Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   EXP/CVE-2010-4452.BG + Email gehackt? Was tun? (https://www.trojaner-board.de/117441-exp-cve-2010-4452-bg-email-gehackt-tun.html)

boreal99 16.06.2012 13:19
EXP/CVE-2010-4452.BG + Email gehackt? Was tun?
 
Guten Tag,

gestern habe ich bemerkt, dass eine Werbe-Email von meiner Emailadresse aus an alle meine Kontakte geschickt wurde und habe deshalb das Passwort geändert.

Das hat mich auch dazu veranlasst, einen Virenscan durchzuführen .

Hier das AV-Log:

Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012  00:23

Es wird nach 3837524 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Ultimate
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : VuN
Computername  : VUN-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 19:41:56
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 19:41:56
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 19:41:56
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 19:41:56
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 19:41:45
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 09:49:21
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 06:56:15
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 06:56:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 18:21:14
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 18:21:22
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 19:41:41
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 19:41:41
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 19:41:41
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 19:41:41
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 19:41:41
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 19:41:41
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 19:41:41
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 19:41:41
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 19:41:41
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 20:28:19
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 20:28:23
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 11:04:51
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 16:11:46
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 18:49:13
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 18:49:08
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 19:13:02
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 19:11:14
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 19:11:21
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 19:11:32
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 19:11:34
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 20:53:33
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 23:14:04
VBASE027.VDF  : 7.11.32.252    2048 Bytes  14.06.2012 23:14:04
VBASE028.VDF  : 7.11.32.253    2048 Bytes  14.06.2012 23:14:04
VBASE029.VDF  : 7.11.32.254    2048 Bytes  14.06.2012 23:14:04
VBASE030.VDF  : 7.11.32.255    2048 Bytes  14.06.2012 23:14:04
VBASE031.VDF  : 7.11.33.6      2048 Bytes  14.06.2012 23:14:04
Engineversion  : 8.2.10.92
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 19:11:12
AESCRIPT.DLL  : 8.1.4.26      450939 Bytes  14.06.2012 23:14:12
AESCN.DLL      : 8.1.8.2      131444 Bytes  22.04.2012 18:21:30
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 23:14:12
AERDL.DLL      : 8.1.9.15      639348 Bytes  31.01.2012 06:55:37
AEPACK.DLL    : 8.2.16.18    807287 Bytes  14.06.2012 23:14:12
AEOFFICE.DLL  : 8.1.2.36      201082 Bytes  14.06.2012 23:14:11
AEHEUR.DLL    : 8.1.4.46    4923767 Bytes  14.06.2012 23:14:10
AEHELP.DLL    : 8.1.21.0      254326 Bytes  10.05.2012 19:41:42
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 23:14:05
AEEXP.DLL      : 8.1.0.52      82293 Bytes  14.06.2012 23:14:12
AEEMU.DLL      : 8.1.3.0      393589 Bytes  31.01.2012 06:55:34
AECORE.DLL    : 8.1.25.10    201080 Bytes  31.05.2012 19:13:06
AEBB.DLL      : 8.1.1.0        53618 Bytes  31.01.2012 06:55:33
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 19:41:55
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 19:41:56
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 19:41:56
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 19:41:55
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 19:41:56
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 19:41:56
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 19:41:56
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 19:41:56
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 19:41:55
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 19:41:55

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Samstag, 16. Juni 2012  00:23

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSX.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wn111.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
  [WARNUNG]  Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '2622' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\androidsdk\platforms\android-10\images\system.img
  [WARNUNG]  Der Archivheader ist defekt
C:\androidsdk\platforms\android-12\images\system.img
  [WARNUNG]  Der Archivheader ist defekt
C:\Program Files\WinRAR\rarnew.dat
  [WARNUNG]  Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
  [WARNUNG]  Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
  [0] Archivtyp: ZIP
  --> Java.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
C:\Users\VuN\Desktop\I9000XWJW5%20-%20DBT.zip
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\VuN\Music\Imogen Heap\Imogen Heap - Speeding Cars.rar
  [WARNUNG]  Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 20.zip
  [WARNUNG]  Unerwartetes Ende beim Lesen eines Blocks
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 4.zip
  [WARNUNG]  Unerwartetes Ende beim Lesen eines Blocks


Beginne mit der Desinfektion:
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5572f467.qua' verschoben!


Ende des Suchlaufs: Samstag, 16. Juni 2012  11:49
Benötigte Zeit:  1:45:27 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  43990 Verzeichnisse wurden überprüft
 979006 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 979004 Dateien ohne Befall
  7892 Archive wurden durchsucht
    12 Warnungen
      2 Hinweise
 653490 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

Ein Malwarebytes Log nach dem AV-Scan:

Code:
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Deaktiviert

16.06.2012 11:53:48
mbam-log-2012-06-16 (11-53-48).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 476455
Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und zuletzt OTL-Logs:

Code:
OTL logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
PRC - [2012.05.08 21:41:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll
MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012.06.15 01:46:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 17:33:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.14 13:09:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.08 18:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M]
 
[2010.12.02 20:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions
[2012.05.19 01:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\tzmkfnv0.default\extensions
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\askcom.xml
[2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\youtube.xml
[2012.03.18 01:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.04.13 13:41:29 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 13:46:23 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.19 01:07:39 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.05.03 17:33:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:36:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe
[2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012
[2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia
[2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08
[2012.05.20 19:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Tuner
[2012.05.20 19:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuned
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.16 13:47:37 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.16 13:47:36 | 002,031,392 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.16 13:37:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe
[2012.06.16 13:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 14:19:16 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 14:19:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 14:19:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 14:19:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 14:19:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2012.05.20 20:25:54 | 000,364,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (12).wma
[2012.05.20 20:21:28 | 000,808,683 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (11).wma
[2012.05.20 20:08:58 | 000,534,793 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (10).wma
[2012.05.20 20:01:26 | 000,813,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (2).wma
[2012.05.20 19:10:38 | 000,001,120 | ---- | M] () -- C:\Users\VuN\ia_remove.sh
[2012.05.17 20:39:47 | 000,249,516 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 804.png
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2012.05.20 20:25:54 | 000,364,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (12).wma
[2012.05.20 20:21:28 | 000,808,683 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (11).wma
[2012.05.20 20:08:58 | 000,534,793 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (10).wma
[2012.05.20 20:01:25 | 000,813,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (2).wma
[2012.05.20 19:10:38 | 000,001,120 | ---- | C] () -- C:\Users\VuN\ia_remove.sh
[2012.05.17 20:39:31 | 000,249,516 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 804.png
[2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat
 
========== LOP Check ==========
 
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
[2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135816FA-C601-4C70-BAB7-8EE5D5768023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A0D5BA6-F8A4-4284-9404-84EFC137E966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C4A3E53-9784-430C-81EC-6DF70C9C3063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D705481-46F3-4EA4-B4E5-AB69811296CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1FA7B0E7-19B0-4A13-B3F0-29F5B944E6C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{205D6A4D-DC75-4F8D-848A-CD4C2A3209E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{207FF0ED-E175-4332-921D-8EFE74D447A4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29595982-E4C8-40AB-B858-700141011539}" = lport=137 | protocol=17 | dir=in | app=system |
"{371E43A2-C5EE-4490-ACB7-963CDA3F4960}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{3B468C96-820C-48D8-9380-5D335091FF8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7D34BE-8938-4A09-90CC-B06E358D42ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FDC5E30-3F1D-4AB2-A140-1EC21662B686}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D13F98F-F948-4C82-A69E-30DCB39DE22B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{4E227041-096D-473C-82F5-A65EEF1B1FB2}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{4ECB70DA-5D22-4AAD-9434-73A00BCD7E74}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{5A4B8C64-D93D-47C0-A496-25F6916347B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6250864A-0031-46C3-A326-02AFE2EC8C04}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DD680B3-5FC2-490A-884E-F8705E8E2772}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{704418F3-5B7A-4BDA-AAD4-46773B8D953E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74D498E8-1AAF-4A2B-B5F9-B2B0B2C9D51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97DA7D57-B648-435D-BCDD-2B6B30358901}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B4026AF-308E-4FAC-9875-DF19E8835853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7619A2E-CA78-4A45-A25A-D95F2C6EE989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEC8C7FF-4C8C-41CC-9A14-73238FC78333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7F80F6-92C8-455E-B2A3-91D796B0E77A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C25498-BB44-451F-91AA-BAC481905F7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA7327B0-875B-4CBD-9FDE-6E7D6C7ECEE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{D29756D9-52DB-4959-9423-479B65DF373B}" = lport=4495 | protocol=6 | dir=in | name=net monitor for employees configuration |
"{D326070F-A57B-42E2-889B-6D07C6D3F988}" = rport=137 | protocol=17 | dir=out | app=system |
"{D88545B4-8F7B-470E-968F-2CA1C23E66AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9EF043B-C8AC-4752-AACF-F3273340FBDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F285AAD6-CD38-4D39-A80A-C35345CED91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FB732DA6-3AE9-4D37-B18F-8DD32F0FFED1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF219F88-1859-4324-933A-BABE0C0475B2}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A9C88-07D2-485E-BADC-AC7D3B780DD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06054B65-263C-4FC7-9E00-A9FE44252358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09D877CB-4796-48D2-8B12-042E83729373}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{119D9CF6-5168-4657-9197-E5CE4736800E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A6BAAEA-603E-43A3-9AB6-D217A9F2305A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C0081D3-126D-4DD0-913B-5E5E153C99DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1CAB0875-6211-4AE4-AFF6-C4862D324B29}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{232E82DA-F6AD-47DA-BBCA-7D2598EA9802}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F8F8712-0E08-4CE5-93CA-C8711221FEBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31B9F738-7A0A-4CCF-AFE6-113674AFCD0D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31C8A650-D148-4622-AA85-DC1172DED484}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{357791B5-D1BE-41B6-AC90-A16408FDF08F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B8B6566-1DC1-4EC4-9AC5-2CCA955A4502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4018DE97-16DF-406C-A989-0B428F11E6B0}" = protocol=6 | dir=out | app=system |
"{42EA7D0B-BE99-4E1D-BCB2-4978E5EACC8B}" = protocol=6 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{4CE70D5C-D945-4F99-905F-E2760ECF22B9}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{575BEAD5-BC6B-4D69-950A-5B2A8A12DFEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6005C0E0-D3D2-4F15-94E0-FC03CFF5F6AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{664F7CAC-2943-41AE-ACA0-148807AB38E9}" = protocol=6 | dir=in | app=e:\games\rayman origins\gu.exe |
"{6762DA49-7EFE-453D-B10F-A35349FF2AF2}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{6D1FDBA3-328D-4B96-ADAB-112580D0E05D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{76288942-8814-451B-903A-3E58E0288B41}" = protocol=6 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{78A85FCF-3317-43DB-91FB-A0DDF144A3E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E7997F9-0C4C-4D87-88BA-F205F7503625}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{83138879-0C1C-4E62-8B75-73CA34185883}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{83D723DE-6A92-49E2-BF7B-E1849FEA83F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8B82C53B-8BE0-43C7-A8A3-B52A08F0540F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9413AA04-31B6-47D0-B2C4-B7B823EA2220}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969E7223-2346-4C47-BF00-E821AA727516}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A4783BE5-B950-4A89-B82E-6F824C74C886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB5A5199-A001-4C17-BF57-277F046EEC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B6658E43-FE77-4A58-BB88-6530A6286779}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7D101E3-0D0A-427E-A345-449137F20E03}" = protocol=17 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{C05758F3-1D62-4182-AD10-E5741D8FD954}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5CE8B2B-E81B-40B6-8A1E-BEEC1BB12EBE}" = protocol=17 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{C80A5E28-74DF-44AF-A116-62374AA840AC}" = protocol=17 | dir=in | app=e:\games\rayman origins\gu.exe |
"{D833D58F-115A-4468-9B8F-BA7F437097F0}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{E879E2E2-E3B9-40E2-8C4E-E3E936BDC185}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{E8A1E8DE-8FCA-41FE-B739-15A7152E820F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB85073C-6DAA-41B9-BDE4-B38EE93FC266}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC31520F-2B8A-4855-AC3B-D27EC012A04B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{ECEE5E1C-2207-4678-97A1-28CC9A42537D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{050BC08D-77B8-4872-BA41-28A7CC169C43}E:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{4A27BC9C-DF3C-4076-A13F-BA7026E6986C}G:\david\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"TCP Query User{5218527F-F8CB-4017-AE3A-C57F53B37654}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
"TCP Query User{72447530-DE3A-4684-8702-4B84B6E213F6}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe |
"TCP Query User{7D4055E3-6EC8-41E2-8D48-A27AED180DF4}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{83E743ED-13D0-4C87-91A1-564018E9D3BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{907A20FF-E9F9-4659-A553-91D2EECE7B0C}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{9A91632B-0368-4166-97EB-626E505F4D26}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{AFC38F18-AAAE-4970-8821-A3812BDA61A8}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"TCP Query User{CA4B37F0-A0E5-483A-B7FF-18841FCDDD8D}E:\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"TCP Query User{D0254337-EC51-413B-8E59-159D8495EED7}E:\games\mw2\iw4mp.dat" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.dat |
"TCP Query User{ECF77B2C-6383-4701-BC19-99FA4C381043}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{F2F1015D-C694-4D7D-9616-B56BBF975E9B}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{2070C189-46B0-4D92-9DBA-2D48AD082A86}E:\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"UDP Query User{2FF0BD35-42D3-4ACF-A4AE-0FDD654E01B5}E:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{489C661E-7508-47FC-BD84-8428614ED624}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{79C4ABEF-AE70-47AE-98B9-4338597755EE}G:\david\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"UDP Query User{84198B8B-4E0E-4ECA-BC61-75E9593E6176}E:\games\mw2\iw4mp.dat" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.dat |
"UDP Query User{846138DD-7041-475B-ACC0-C648FB5F4E57}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{99F01905-4920-4E80-865A-30541D000520}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe |
"UDP Query User{ADE3C6C8-2BE8-41F2-9A63-999D202E221B}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{CB9A66EF-9982-41BB-9701-B13F7AFC800A}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{D4E2088F-8256-4F18-958B-FC77DE967975}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{EAC08568-6CE1-4C6D-9890-4AB930FD773A}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{ED37E1BF-CEED-4963-AF98-1968A2A80153}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F7821A52-7EB5-4D48-8456-221F578304E4}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DF54E1D5-B4A3-4F94-B018-75529AB97682}" = O&O Defrag Professional
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"AMP WinOFF" = AMP WinOFF
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Dungeon Defenders_is1" = Dungeon Defenders
"EarMaster School 5_is1" = EarMaster School 5
"gedit_is1" = gedit 2.30.1
"Hamachi" = Hamachi 1.0.1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.4 (Standard)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 2.6.60 (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QcDrv" = Logitech® Camera-Treiber
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 570" = Dota 2
"Tuned!" = Tuned!
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.3.0b
"XnView_is1" = XnView 1.98.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12.06.2012 08:14:23 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.06.2012 08:21:59 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x105c  Startzeit der fehlerhaften Anwendung:
 0x01cd494c9399f081  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 5f5d2e38-b552-11e1-869a-002354c0ca07
 
