Dateien aus der Sicherung wiederherstellen. 2. Dateien für alle Benutzer dieses Computers wiederherstellen. 3. Speicherplatz verwalten, der von dieser Sicherung belegt wird." Ich nehme dann den 1.ten Punkt und dann kann ich nach Dateien suchen, die ichlöschen könnte, aber der gleiche Dateiname, wie die 2 Dateien siehe oben heissen, kann ich nicht finden. Es sind viele "backups", aber auch nach dem Datum kann ich nicht die gleichen finden. Sorry (bin wirklich nicht so bewandert damit). |
Servus, lade dir nochmal OTL auf den betreffenden Rechner und führe den folgenden Fix aus: Fixen mit OTL
Code: :files
|
Hier das Ergebnis. ========== FILES ========== D:\USER1-PC\Backup Set 2012-06-03 190046\Backup Files 2012-07-08 190002\Backup files 1.zip moved successfully. D:\USER1-PC\Backup Set 2012-06-03 190046\Backup Files 2012-07-15 232404\Backup files 1.zip moved successfully. ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 12212012_210039 |
Servus, alles klar. Gibt es noch was zu tun? Von meiner Seite sind wir durch. :) |
Vielen Danke. Denke auch, dass es das war. Wünsche noch einen schönen Abend. |
Ich bin froh, dass wir helfen konnten :abklatsch: Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:52 Uhr. |
Copyright ©2000-2025, Trojaner-Board
WARNUNG an die MITLESER: 
Textbox.