Error - 13.06.2012 19:31:45 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
0x6da59903  ID des fehlerhaften Prozesses: 0x15b4  Startzeit der fehlerhaften Anwendung:
 0x01cd49aefd92598d  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 f005a920-b5af-11e1-9b35-002354c0ca07
 
Error - 14.06.2012 19:47:41 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: MSVCR80.dll,
 Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3  Ausnahmecode: 0xc000000d  Fehleroffset:
 0x00014ba1  ID des fehlerhaften Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung:
 0x01cd4a87f1a8eb66  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
 53c989bd-b67b-11e1-9d77-002354c0ca07
 
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12310
Description =
 
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12298
Description =
 
[ System Events ]
Error - 11.06.2012 14:40:17 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2012 05:37:54 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 12.06.2012 16:49:22 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 13.06.2012 06:06:18 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 13.06.2012 17:41:52 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 13.06.2012 19:41:46 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 14.06.2012 08:05:38 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 14.06.2012 19:09:58 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 15.06.2012 16:44:12 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 16.06.2012 07:48:02 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >
Da der Virus nun in Quarantäne ist, muss ich noch was befüchten?

Vielen Dank im Voraus ,
boreal99 :-)

cosinus 18.06.2012 16:00
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

boreal99 18.06.2012 21:27
Ja, aber es wurde nie was gefunden bzw. sie sehen so aus wie das Logfile, das ich schon gepostet habe.

Code:
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Aktiviert

30.03.2012 00:03:25
mbam-log-2012-03-30 (00-03-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208218
Laufzeit: 3 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VuN :: VUN-PC [Administrator]

Schutz: Aktiviert

15.03.2012 22:34:54
mbam-log-2012-03-15 (22-34-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204218
Laufzeit: 3 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Mfg,
boreal99

cosinus 18.06.2012 21:58
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

boreal99 19.06.2012 08:11
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ce384113997e843ad67f54a89e2a2ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:39:49
# local_time=2012-06-19 01:39:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 26990385 26990385 0 0
# compatibility_mode=1792 16777215 100 0 4935510 4935510 0 0
# compatibility_mode=5893 16776574 100 94 79100 91684172 0 0
# compatibility_mode=8192 67108863 100 0 882 882 0 0
# scanned=267671
# found=3
# cleaned=0
# scan_time=8468
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz        a variant of Android/Adware.Leadbolt.B application (unable to clean)        00000000000000000000000000000000        I
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz        Android/Plankton.H trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 19.06.2012 08:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

boreal99 19.06.2012 20:50
OTL Logfile:
Code:
OTL logfile created on: 19.06.2012 21:36:27 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,72% Memory free
8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 62,69 Gb Free Space | 54,60% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 194,49 Gb Free Space | 58,58% Space Free | Partition Type: NTFS
 
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:41:56 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe
PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll
MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll
MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll
MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe
MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2012.06.16 21:15:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.09.09 00:00:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x)
DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786"
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M]
 
[2012.06.17 13:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions
[2012.06.17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\6etmbr70.default\extensions
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml
[2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\youtube.xml
[2012.06.17 13:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.04.13 13:41:30 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012.01.06 13:46:24 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.19 01:07:40 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^VuN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk - C:\PROGRA~2\Warkeys\AUTOWA~1\AUTOHO~1\AUTOHO~1.EXE - ()
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 23:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.18 23:03:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe
[2012.06.17 13:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2012.06.16 17:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.06.16 17:47:07 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.06.16 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon
[2012.06.16 16:57:03 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\magicka
[2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012
[2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia
[2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.19 21:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.19 21:24:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.19 21:24:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.19 21:24:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.19 21:24:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.19 21:24:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.19 21:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.19 21:20:31 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.19 21:20:31 | 002,037,772 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.06.18 23:03:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe
[2012.06.17 13:05:56 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 13:00:55 | 004,294,464 | ---- | M] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv
[2012.06.17 12:59:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.06.16 17:49:49 | 000,000,691 | ---- | M] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk
[2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.06.16 17:43:22 | 000,000,250 | ---- | M] () -- C:\user.js
[2012.06.16 14:18:08 | 000,048,483 | ---- | M] () -- C:\Users\VuN\Desktop\authrootstl.cab
[2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe
[2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.17 13:05:56 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.17 13:05:56 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.17 13:00:53 | 004,294,464 | ---- | C] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv
[2012.06.17 12:59:37 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2012.06.16 17:49:49 | 000,000,691 | ---- | C] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk
[2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js
[2012.06.16 14:18:07 | 000,048,483 | ---- | C] () -- C:\Users\VuN\Desktop\authrootstl.cab
[2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable
[2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe
[2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png
[2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma
[2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma
[2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma
[2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png
[2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png
[2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png
[2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png
[2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma
[2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma
[2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma
[2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif
[2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG
[2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG
[2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma
[2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma
[2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma
[2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma
[2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma
[2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG
[2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png
[2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG
[2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma
[2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe
[2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat
 
========== LOP Check ==========
 
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
[2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft
[2011.05.07 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AccurateRip
[2011.01.16 02:10:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Adobe
[2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP
[2012.01.16 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Apple Computer
[2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity
[2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP
[2012.04.22 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Avira
[2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon
[2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard
[2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid
[2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite
[2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development
[2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener
[2011.12.11 02:48:31 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DivX
[2011.01.13 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Download Manager
[2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox
[2011.06.19 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\dvdcss
[2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire
[2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit
[2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla
[2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0
[2012.06.18 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi
[2012.04.09 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi Backup
[2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games
[2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ
[2010.12.02 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Identities
[2012.02.04 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\InstallShield Installation Information
[2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView
[2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC
[2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios
[2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient
[2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2
[2010.12.02 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Macromedia
[2011.01.09 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Malwarebytes
[2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Center Programs
[2012.04.16 22:05:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Player Classic
[2011.09.20 12:33:28 | 000,000,000 | --SD | M] -- C:\Users\VuN\AppData\Roaming\Microsoft
[2012.06.17 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mozilla
[2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag
[2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher
[2010.12.29 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\NVIDIA
[2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org
[2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera
[2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung
[2010.12.18 20:39:48 | 000,000,000 | RH-D | M] -- C:\Users\VuN\AppData\Roaming\SecuROM
[2012.06.19 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Skype
[2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer
[2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian
[2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2
[2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client
[2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software
[2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle
[2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
[2011.12.15 02:00:36 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\vlc
[2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax
[2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE
[2010.12.02 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WinRAR
[2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2011.08.11 13:58:57 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.11.15 15:20:01 | 000,010,134 | R--- | M] () -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
--- --- ---

boreal99 19.06.2012 20:55
-Doppelpost-

cosinus 20.06.2012 10:54
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01  [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml
[2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe
[2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon
[2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js
:Files
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

boreal99 20.06.2012 19:30
Der OTL-Fix lief bis zu "resetting hosts file. do not interrupt......" und dann erschien eine Fehlermeldung : cannot create file C:\windows\system32\drivers\etc\hosts . Der Pc hat sich dann aufgehangen und ich musste neustarten.

Diese .txt Datei wurde erstellt :
Code:
Files\Folders moved on Reboot...
File move failed. C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\System32\drivers\etc\Hosts moved successfully.

Registry entries deleted on Reboot...
Hab den OTL-Fix dann nach dem Neustart nochmal laufen lassen und dann ging es ohne Fehlermeldung. Hier die .txt datei :
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q=" removed from keyword.URL
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "64.85.181.46" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "" removed from network.proxy.gopher
Prefs.js: 0 removed from network.proxy.gopher_port
Prefs.js: "64.85.181.46" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "64.85.181.46" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
File C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
File H:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
File G:\Setup.exe not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Users\VuN\AppData\Roaming\Babylon\ not found.
File C:\user.js not found.
========== FILES ==========
File\Folder C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File\Folder C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: VuN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38443 bytes
->FireFox cache emptied: 6342273 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 6,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: VuN
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06202012_202403

Files\Folders moved on Reboot...
File\Folder C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 21.06.2012 10:13
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

boreal99 21.06.2012 19:39
Code:
20:36:07.0393 2104        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:36:07.0720 2104        ============================================================
20:36:07.0720 2104        Current date / time: 2012/06/21 20:36:07.0720
20:36:07.0720 2104        SystemInfo:
20:36:07.0720 2104       
20:36:07.0720 2104        OS Version: 6.1.7601 ServicePack: 1.0
20:36:07.0720 2104        Product type: Workstation
20:36:07.0720 2104        ComputerName: VUN-PC
20:36:07.0720 2104        UserName: VuN
20:36:07.0720 2104        Windows directory: C:\Windows
20:36:07.0720 2104        System windows directory: C:\Windows
20:36:07.0720 2104        Running under WOW64
20:36:07.0720 2104        Processor architecture: Intel x64
20:36:07.0721 2104        Number of processors: 2
20:36:07.0721 2104        Page size: 0x1000
20:36:07.0721 2104        Boot type: Normal boot
20:36:07.0721 2104        ============================================================
20:36:08.0625 2104        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:36:08.0629 2104        ============================================================
20:36:08.0629 2104        \Device\Harddisk0\DR0:
20:36:08.0630 2104        MBR partitions:
20:36:08.0630 2104        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:36:08.0630 2104        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32808, BlocksNum 0x298106B8
20:36:08.0646 2104        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29843800, BlocksNum 0x259C800
20:36:08.0646 2104        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BDE0EC0, BlocksNum 0xE5A4140
20:36:08.0646 2104        ============================================================
20:36:08.0665 2104        C: <-> \Device\Harddisk0\DR0\Partition3
20:36:08.0692 2104        D: <-> \Device\Harddisk0\DR0\Partition2
20:36:08.0731 2104        E: <-> \Device\Harddisk0\DR0\Partition1
20:36:08.0731 2104        ============================================================
20:36:08.0731 2104        Initialize success
20:36:08.0731 2104        ============================================================
20:36:33.0781 3704        ============================================================
20:36:33.0781 3704        Scan started
20:36:33.0781 3704        Mode: Manual; SigCheck; TDLFS;
20:36:33.0781 3704        ============================================================
20:36:34.0261 3704        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:36:34.0388 3704        1394ohci - ok
20:36:34.0419 3704        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:36:34.0433 3704        ACPI - ok
20:36:34.0446 3704        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:36:34.0485 3704        AcpiPmi - ok
20:36:34.0592 3704        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:34.0601 3704        AdobeARMservice - ok
20:36:34.0697 3704        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:34.0708 3704        AdobeFlashPlayerUpdateSvc - ok
20:36:34.0754 3704        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:34.0783 3704        adp94xx - ok
20:36:34.0815 3704        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:36:34.0836 3704        adpahci - ok
20:36:34.0858 3704        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:36:34.0876 3704        adpu320 - ok
20:36:34.0910 3704        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:36:34.0987 3704        AeLookupSvc - ok
20:36:35.0040 3704        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:36:35.0062 3704        AFD - ok
20:36:35.0086 3704        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:36:35.0101 3704        agp440 - ok
20:36:35.0115 3704        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:36:35.0154 3704        ALG - ok
20:36:35.0181 3704        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:36:35.0195 3704        aliide - ok
20:36:35.0215 3704        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:36:35.0228 3704        amdide - ok
20:36:35.0259 3704        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:36:35.0287 3704        AmdK8 - ok
20:36:35.0304 3704        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:36:35.0321 3704        AmdPPM - ok
20:36:35.0353 3704        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:36:35.0369 3704        amdsata - ok
20:36:35.0389 3704        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:35.0408 3704        amdsbs - ok
20:36:35.0422 3704        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:36:35.0435 3704        amdxata - ok
20:36:35.0462 3704        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:36:35.0513 3704        androidusb - ok
20:36:35.0594 3704        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:36:35.0605 3704        AntiVirSchedulerService - ok
20:36:35.0674 3704        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:36:35.0684 3704        AntiVirService - ok
20:36:35.0735 3704        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:36:35.0860 3704        AppID - ok
20:36:35.0877 3704        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:36:35.0917 3704        AppIDSvc - ok
20:36:35.0936 3704        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:36:35.0971 3704        Appinfo - ok
20:36:36.0022 3704        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:36:36.0056 3704        AppMgmt - ok
20:36:36.0086 3704        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:36:36.0103 3704        arc - ok
20:36:36.0123 3704        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:36:36.0139 3704        arcsas - ok
20:36:36.0165 3704        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:36.0206 3704        AsyncMac - ok
20:36:36.0247 3704        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:36:36.0256 3704        atapi - ok
20:36:36.0302 3704        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:36:36.0323 3704        atksgt - ok
20:36:36.0375 3704        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0446 3704        AudioEndpointBuilder - ok
20:36:36.0456 3704        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0491 3704        AudioSrv - ok
20:36:36.0537 3704        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:36:36.0553 3704        avgntflt - ok
20:36:36.0573 3704        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:36:36.0592 3704        avipbb - ok
20:36:36.0605 3704        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:36:36.0619 3704        avkmgr - ok
20:36:36.0647 3704        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:36:36.0718 3704        AxInstSV - ok
20:36:36.0765 3704        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:36:36.0807 3704        b06bdrv - ok
20:36:36.0842 3704        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:36.0879 3704        b57nd60a - ok
20:36:36.0920 3704        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:36:36.0959 3704        BDESVC - ok
20:36:36.0970 3704        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:36:37.0009 3704        Beep - ok
20:36:37.0063 3704        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:36:37.0107 3704        BFE - ok
20:36:37.0155 3704        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:36:37.0199 3704        BITS - ok
20:36:37.0237 3704        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:37.0271 3704        blbdrive - ok
20:36:37.0303 3704        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:36:37.0340 3704        bowser - ok
20:36:37.0362 3704        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:37.0413 3704        BrFiltLo - ok
20:36:37.0437 3704        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:37.0454 3704        BrFiltUp - ok
20:36:37.0484 3704        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:36:37.0522 3704        Browser - ok
20:36:37.0551 3704        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:36:37.0590 3704        Brserid - ok
20:36:37.0608 3704        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:37.0637 3704        BrSerWdm - ok
20:36:37.0660 3704        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:37.0682 3704        BrUsbMdm - ok
20:36:37.0699 3704        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:37.0714 3704        BrUsbSer - ok
20:36:37.0733 3704        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:37.0765 3704        BTHMODEM - ok
20:36:37.0807 3704        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:36:37.0856 3704        bthserv - ok
20:36:37.0909 3704        CamDrL64        (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:36:37.0938 3704        CamDrL64 - ok
20:36:37.0955 3704        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:37.0998 3704        cdfs - ok
20:36:38.0058 3704        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:36:38.0085 3704        cdrom - ok
20:36:38.0114 3704        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:38.0155 3704        CertPropSvc - ok
20:36:38.0179 3704        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:36:38.0200 3704        circlass - ok
20:36:38.0236 3704        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:36:38.0252 3704        CLFS - ok
20:36:38.0304 3704        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:38.0319 3704        clr_optimization_v2.0.50727_32 - ok
20:36:38.0348 3704        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:38.0364 3704        clr_optimization_v2.0.50727_64 - ok
20:36:38.0413 3704        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:38.0422 3704        clr_optimization_v4.0.30319_32 - ok
20:36:38.0450 3704        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:38.0460 3704        clr_optimization_v4.0.30319_64 - ok
20:36:38.0567 3704        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:38.0599 3704        CmBatt - ok
20:36:38.0654 3704        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:36:38.0668 3704        cmdide - ok
20:36:38.0704 3704        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:36:38.0736 3704        CNG - ok
20:36:38.0756 3704        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:38.0770 3704        Compbatt - ok
20:36:38.0807 3704        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:36:38.0837 3704        CompositeBus - ok
20:36:38.0847 3704        COMSysApp - ok
20:36:38.0862 3704        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:38.0876 3704        crcdisk - ok
20:36:38.0903 3704        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:36:38.0929 3704        CryptSvc - ok
20:36:38.0961 3704        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:36:39.0016 3704        CSC - ok
20:36:39.0043 3704        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:36:39.0069 3704        CscService - ok
20:36:39.0098 3704        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:39.0140 3704        DcomLaunch - ok
20:36:39.0185 3704        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:36:39.0229 3704        defragsvc - ok
20:36:39.0285 3704        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:36:39.0337 3704        DfsC - ok
20:36:39.0376 3704        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:36:39.0420 3704        Dhcp - ok
20:36:39.0444 3704        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:36:39.0487 3704        discache - ok
20:36:39.0512 3704        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:36:39.0530 3704        Disk - ok
20:36:39.0551 3704        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:36:39.0585 3704        Dnscache - ok
20:36:39.0623 3704        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:36:39.0675 3704        dot3svc - ok
20:36:39.0698 3704        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:36:39.0740 3704        DPS - ok
20:36:39.0775 3704        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:36:39.0799 3704        drmkaud - ok
20:36:39.0836 3704        dtsoftbus01    (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:36:39.0848 3704        dtsoftbus01 - ok
20:36:39.0887 3704        dwmrcs - ok
20:36:39.0944 3704        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:39.0972 3704        DXGKrnl - ok
20:36:39.0998 3704        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:36:40.0040 3704        EapHost - ok
20:36:40.0146 3704        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:36:40.0274 3704        ebdrv - ok
20:36:40.0344 3704        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:36:40.0366 3704        EFS - ok
20:36:40.0424 3704        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:36:40.0479 3704        ehRecvr - ok
20:36:40.0503 3704        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:36:40.0537 3704        ehSched - ok
20:36:40.0596 3704        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:36:40.0621 3704        elxstor - ok
20:36:40.0648 3704        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:36:40.0672 3704        ErrDev - ok
20:36:40.0866 3704        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:36:40.0908 3704        EventSystem - ok
20:36:40.0931 3704        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:36:40.0981 3704        exfat - ok
20:36:41.0000 3704        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:36:41.0048 3704        fastfat - ok
20:36:41.0100 3704        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:36:41.0130 3704        Fax - ok
20:36:41.0142 3704        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:36:41.0161 3704        fdc - ok
20:36:41.0182 3704        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:36:41.0231 3704        fdPHost - ok
20:36:41.0250 3704        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:36:41.0304 3704        FDResPub - ok
20:36:41.0332 3704        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:36:41.0348 3704        FileInfo - ok
20:36:41.0369 3704        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:36:41.0412 3704        Filetrace - ok
20:36:41.0438 3704        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:41.0460 3704        flpydisk - ok
20:36:41.0493 3704        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:36:41.0517 3704        FltMgr - ok
20:36:41.0579 3704        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:36:41.0618 3704        FontCache - ok
20:36:41.0663 3704        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:41.0677 3704        FontCache3.0.0.0 - ok
20:36:41.0714 3704        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:36:41.0730 3704        FsDepends - ok
20:36:41.0758 3704        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:41.0772 3704        Fs_Rec - ok
20:36:41.0804 3704        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:36:41.0819 3704        fvevol - ok
20:36:41.0842 3704        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:41.0858 3704        gagp30kx - ok
20:36:41.0897 3704        GGSAFERDriver - ok
20:36:41.0931 3704        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:36:41.0996 3704        gpsvc - ok
20:36:42.0015 3704        hamachi        (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:36:42.0028 3704        hamachi - ok
20:36:42.0048 3704        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:36:42.0080 3704        hcw85cir - ok
20:36:42.0122 3704        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:36:42.0160 3704        HdAudAddService - ok
20:36:42.0175 3704        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:36:42.0201 3704        HDAudBus - ok
20:36:42.0219 3704        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:42.0245 3704        HidBatt - ok
20:36:42.0262 3704        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:36:42.0299 3704        HidBth - ok
20:36:42.0313 3704        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:36:42.0339 3704        HidIr - ok
20:36:42.0361 3704        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:36:42.0422 3704        hidserv - ok
20:36:42.0453 3704        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:42.0470 3704        HidUsb - ok
20:36:42.0492 3704        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:36:42.0534 3704        hkmsvc - ok
20:36:42.0575 3704        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:36:42.0612 3704        HomeGroupListener - ok
20:36:42.0638 3704        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:36:42.0661 3704        HomeGroupProvider - ok
20:36:42.0687 3704        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:36:42.0702 3704        HpSAMD - ok
20:36:42.0764 3704        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:36:42.0813 3704        HTTP - ok
20:36:42.0831 3704        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:36:42.0841 3704        hwpolicy - ok
20:36:42.0877 3704        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:36:42.0895 3704        i8042prt - ok
20:36:42.0926 3704        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:36:42.0950 3704        iaStorV - ok
20:36:43.0018 3704        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:43.0064 3704        idsvc - ok
20:36:43.0089 3704        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:36:43.0103 3704        iirsp - ok
20:36:43.0147 3704        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:36:43.0202 3704        IKEEXT - ok
20:36:43.0225 3704        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:36:43.0238 3704        intelide - ok
20:36:43.0262 3704        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:43.0279 3704        intelppm - ok
20:36:43.0300 3704        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:36:43.0337 3704        IPBusEnum - ok
20:36:43.0363 3704        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:43.0400 3704        IpFilterDriver - ok
20:36:43.0440 3704        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:36:43.0478 3704        iphlpsvc - ok
20:36:43.0502 3704        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:36:43.0526 3704        IPMIDRV - ok
20:36:43.0546 3704        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:36:43.0591 3704        IPNAT - ok
20:36:43.0611 3704        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:36:43.0655 3704        IRENUM - ok
20:36:43.0677 3704        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:36:43.0692 3704        isapnp - ok
20:36:43.0718 3704        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:36:43.0740 3704        iScsiPrt - ok
20:36:43.0767 3704        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:36:43.0784 3704        kbdclass - ok
20:36:43.0808 3704        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:36:43.0829 3704        kbdhid - ok
20:36:43.0848 3704        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:43.0860 3704        KeyIso - ok
20:36:43.0878 3704        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:36:43.0895 3704        KSecDD - ok
20:36:43.0926 3704        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:36:43.0944 3704        KSecPkg - ok
20:36:43.0964 3704        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:36:44.0008 3704        ksthunk - ok
20:36:44.0045 3704        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:36:44.0106 3704        KtmRm - ok
20:36:44.0151 3704        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:36:44.0192 3704        LanmanServer - ok
20:36:44.0223 3704        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:36:44.0259 3704        LanmanWorkstation - ok
20:36:44.0307 3704        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:36:44.0321 3704        lirsgt - ok
20:36:44.0347 3704        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:44.0385 3704        lltdio - ok
20:36:44.0415 3704        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:36:44.0462 3704        lltdsvc - ok
20:36:44.0471 3704        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:36:44.0506 3704        lmhosts - ok
20:36:44.0542 3704        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:44.0558 3704        LSI_FC - ok
20:36:44.0575 3704        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:44.0593 3704        LSI_SAS - ok
20:36:44.0607 3704        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:44.0624 3704        LSI_SAS2 - ok
20:36:44.0649 3704        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:44.0666 3704        LSI_SCSI - ok
20:36:44.0692 3704        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:36:44.0723 3704        luafv - ok
20:36:44.0782 3704        LVcKap64        (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:36:44.0820 3704        LVcKap64 - ok
20:36:44.0893 3704        LVMVDrv        (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:36:44.0940 3704        LVMVDrv - ok
20:36:44.0994 3704        LVPr2Mon        (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:36:45.0015 3704        LVPr2Mon - ok
20:36:45.0053 3704        LVPrcS64        (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:36:45.0064 3704        LVPrcS64 - ok
20:36:45.0094 3704        LVSrvLauncher  (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:36:45.0113 3704        LVSrvLauncher - ok
20:36:45.0135 3704        LVUSBS64        (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:36:45.0148 3704        LVUSBS64 - ok
20:36:45.0176 3704        ManyCam        (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:36:45.0208 3704        ManyCam - ok
20:36:45.0257 3704        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:36:45.0274 3704        MBAMProtector - ok
20:36:45.0368 3704        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:36:45.0385 3704        MBAMService - ok
20:36:45.0417 3704        mcdevice        (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:36:45.0440 3704        mcdevice - ok
20:36:45.0466 3704        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:36:45.0495 3704        Mcx2Svc - ok
20:36:45.0544 3704        MDM            (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:36:45.0559 3704        MDM ( UnsignedFile.Multi.Generic ) - warning
20:36:45.0559 3704        MDM - detected UnsignedFile.Multi.Generic (1)
20:36:45.0584 3704        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:36:45.0599 3704        megasas - ok
20:36:45.0626 3704        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:45.0648 3704        MegaSR - ok
20:36:45.0670 3704        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:36:45.0713 3704        MMCSS - ok
20:36:45.0730 3704        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:36:45.0773 3704        Modem - ok
20:36:45.0802 3704        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:36:45.0826 3704        monitor - ok
20:36:45.0879 3704        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:36:45.0894 3704        mouclass - ok
20:36:45.0908 3704        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:45.0922 3704        mouhid - ok
20:36:45.0950 3704        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:36:45.0966 3704        mountmgr - ok
20:36:46.0035 3704        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:46.0058 3704        MozillaMaintenance - ok
20:36:46.0082 3704        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:36:46.0109 3704        mpio - ok
20:36:46.0134 3704        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:36:46.0172 3704        mpsdrv - ok
20:36:46.0217 3704        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:36:46.0269 3704        MpsSvc - ok
20:36:46.0310 3704        MRV6X64U        (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:36:46.0342 3704        MRV6X64U - ok
20:36:46.0351 3704        Mrvleap - ok
20:36:46.0378 3704        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:36:46.0414 3704        MRxDAV - ok
20:36:46.0444 3704        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:46.0467 3704        mrxsmb - ok
20:36:46.0499 3704        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:46.0526 3704        mrxsmb10 - ok
20:36:46.0546 3704        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:46.0563 3704        mrxsmb20 - ok
20:36:46.0592 3704        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:36:46.0606 3704        msahci - ok
20:36:46.0634 3704        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:36:46.0655 3704        msdsm - ok
20:36:46.0684 3704        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:36:46.0707 3704        MSDTC - ok
20:36:46.0737 3704        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:36:46.0770 3704        Msfs - ok
20:36:46.0784 3704        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:36:46.0836 3704        mshidkmdf - ok
20:36:46.0850 3704        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:36:46.0884 3704        msisadrv - ok
20:36:46.0919 3704        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:36:46.0961 3704        MSiSCSI - ok
20:36:46.0970 3704        msiserver - ok
20:36:47.0000 3704        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:47.0036 3704        MSKSSRV - ok
20:36:47.0064 3704        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:47.0107 3704        MSPCLOCK - ok
20:36:47.0123 3704        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:36:47.0167 3704        MSPQM - ok
20:36:47.0199 3704        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:36:47.0221 3704        MsRPC - ok
20:36:47.0249 3704        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:36:47.0259 3704        mssmbios - ok
20:36:47.0280 3704        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:36:47.0322 3704        MSTEE - ok
20:36:47.0335 3704        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:47.0348 3704        MTConfig - ok
20:36:47.0386 3704        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:36:47.0404 3704        MTsensor - ok
20:36:47.0423 3704        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:36:47.0439 3704        Mup - ok
20:36:47.0475 3704        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:36:47.0516 3704        napagent - ok
20:36:47.0541 3704        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:47.0577 3704        NativeWifiP - ok
20:36:47.0623 3704        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:36:47.0647 3704        NDIS - ok
20:36:47.0666 3704        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:47.0701 3704        NdisCap - ok
20:36:47.0729 3704        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:47.0771 3704        NdisTapi - ok
20:36:47.0813 3704        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:47.0852 3704        Ndisuio - ok
20:36:47.0883 3704        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:47.0952 3704        NdisWan - ok
20:36:47.0962 3704        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:36:48.0005 3704        NDProxy - ok
20:36:48.0037 3704        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:36:48.0085 3704        NetBIOS - ok
20:36:48.0106 3704        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:36:48.0145 3704        NetBT - ok
20:36:48.0168 3704        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:48.0179 3704        Netlogon - ok
20:36:48.0224 3704        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:36:48.0260 3704        Netman - ok
20:36:48.0285 3704        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:36:48.0362 3704        netprofm - ok
20:36:48.0422 3704        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:48.0441 3704        NetTcpPortSharing - ok
20:36:48.0481 3704        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:48.0500 3704        nfrd960 - ok
20:36:48.0533 3704        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:36:48.0576 3704        NlaSvc - ok
20:36:48.0596 3704        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:36:48.0637 3704        Npfs - ok
20:36:48.0669 3704        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:36:48.0706 3704        nsi - ok
20:36:48.0723 3704        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:36:48.0766 3704        nsiproxy - ok
20:36:48.0863 3704        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:36:48.0923 3704        Ntfs - ok
20:36:48.0982 3704        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:36:49.0026 3704        Null - ok
20:36:49.0410 3704        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:49.0616 3704        nvlddmkm - ok
20:36:49.0687 3704        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:36:49.0728 3704        nvraid - ok
20:36:49.0816 3704        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:36:49.0835 3704        nvstor - ok
20:36:49.0906 3704        NVSvc          (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:36:49.0935 3704        NVSvc - ok
20:36:50.0065 3704        nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:36:50.0104 3704        nvUpdatusService - ok
20:36:50.0184 3704        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:36:50.0201 3704        nv_agp - ok
20:36:50.0229 3704        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:36:50.0259 3704        ohci1394 - ok
20:36:50.0382 3704        OODefragAgent  (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:36:50.0430 3704        OODefragAgent - ok
20:36:50.0506 3704        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:50.0529 3704        p2pimsvc - ok
20:36:50.0569 3704        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:36:50.0592 3704        p2psvc - ok
20:36:50.0634 3704        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:36:50.0655 3704        Parport - ok
20:36:50.0679 3704        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:36:50.0697 3704        partmgr - ok
20:36:50.0714 3704        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:36:50.0756 3704        PcaSvc - ok
20:36:50.0784 3704        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:36:50.0810 3704        pci - ok
20:36:50.0822 3704        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:36:50.0838 3704        pciide - ok
20:36:50.0864 3704        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:50.0887 3704        pcmcia - ok
20:36:50.0928 3704        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:36:50.0945 3704        pcw - ok
20:36:51.0046 3704        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:36:51.0115 3704        PEAUTH - ok
20:36:51.0298 3704        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:36:51.0361 3704        PeerDistSvc - ok
20:36:51.0411 3704        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:36:51.0432 3704        PerfHost - ok
20:36:51.0531 3704        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:36:51.0609 3704        pla - ok
20:36:51.0641 3704        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:36:51.0671 3704        PlugPlay - ok
20:36:51.0702 3704        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:36:51.0756 3704        PNRPAutoReg - ok
20:36:51.0967 3704        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:51.0986 3704        PNRPsvc - ok
20:36:52.0020 3704        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:36:52.0067 3704        PolicyAgent - ok
20:36:52.0093 3704        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:36:52.0140 3704        Power - ok
20:36:52.0213 3704        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:52.0288 3704        PptpMiniport - ok
20:36:52.0319 3704        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:36:52.0343 3704        Processor - ok
20:36:52.0380 3704        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:36:52.0410 3704        ProfSvc - ok
20:36:52.0430 3704        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:52.0441 3704        ProtectedStorage - ok
20:36:52.0476 3704        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:36:52.0518 3704        Psched - ok
20:36:52.0607 3704        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:36:52.0694 3704        ql2300 - ok
20:36:52.0768 3704        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:36:52.0791 3704        ql40xx - ok
20:36:52.0829 3704        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:36:53.0014 3704        QWAVE - ok
20:36:53.0095 3704        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:36:53.0221 3704        QWAVEdrv - ok
20:36:53.0241 3704        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:53.0280 3704        RasAcd - ok
20:36:53.0313 3704        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:53.0352 3704        RasAgileVpn - ok
20:36:53.0368 3704        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:36:53.0513 3704        RasAuto - ok
20:36:53.0558 3704        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:53.0605 3704        Rasl2tp - ok
20:36:53.0636 3704        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:36:53.0699 3704        RasMan - ok
20:36:53.0765 3704        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:53.0944 3704        RasPppoe - ok
20:36:53.0981 3704        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:54.0097 3704        RasSstp - ok
20:36:54.0126 3704        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:54.0168 3704        rdbss - ok
20:36:54.0181 3704        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:36:54.0200 3704        rdpbus - ok
20:36:54.0211 3704        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:54.0246 3704        RDPCDD - ok
20:36:54.0292 3704        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:36:54.0319 3704        RDPDR - ok
20:36:54.0332 3704        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:36:54.0368 3704        RDPENCDD - ok
20:36:54.0381 3704        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:36:54.0414 3704        RDPREFMP - ok
20:36:54.0464 3704        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:36:54.0512 3704        RdpVideoMiniport - ok
20:36:54.0567 3704        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:36:54.0683 3704        RDPWD - ok
20:36:54.0715 3704        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:36:54.0764 3704        rdyboost - ok
20:36:54.0786 3704        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:36:54.0840 3704        RemoteAccess - ok
20:36:54.0870 3704        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:36:54.0920 3704        RemoteRegistry - ok
20:36:54.0938 3704        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:36:54.0976 3704        RpcEptMapper - ok
20:36:54.0994 3704        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:36:55.0015 3704        RpcLocator - ok
20:36:55.0111 3704        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:55.0160 3704        RpcSs - ok
20:36:55.0186 3704        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:55.0233 3704        rspndr - ok
20:36:55.0275 3704        RTL8167        (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:36:55.0297 3704        RTL8167 - ok
20:36:55.0317 3704        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:36:55.0338 3704        s3cap - ok
20:36:55.0360 3704        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:55.0371 3704        SamSs - ok
20:36:55.0392 3704        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:36:55.0411 3704        sbp2port - ok
20:36:55.0439 3704        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:36:55.0490 3704        SCardSvr - ok
20:36:55.0512 3704        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:36:55.0552 3704        scfilter - ok
20:36:55.0614 3704        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:36:55.0667 3704        Schedule - ok
20:36:55.0687 3704        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:55.0723 3704        SCPolicySvc - ok
20:36:55.0751 3704        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:36:56.0090 3704        SDRSVC - ok
20:36:56.0137 3704        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:36:56.0176 3704        secdrv - ok
20:36:56.0203 3704        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:36:56.0243 3704        seclogon - ok
20:36:56.0272 3704        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:36:56.0327 3704        SENS - ok
20:36:56.0341 3704        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:36:56.0377 3704        SensrSvc - ok
20:36:56.0403 3704        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:36:56.0419 3704        Serenum - ok
20:36:56.0438 3704        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:36:56.0467 3704        Serial - ok
20:36:56.0490 3704        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:36:56.0512 3704        sermouse - ok
20:36:56.0550 3704        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:36:56.0603 3704        SessionEnv - ok
20:36:56.0626 3704        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:36:56.0652 3704        sffdisk - ok
20:36:56.0673 3704        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:56.0701 3704        sffp_mmc - ok
20:36:56.0711 3704        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:36:56.0741 3704        sffp_sd - ok
20:36:56.0776 3704        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:36:56.0794 3704        sfloppy - ok
20:36:56.0836 3704        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:36:56.0893 3704        SharedAccess - ok
20:36:56.0925 3704        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:36:56.0975 3704        ShellHWDetection - ok
20:36:57.0049 3704        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:36:57.0067 3704        SiSRaid2 - ok
20:36:57.0087 3704        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:36:57.0102 3704        SiSRaid4 - ok
20:36:57.0223 3704        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:57.0236 3704        SkypeUpdate - ok
20:36:57.0266 3704        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:36:57.0323 3704        Smb - ok
20:36:57.0395 3704        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:36:57.0530 3704        SNMPTRAP - ok
20:36:57.0561 3704        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:36:57.0589 3704        spldr - ok
20:36:57.0633 3704        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:36:57.0702 3704        Spooler - ok
20:36:57.0869 3704        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:36:58.0033 3704        sppsvc - ok
20:36:58.0126 3704        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:36:58.0260 3704        sppuinotify - ok
20:36:58.0334 3704        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:36:58.0381 3704        sptd - ok
20:36:58.0422 3704        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:36:58.0535 3704        srv - ok
20:36:58.0564 3704        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:36:58.0608 3704        srv2 - ok
20:36:58.0626 3704        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:58.0654 3704        srvnet - ok
20:36:58.0698 3704        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:36:58.0725 3704        ssadbus - ok
20:36:58.0736 3704        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:36:58.0767 3704        ssadmdfl - ok
20:36:58.0787 3704        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:36:59.0124 3704        ssadmdm - ok
20:36:59.0164 3704        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:36:59.0184 3704        sscdbus - ok
20:36:59.0198 3704        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:36:59.0212 3704        sscdmdfl - ok
20:36:59.0258 3704        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:36:59.0323 3704        sscdmdm - ok
20:36:59.0555 3704        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:36:59.0602 3704        SSDPSRV - ok
20:36:59.0627 3704        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:36:59.0677 3704        SstpSvc - ok
20:36:59.0784 3704        Steam Client Service - ok
20:36:59.0956 3704        Stereo Service  (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:36:59.0991 3704        Stereo Service - ok
20:37:00.0013 3704        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:00.0027 3704        stexstor - ok
20:37:00.0085 3704        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:00.0146 3704        stisvc - ok
20:37:00.0176 3704        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:00.0202 3704        storflt - ok
20:37:00.0221 3704        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:00.0238 3704        storvsc - ok
20:37:00.0256 3704        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:00.0269 3704        swenum - ok
20:37:00.0373 3704        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:00.0422 3704        swprv - ok
20:37:00.0446 3704        Synth3dVsc - ok
20:37:00.0550 3704        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:00.0598 3704        SysMain - ok
20:37:00.0689 3704        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:00.0718 3704        TabletInputService - ok
20:37:00.0741 3704        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:00.0793 3704        TapiSrv - ok
20:37:00.0836 3704        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:00.0924 3704        TBS - ok
20:37:01.0034 3704        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:01.0127 3704        Tcpip - ok
20:37:01.0450 3704        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:01.0486 3704        TCPIP6 - ok
20:37:01.0547 3704        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:01.0588 3704        tcpipreg - ok
20:37:01.0608 3704        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:01.0629 3704        TDPIPE - ok
20:37:01.0660 3704        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:01.0723 3704        TDTCP - ok
20:37:01.0749 3704        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:01.0790 3704        tdx - ok
20:37:01.0824 3704        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:01.0839 3704        TermDD - ok
20:37:01.0876 3704        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:01.0925 3704        TermService - ok
20:37:01.0947 3704        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:01.0972 3704        Themes - ok
20:37:01.0994 3704        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:02.0027 3704        THREADORDER - ok
20:37:02.0045 3704        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:02.0097 3704        TrkWks - ok
20:37:02.0149 3704        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:02.0188 3704        TrustedInstaller - ok
20:37:02.0218 3704        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:02.0254 3704        tssecsrv - ok
20:37:02.0291 3704        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:02.0320 3704        TsUsbFlt - ok
20:37:02.0330 3704        tsusbhub - ok
20:37:02.0364 3704        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:02.0407 3704        tunnel - ok
20:37:02.0428 3704        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:02.0444 3704        uagp35 - ok
20:37:02.0477 3704        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:02.0534 3704        udfs - ok
20:37:02.0564 3704        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:02.0595 3704        UI0Detect - ok
20:37:02.0622 3704        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:02.0639 3704        uliagpkx - ok
20:37:02.0671 3704        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:02.0688 3704        umbus - ok
20:37:02.0709 3704        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:02.0726 3704        UmPass - ok
20:37:02.0757 3704        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:02.0783 3704        UmRdpService - ok
20:37:02.0819 3704        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:02.0867 3704        upnphost - ok
20:37:02.0902 3704        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:02.0941 3704        usbaudio - ok
20:37:02.0967 3704        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:03.0005 3704        usbccgp - ok
20:37:03.0028 3704        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:03.0051 3704        usbcir - ok
20:37:03.0068 3704        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:03.0087 3704        usbehci - ok
20:37:03.0119 3704        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:03.0153 3704        usbhub - ok
20:37:03.0171 3704        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:03.0200 3704        usbohci - ok
20:37:03.0233 3704        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:03.0266 3704        usbprint - ok
20:37:03.0316 3704        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:03.0346 3704        usbscan - ok
20:37:03.0385 3704        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:03.0434 3704        USBSTOR - ok
20:37:03.0462 3704        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:03.0491 3704        usbuhci - ok
20:37:03.0522 3704        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:03.0573 3704        UxSms - ok
20:37:03.0594 3704        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:03.0604 3704        VaultSvc - ok
20:37:03.0626 3704        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:03.0656 3704        VClone - ok
20:37:03.0687 3704        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:03.0700 3704        vdrvroot - ok
20:37:03.0738 3704        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:03.0788 3704        vds - ok
20:37:03.0816 3704        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:03.0838 3704        vga - ok
20:37:03.0850 3704        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:03.0887 3704        VgaSave - ok
20:37:03.0901 3704        VGPU - ok
20:37:03.0937 3704        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:03.0960 3704        vhdmp - ok
20:37:04.0039 3704        VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:04.0116 3704        VIAHdAudAddService - ok
20:37:04.0143 3704        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:04.0160 3704        viaide - ok
20:37:04.0182 3704        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:04.0203 3704        vmbus - ok
20:37:04.0225 3704        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:04.0245 3704        VMBusHID - ok
20:37:04.0267 3704        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:04.0283 3704        volmgr - ok
20:37:04.0328 3704        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:04.0343 3704        volmgrx - ok
20:37:04.0500 3704        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:04.0524 3704        volsnap - ok
20:37:04.0568 3704        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:04.0588 3704        vsmraid - ok
20:37:04.0649 3704        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:04.0721 3704        VSS - ok
20:37:04.0783 3704        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:04.0811 3704        vwifibus - ok
20:37:04.0848 3704        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:04.0888 3704        W32Time - ok
20:37:04.0915 3704        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:04.0937 3704        WacomPen - ok
20:37:04.0980 3704        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0021 3704        WANARP - ok
20:37:05.0029 3704        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0060 3704        Wanarpv6 - ok
20:37:05.0121 3704        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:05.0181 3704        wbengine - ok
20:37:05.0258 3704        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:05.0292 3704        WbioSrvc - ok
20:37:05.0323 3704        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:05.0351 3704        wcncsvc - ok
20:37:05.0369 3704        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:05.0390 3704        WcsPlugInService - ok
20:37:05.0437 3704        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:05.0451 3704        Wd - ok
20:37:05.0486 3704        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:05.0516 3704        Wdf01000 - ok
20:37:05.0533 3704        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0603 3704        WdiServiceHost - ok
20:37:05.0610 3704        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0628 3704        WdiSystemHost - ok
20:37:05.0666 3704        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:05.0703 3704        WebClient - ok
20:37:05.0726 3704        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:05.0839 3704        Wecsvc - ok
20:37:05.0857 3704        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:05.0905 3704        wercplsupport - ok
20:37:05.0929 3704        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:05.0973 3704        WerSvc - ok
20:37:06.0025 3704        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:06.0065 3704        WfpLwf - ok
20:37:06.0082 3704        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:06.0098 3704        WIMMount - ok
20:37:06.0121 3704        WinDefend - ok
20:37:06.0128 3704        WinHttpAutoProxySvc - ok
20:37:06.0177 3704        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:06.0213 3704        Winmgmt - ok
20:37:07.0433 3704        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:07.0720 3704        WinRM - ok
20:37:07.0830 3704        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:07.0862 3704        WinUsb - ok
20:37:07.0912 3704        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:07.0945 3704        Wlansvc - ok
20:37:08.0052 3704        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:08.0089 3704        wlidsvc - ok
20:37:08.0166 3704        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:08.0186 3704        WmiAcpi - ok
20:37:08.0271 3704        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0390 3704        wmiApSrv - ok
20:37:08.0436 3704        WMPNetworkSvc - ok
20:37:08.0462 3704        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:08.0510 3704        WPCSvc - ok
20:37:08.0565 3704        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:08.0584 3704        WPDBusEnum - ok
20:37:08.0605 3704        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:08.0690 3704        ws2ifsl - ok
20:37:08.0705 3704        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:08.0734 3704        wscsvc - ok
20:37:08.0742 3704        WSearch - ok
20:37:08.0837 3704        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:08.0880 3704        wuauserv - ok
20:37:09.0265 3704        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:09.0322 3704        WudfPf - ok
20:37:09.0351 3704        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:09.0390 3704        WUDFRd - ok
20:37:09.0417 3704        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:09.0454 3704        wudfsvc - ok
20:37:09.0488 3704        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:09.0523 3704        WwanSvc - ok
20:37:09.0595 3704        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:09.0804 3704        xusb21 - ok
20:37:09.0902 3704        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:10.0255 3704        \Device\Harddisk0\DR0 - ok
20:37:10.0261 3704        Boot (0x1200)  (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:10.0262 3704        \Device\Harddisk0\DR0\Partition0 - ok
20:37:10.0290 3704        Boot (0x1200)  (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:10.0292 3704        \Device\Harddisk0\DR0\Partition1 - ok
20:37:10.0316 3704        Boot (0x1200)  (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:10.0317 3704        \Device\Harddisk0\DR0\Partition2 - ok
20:37:10.0335 3704        Boot (0x1200)  (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:10.0337 3704        \Device\Harddisk0\DR0\Partition3 - ok
20:37:10.0339 3704        ============================================================
20:37:10.0339 3704        Scan finished
20:37:10.0339 3704        ============================================================
20:37:10.0353 3940        Detected object count: 1
20:37:10.0353 3940        Actual detected object count: 1
20:37:17.0556 3940        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:17.0556 3940        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:27.0076 3256        ============================================================
20:37:27.0076 3256        Scan started
20:37:27.0076 3256        Mode: Manual; SigCheck; TDLFS;
20:37:27.0076 3256        ============================================================
20:37:27.0438 3256        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:37:27.0456 3256        1394ohci - ok
20:37:27.0487 3256        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:37:27.0504 3256        ACPI - ok
20:37:27.0531 3256        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:37:27.0543 3256        AcpiPmi - ok
20:37:27.0602 3256        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:27.0611 3256        AdobeARMservice - ok
20:37:27.0682 3256        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:27.0693 3256        AdobeFlashPlayerUpdateSvc - ok
20:37:27.0739 3256        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:37:27.0754 3256        adp94xx - ok
20:37:27.0784 3256        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:37:27.0797 3256        adpahci - ok
20:37:27.0818 3256        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:37:27.0833 3256        adpu320 - ok
20:37:27.0862 3256        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:37:27.0893 3256        AeLookupSvc - ok
20:37:27.0932 3256        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:37:27.0949 3256        AFD - ok
20:37:27.0971 3256        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:37:27.0981 3256        agp440 - ok
20:37:28.0000 3256        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:37:28.0012 3256        ALG - ok
20:37:28.0042 3256        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:37:28.0051 3256        aliide - ok
20:37:28.0067 3256        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:37:28.0079 3256        amdide - ok
20:37:28.0103 3256        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:37:28.0121 3256        AmdK8 - ok
20:37:28.0140 3256        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:37:28.0150 3256        AmdPPM - ok
20:37:28.0165 3256        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:37:28.0175 3256        amdsata - ok
20:37:28.0199 3256        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:37:28.0211 3256        amdsbs - ok
20:37:28.0224 3256        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:37:28.0233 3256        amdxata - ok
20:37:28.0256 3256        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:37:28.0267 3256        androidusb - ok
20:37:28.0330 3256        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:37:28.0340 3256        AntiVirSchedulerService - ok
20:37:28.0368 3256        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:37:28.0377 3256        AntiVirService - ok
20:37:28.0404 3256        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:37:28.0433 3256        AppID - ok
20:37:28.0454 3256        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:37:28.0488 3256        AppIDSvc - ok
20:37:28.0513 3256        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:37:28.0545 3256        Appinfo - ok
20:37:28.0576 3256        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:37:28.0587 3256        AppMgmt - ok
20:37:28.0614 3256        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:37:28.0625 3256        arc - ok
20:37:28.0642 3256        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:37:28.0652 3256        arcsas - ok
20:37:28.0667 3256        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:28.0699 3256        AsyncMac - ok
20:37:28.0724 3256        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:37:28.0733 3256        atapi - ok
20:37:28.0764 3256        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:37:28.0776 3256        atksgt - ok
20:37:28.0820 3256        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0855 3256        AudioEndpointBuilder - ok
20:37:28.0866 3256        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0906 3256        AudioSrv - ok
20:37:28.0922 3256        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:37:28.0932 3256        avgntflt - ok
20:37:28.0950 3256        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:37:28.0961 3256        avipbb - ok
20:37:28.0970 3256        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:37:28.0979 3256        avkmgr - ok
20:37:29.0000 3256        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:37:29.0015 3256        AxInstSV - ok
20:37:29.0051 3256        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:37:29.0067 3256        b06bdrv - ok
20:37:29.0095 3256        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:37:29.0108 3256        b57nd60a - ok
20:37:29.0131 3256        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:37:29.0143 3256        BDESVC - ok
20:37:29.0156 3256        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:37:29.0189 3256        Beep - ok
20:37:29.0231 3256        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:37:29.0268 3256        BFE - ok
20:37:29.0310 3256        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:37:29.0354 3256        BITS - ok
20:37:29.0388 3256        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:37:29.0399 3256        blbdrive - ok
20:37:29.0422 3256        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:37:29.0435 3256        bowser - ok
20:37:29.0456 3256        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:37:29.0469 3256        BrFiltLo - ok
20:37:29.0480 3256        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:37:29.0493 3256        BrFiltUp - ok
20:37:29.0519 3256        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:37:29.0548 3256        Browser - ok
20:37:29.0569 3256        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:37:29.0585 3256        Brserid - ok
20:37:29.0601 3256        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:37:29.0614 3256        BrSerWdm - ok
20:37:29.0629 3256        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:37:29.0641 3256        BrUsbMdm - ok
20:37:29.0660 3256        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:37:29.0669 3256        BrUsbSer - ok
20:37:29.0685 3256        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:37:29.0698 3256        BTHMODEM - ok
20:37:29.0726 3256        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:37:29.0758 3256        bthserv - ok
20:37:29.0802 3256        CamDrL64        (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:37:29.0822 3256        CamDrL64 - ok
20:37:29.0840 3256        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:37:29.0871 3256        cdfs - ok
20:37:29.0894 3256        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:37:29.0905 3256        cdrom - ok
20:37:29.0924 3256        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:29.0954 3256        CertPropSvc - ok
20:37:29.0973 3256        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:37:29.0988 3256        circlass - ok
20:37:30.0012 3256        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:37:30.0027 3256        CLFS - ok
20:37:30.0072 3256        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:30.0085 3256        clr_optimization_v2.0.50727_32 - ok
20:37:30.0134 3256        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:37:30.0143 3256        clr_optimization_v2.0.50727_64 - ok
20:37:30.0186 3256        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:30.0197 3256        clr_optimization_v4.0.30319_32 - ok
20:37:30.0219 3256        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:37:30.0228 3256        clr_optimization_v4.0.30319_64 - ok
20:37:30.0253 3256        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:37:30.0263 3256        CmBatt - ok
20:37:30.0305 3256        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:37:30.0315 3256        cmdide - ok
20:37:30.0495 3256        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:37:30.0515 3256        CNG - ok
20:37:30.0534 3256        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:37:30.0543 3256        Compbatt - ok
20:37:30.0567 3256        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:37:30.0583 3256        CompositeBus - ok
20:37:30.0591 3256        COMSysApp - ok
20:37:30.0605 3256        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:37:30.0616 3256        crcdisk - ok
20:37:30.0648 3256        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:37:30.0659 3256        CryptSvc - ok
20:37:30.0688 3256        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:37:30.0704 3256        CSC - ok
20:37:30.0745 3256        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:37:30.0766 3256        CscService - ok
20:37:30.0799 3256        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:30.0840 3256        DcomLaunch - ok
20:37:30.0870 3256        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:37:30.0904 3256        defragsvc - ok
20:37:30.0943 3256        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:37:30.0972 3256        DfsC - ok
20:37:30.0994 3256        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:37:31.0026 3256        Dhcp - ok
20:37:31.0053 3256        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:37:31.0089 3256        discache - ok
20:37:31.0101 3256        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:37:31.0112 3256        Disk - ok
20:37:31.0153 3256        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:37:31.0164 3256        Dnscache - ok
20:37:31.0192 3256        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:37:31.0223 3256        dot3svc - ok
20:37:31.0242 3256        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:37:31.0273 3256        DPS - ok
20:37:31.0295 3256        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:37:31.0306 3256        drmkaud - ok
20:37:31.0334 3256        dtsoftbus01    (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:37:31.0349 3256        dtsoftbus01 - ok
20:37:31.0373 3256        dwmrcs - ok
20:37:31.0422 3256        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:37:31.0444 3256        DXGKrnl - ok
20:37:31.0475 3256        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:37:31.0506 3256        EapHost - ok
20:37:31.0619 3256        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:37:31.0660 3256        ebdrv - ok
20:37:31.0763 3256        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:37:31.0773 3256        EFS - ok
20:37:31.0837 3256        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:37:31.0854 3256        ehRecvr - ok
20:37:31.0881 3256        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:37:31.0892 3256        ehSched - ok
20:37:31.0932 3256        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:37:31.0948 3256        elxstor - ok
20:37:31.0976 3256        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:37:31.0986 3256        ErrDev - ok
20:37:32.0020 3256        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:37:32.0056 3256        EventSystem - ok
20:37:32.0075 3256        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:37:32.0111 3256        exfat - ok
20:37:32.0128 3256        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:37:32.0159 3256        fastfat - ok
20:37:32.0201 3256        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:37:32.0218 3256        Fax - ok
20:37:32.0237 3256        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:37:32.0247 3256        fdc - ok
20:37:32.0260 3256        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:37:32.0291 3256        fdPHost - ok
20:37:32.0311 3256        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:37:32.0345 3256        FDResPub - ok
20:37:32.0356 3256        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:37:32.0366 3256        FileInfo - ok
20:37:32.0388 3256        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:37:32.0418 3256        Filetrace - ok
20:37:32.0433 3256        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:32.0443 3256        flpydisk - ok
20:37:32.0471 3256        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:37:32.0484 3256        FltMgr - ok
20:37:32.0537 3256        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:37:32.0558 3256        FontCache - ok
20:37:32.0608 3256        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:37:32.0616 3256        FontCache3.0.0.0 - ok
20:37:32.0651 3256        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:37:32.0660 3256        FsDepends - ok
20:37:32.0686 3256        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:37:32.0695 3256        Fs_Rec - ok
20:37:32.0714 3256        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:37:32.0728 3256        fvevol - ok
20:37:32.0745 3256        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:37:32.0755 3256        gagp30kx - ok
20:37:32.0784 3256        GGSAFERDriver - ok
20:37:32.0819 3256        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:37:32.0859 3256        gpsvc - ok
20:37:32.0877 3256        hamachi        (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:37:32.0886 3256        hamachi - ok
20:37:32.0901 3256        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:37:32.0911 3256        hcw85cir - ok
20:37:32.0950 3256        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:37:32.0965 3256        HdAudAddService - ok
20:37:32.0987 3256        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:37:33.0001 3256        HDAudBus - ok
20:37:33.0014 3256        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:37:33.0024 3256        HidBatt - ok
20:37:33.0040 3256        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:37:33.0053 3256        HidBth - ok
20:37:33.0067 3256        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:37:33.0079 3256        HidIr - ok
20:37:33.0106 3256        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:37:33.0137 3256        hidserv - ok
20:37:33.0157 3256        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:37:33.0167 3256        HidUsb - ok
20:37:33.0187 3256        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:37:33.0218 3256        hkmsvc - ok
20:37:33.0254 3256        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:37:33.0266 3256        HomeGroupListener - ok
20:37:33.0291 3256        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:37:33.0304 3256        HomeGroupProvider - ok
20:37:33.0323 3256        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:37:33.0333 3256        HpSAMD - ok
20:37:33.0383 3256        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:37:33.0420 3256        HTTP - ok
20:37:33.0436 3256        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:37:33.0445 3256        hwpolicy - ok
20:37:33.0472 3256        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:37:33.0486 3256        i8042prt - ok
20:37:33.0521 3256        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:37:33.0535 3256        iaStorV - ok
20:37:33.0609 3256        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:37:33.0629 3256        idsvc - ok
20:37:33.0650 3256        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:37:33.0660 3256        iirsp - ok
20:37:33.0710 3256        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:37:33.0747 3256        IKEEXT - ok
20:37:33.0770 3256        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:37:33.0779 3256        intelide - ok
20:37:33.0799 3256        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:37:33.0810 3256        intelppm - ok
20:37:33.0829 3256        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:37:33.0866 3256        IPBusEnum - ok
20:37:33.0891 3256        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:37:33.0920 3256        IpFilterDriver - ok
20:37:33.0953 3256        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:37:34.0013 3256        iphlpsvc - ok
20:37:34.0039 3256        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:37:34.0067 3256        IPMIDRV - ok
20:37:34.0083 3256        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:37:34.0146 3256        IPNAT - ok
20:37:34.0164 3256        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:37:34.0180 3256        IRENUM - ok
20:37:34.0206 3256        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:37:34.0215 3256        isapnp - ok
20:37:34.0247 3256        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:37:34.0260 3256        iScsiPrt - ok
20:37:34.0279 3256        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:37:34.0289 3256        kbdclass - ok
20:37:34.0312 3256        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:37:34.0322 3256        kbdhid - ok
20:37:34.0343 3256        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:34.0354 3256        KeyIso - ok
20:37:34.0374 3256        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:37:34.0385 3256        KSecDD - ok
20:37:34.0413 3256        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:37:34.0425 3256        KSecPkg - ok
20:37:34.0443 3256        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:37:34.0473 3256        ksthunk - ok
20:37:34.0509 3256        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:37:34.0543 3256        KtmRm - ok
20:37:34.0572 3256        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:37:34.0608 3256        LanmanServer - ok
20:37:34.0640 3256        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:37:34.0681 3256        LanmanWorkstation - ok
20:37:34.0711 3256        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:37:34.0719 3256        lirsgt - ok
20:37:34.0734 3256        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:37:34.0764 3256        lltdio - ok
20:37:34.0794 3256        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:37:34.0827 3256        lltdsvc - ok
20:37:34.0834 3256        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:37:34.0869 3256        lmhosts - ok
20:37:34.0902 3256        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:37:34.0912 3256        LSI_FC - ok
20:37:34.0928 3256        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:37:34.0939 3256        LSI_SAS - ok
20:37:34.0952 3256        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:37:34.0962 3256        LSI_SAS2 - ok
20:37:34.0978 3256        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:37:34.0988 3256        LSI_SCSI - ok
20:37:35.0012 3256        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:37:35.0046 3256        luafv - ok
20:37:35.0106 3256        LVcKap64        (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:37:35.0128 3256        LVcKap64 - ok
20:37:35.0206 3256        LVMVDrv        (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:37:35.0242 3256        LVMVDrv - ok
20:37:35.0298 3256        LVPr2Mon        (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:37:35.0307 3256        LVPr2Mon - ok
20:37:35.0343 3256        LVPrcS64        (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:37:35.0353 3256        LVPrcS64 - ok
20:37:35.0373 3256        LVSrvLauncher  (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:37:35.0383 3256        LVSrvLauncher - ok
20:37:35.0397 3256        LVUSBS64        (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:37:35.0406 3256        LVUSBS64 - ok
20:37:35.0421 3256        ManyCam        (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:37:35.0432 3256        ManyCam - ok
20:37:35.0452 3256        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:37:35.0462 3256        MBAMProtector - ok
20:37:35.0531 3256        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:35.0546 3256        MBAMService - ok
20:37:35.0585 3256        mcdevice        (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:37:35.0601 3256        mcdevice - ok
20:37:35.0634 3256        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:37:35.0648 3256        Mcx2Svc - ok
20:37:35.0677 3256        MDM            (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:37:35.0684 3256        MDM ( UnsignedFile.Multi.Generic ) - warning
20:37:35.0684 3256        MDM - detected UnsignedFile.Multi.Generic (1)
20:37:35.0705 3256        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:37:35.0714 3256        megasas - ok
20:37:35.0736 3256        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:37:35.0749 3256        MegaSR - ok
20:37:35.0790 3256        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:35.0821 3256        MMCSS - ok
20:37:35.0835 3256        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:37:35.0868 3256        Modem - ok
20:37:35.0889 3256        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:37:35.0907 3256        monitor - ok
20:37:35.0934 3256        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:37:35.0944 3256        mouclass - ok
20:37:35.0963 3256        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:37:35.0973 3256        mouhid - ok
20:37:35.0997 3256        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:37:36.0009 3256        mountmgr - ok
20:37:36.0040 3256        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:37:36.0050 3256        MozillaMaintenance - ok
20:37:36.0079 3256        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:37:36.0093 3256        mpio - ok
20:37:36.0114 3256        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:37:36.0145 3256        mpsdrv - ok
20:37:36.0188 3256        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:37:36.0225 3256        MpsSvc - ok
20:37:36.0256 3256        MRV6X64U        (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:37:36.0268 3256        MRV6X64U - ok
20:37:36.0274 3256        Mrvleap - ok
20:37:36.0308 3256        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:37:36.0326 3256        MRxDAV - ok
20:37:36.0358 3256        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:37:36.0370 3256        mrxsmb - ok
20:37:36.0404 3256        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:37:36.0417 3256        mrxsmb10 - ok
20:37:36.0428 3256        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:37:36.0440 3256        mrxsmb20 - ok
20:37:36.0464 3256        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:37:36.0474 3256        msahci - ok
20:37:36.0498 3256        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:37:36.0509 3256        msdsm - ok
20:37:36.0540 3256        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:37:36.0552 3256        MSDTC - ok
20:37:36.0576 3256        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:37:36.0609 3256        Msfs - ok
20:37:36.0623 3256        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:37:36.0654 3256        mshidkmdf - ok
20:37:36.0688 3256        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:37:36.0698 3256        msisadrv - ok
20:37:36.0724 3256        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:37:36.0757 3256        MSiSCSI - ok
20:37:36.0763 3256        msiserver - ok
20:37:36.0780 3256        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:37:36.0810 3256        MSKSSRV - ok
20:37:36.0827 3256        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:36.0860 3256        MSPCLOCK - ok
20:37:36.0870 3256        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:37:36.0903 3256        MSPQM - ok
20:37:36.0939 3256        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:37:36.0953 3256        MsRPC - ok
20:37:36.0972 3256        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:37:36.0981 3256        mssmbios - ok
20:37:37.0003 3256        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:37:37.0035 3256        MSTEE - ok
20:37:37.0048 3256        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:37:37.0059 3256        MTConfig - ok
20:37:37.0083 3256        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:37:37.0095 3256        MTsensor - ok
20:37:37.0106 3256        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:37:37.0116 3256        Mup - ok
20:37:37.0149 3256        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:37:37.0183 3256        napagent - ok
20:37:37.0205 3256        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:37:37.0223 3256        NativeWifiP - ok
20:37:37.0260 3256        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:37:37.0281 3256        NDIS - ok
20:37:37.0296 3256        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:37:37.0327 3256        NdisCap - ok
20:37:37.0336 3256        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:37.0370 3256        NdisTapi - ok
20:37:37.0390 3256        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:37.0421 3256        Ndisuio - ok
20:37:37.0447 3256        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:37.0477 3256        NdisWan - ok
20:37:37.0487 3256        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:37:37.0518 3256        NDProxy - ok
20:37:37.0535 3256        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:37:37.0568 3256        NetBIOS - ok
20:37:37.0586 3256        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:37:37.0621 3256        NetBT - ok
20:37:37.0649 3256        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:37.0659 3256        Netlogon - ok
20:37:37.0688 3256        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:37:37.0722 3256        Netman - ok
20:37:37.0773 3256        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:37:37.0807 3256        netprofm - ok
20:37:37.0866 3256        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:37.0876 3256        NetTcpPortSharing - ok
20:37:37.0895 3256        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:37:37.0905 3256        nfrd960 - ok
20:37:37.0939 3256        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:37:37.0971 3256        NlaSvc - ok
20:37:37.0985 3256        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:37:38.0015 3256        Npfs - ok
20:37:38.0030 3256        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:37:38.0060 3256        nsi - ok
20:37:38.0078 3256        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:37:38.0111 3256        nsiproxy - ok
20:37:38.0197 3256        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:37:38.0227 3256        Ntfs - ok
20:37:38.0288 3256        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:37:38.0318 3256        Null - ok
20:37:38.0683 3256        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:38.0863 3256        nvlddmkm - ok
20:37:38.0927 3256        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:37:38.0937 3256        nvraid - ok
20:37:38.0957 3256        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:37:38.0969 3256        nvstor - ok
20:37:39.0019 3256        NVSvc          (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:37:39.0040 3256        NVSvc - ok
20:37:39.0151 3256        nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:37:39.0187 3256        nvUpdatusService - ok
20:37:39.0265 3256        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:37:39.0276 3256        nv_agp - ok
20:37:39.0302 3256        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:37:39.0313 3256        ohci1394 - ok
20:37:39.0428 3256        OODefragAgent  (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:37:39.0473 3256        OODefragAgent - ok
20:37:39.0571 3256        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:39.0585 3256        p2pimsvc - ok
20:37:39.0616 3256        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:37:39.0631 3256        p2psvc - ok
20:37:39.0657 3256        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:37:39.0669 3256        Parport - ok
20:37:39.0693 3256        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:37:39.0703 3256        partmgr - ok
20:37:39.0720 3256        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:37:39.0737 3256        PcaSvc - ok
20:37:39.0759 3256        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:37:39.0771 3256        pci - ok
20:37:39.0781 3256        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:37:39.0791 3256        pciide - ok
20:37:39.0811 3256        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:39.0823 3256        pcmcia - ok
20:37:39.0834 3256        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:37:39.0847 3256        pcw - ok
20:37:39.0875 3256        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:37:39.0915 3256        PEAUTH - ok
20:37:39.0973 3256        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:37:39.0999 3256        PeerDistSvc - ok
20:37:40.0051 3256        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:37:40.0063 3256        PerfHost - ok
20:37:40.0165 3256        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:37:40.0207 3256        pla - ok
20:37:40.0247 3256        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:37:40.0262 3256        PlugPlay - ok
20:37:40.0283 3256        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:37:40.0293 3256        PNRPAutoReg - ok
20:37:40.0320 3256        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:40.0333 3256        PNRPsvc - ok
20:37:40.0363 3256        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:37:40.0399 3256        PolicyAgent - ok
20:37:40.0423 3256        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:37:40.0461 3256        Power - ok
20:37:40.0504 3256        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:37:40.0534 3256        PptpMiniport - ok
20:37:40.0551 3256        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:37:40.0561 3256        Processor - ok
20:37:40.0597 3256        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:37:40.0614 3256        ProfSvc - ok
20:37:40.0637 3256        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:40.0648 3256        ProtectedStorage - ok
20:37:40.0666 3256        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:37:40.0696 3256        Psched - ok
20:37:40.0759 3256        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:37:40.0787 3256        ql2300 - ok
20:37:40.0851 3256        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:40.0865 3256        ql40xx - ok
20:37:40.0895 3256        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:37:40.0913 3256        QWAVE - ok
20:37:40.0927 3256        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:37:40.0942 3256        QWAVEdrv - ok
20:37:40.0955 3256        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:37:40.0989 3256        RasAcd - ok
20:37:41.0021 3256        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:41.0051 3256        RasAgileVpn - ok
20:37:41.0076 3256        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:37:41.0110 3256        RasAuto - ok
20:37:41.0127 3256        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:41.0157 3256        Rasl2tp - ok
20:37:41.0186 3256        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:37:41.0218 3256        RasMan - ok
20:37:41.0232 3256        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:41.0265 3256        RasPppoe - ok
20:37:41.0277 3256        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:37:41.0308 3256        RasSstp - ok
20:37:41.0324 3256        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:37:41.0358 3256        rdbss - ok
20:37:41.0369 3256        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:41.0383 3256        rdpbus - ok
20:37:41.0395 3256        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:41.0425 3256        RDPCDD - ok
20:37:41.0451 3256        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:37:41.0462 3256        RDPDR - ok
20:37:41.0470 3256        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:37:41.0500 3256        RDPENCDD - ok
20:37:41.0507 3256        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:37:41.0540 3256        RDPREFMP - ok
20:37:41.0581 3256        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:37:41.0591 3256        RdpVideoMiniport - ok
20:37:41.0627 3256        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:37:41.0639 3256        RDPWD - ok
20:37:41.0665 3256        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:37:41.0677 3256        rdyboost - ok
20:37:41.0703 3256        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:37:41.0735 3256        RemoteAccess - ok
20:37:41.0763 3256        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:37:41.0795 3256        RemoteRegistry - ok
20:37:41.0813 3256        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:37:41.0845 3256        RpcEptMapper - ok
20:37:41.0861 3256        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:37:41.0876 3256        RpcLocator - ok
20:37:41.0905 3256        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:41.0943 3256        RpcSs - ok
20:37:41.0970 3256        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:37:42.0001 3256        rspndr - ok
20:37:42.0033 3256        RTL8167        (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:37:42.0046 3256        RTL8167 - ok
20:37:42.0076 3256        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:37:42.0087 3256        s3cap - ok
20:37:42.0111 3256        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:42.0122 3256        SamSs - ok
20:37:42.0143 3256        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:37:42.0153 3256        sbp2port - ok
20:37:42.0180 3256        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:37:42.0214 3256        SCardSvr - ok
20:37:42.0237 3256        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:37:42.0266 3256        scfilter - ok
20:37:42.0320 3256        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:37:42.0363 3256        Schedule - ok
20:37:42.0386 3256        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:42.0415 3256        SCPolicySvc - ok
20:37:42.0435 3256        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:37:42.0447 3256        SDRSVC - ok
20:37:42.0488 3256        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:37:42.0518 3256        secdrv - ok
20:37:42.0545 3256        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:37:42.0576 3256        seclogon - ok
20:37:42.0607 3256        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:37:42.0640 3256        SENS - ok
20:37:42.0659 3256        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:37:42.0672 3256        SensrSvc - ok
20:37:42.0687 3256        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:37:42.0697 3256        Serenum - ok
20:37:42.0714 3256        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:37:42.0725 3256        Serial - ok
20:37:42.0750 3256        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:37:42.0760 3256        sermouse - ok
20:37:42.0802 3256        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:37:42.0832 3256        SessionEnv - ok
20:37:42.0851 3256        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:37:42.0866 3256        sffdisk - ok
20:37:42.0881 3256        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:37:42.0894 3256        sffp_mmc - ok
20:37:42.0911 3256        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:37:42.0923 3256        sffp_sd - ok
20:37:42.0942 3256        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:42.0953 3256        sfloppy - ok
20:37:42.0986 3256        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:37:43.0021 3256        SharedAccess - ok
20:37:43.0056 3256        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:37:43.0088 3256        ShellHWDetection - ok
20:37:43.0107 3256        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:43.0116 3256        SiSRaid2 - ok
20:37:43.0137 3256        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:43.0146 3256        SiSRaid4 - ok
20:37:43.0199 3256        SkypeUpdate    (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:37:43.0209 3256        SkypeUpdate - ok
20:37:43.0225 3256        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:37:43.0255 3256        Smb - ok
20:37:43.0282 3256        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:37:43.0293 3256        SNMPTRAP - ok
20:37:43.0309 3256        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:37:43.0319 3256        spldr - ok
20:37:43.0356 3256        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:37:43.0391 3256        Spooler - ok
20:37:43.0507 3256        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:37:43.0571 3256        sppsvc - ok
20:37:43.0651 3256        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:37:43.0685 3256        sppuinotify - ok
20:37:43.0740 3256        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:37:43.0759 3256        sptd - ok
20:37:43.0793 3256        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:37:43.0807 3256        srv - ok
20:37:43.0838 3256        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:37:43.0856 3256        srv2 - ok
20:37:43.0877 3256        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:37:43.0889 3256        srvnet - ok
20:37:43.0917 3256        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:37:43.0931 3256        ssadbus - ok
20:37:43.0940 3256        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:37:43.0950 3256        ssadmdfl - ok
20:37:43.0964 3256        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:37:43.0981 3256        ssadmdm - ok
20:37:44.0005 3256        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:37:44.0017 3256        sscdbus - ok
20:37:44.0032 3256        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:37:44.0040 3256        sscdmdfl - ok
20:37:44.0071 3256        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:37:44.0081 3256        sscdmdm - ok
20:37:44.0114 3256        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:37:44.0147 3256        SSDPSRV - ok
20:37:44.0162 3256        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:37:44.0196 3256        SstpSvc - ok
20:37:44.0233 3256        Steam Client Service - ok
20:37:44.0279 3256        Stereo Service  (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:37:44.0293 3256        Stereo Service - ok
20:37:44.0315 3256        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:44.0325 3256        stexstor - ok
20:37:44.0364 3256        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:44.0386 3256        stisvc - ok
20:37:44.0412 3256        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:44.0422 3256        storflt - ok
20:37:44.0438 3256        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:44.0448 3256        storvsc - ok
20:37:44.0475 3256        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:44.0484 3256        swenum - ok
20:37:44.0518 3256        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:44.0553 3256        swprv - ok
20:37:44.0562 3256        Synth3dVsc - ok
20:37:44.0635 3256        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:44.0668 3256        SysMain - ok
20:37:44.0734 3256        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:44.0750 3256        TabletInputService - ok
20:37:44.0777 3256        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:44.0810 3256        TapiSrv - ok
20:37:44.0830 3256        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:44.0867 3256        TBS - ok
20:37:44.0941 3256        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:44.0974 3256        Tcpip - ok
20:37:45.0066 3256        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:45.0098 3256        TCPIP6 - ok
20:37:45.0158 3256        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:45.0189 3256        tcpipreg - ok
20:37:45.0219 3256        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:45.0229 3256        TDPIPE - ok
20:37:45.0255 3256        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:45.0264 3256        TDTCP - ok
20:37:45.0293 3256        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:45.0323 3256        tdx - ok
20:37:45.0345 3256        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:45.0355 3256        TermDD - ok
20:37:45.0387 3256        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:45.0423 3256        TermService - ok
20:37:45.0441 3256        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:45.0457 3256        Themes - ok
20:37:45.0480 3256        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:45.0512 3256        THREADORDER - ok
20:37:45.0533 3256        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:45.0567 3256        TrkWks - ok
20:37:45.0610 3256        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:45.0641 3256        TrustedInstaller - ok
20:37:45.0680 3256        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:45.0709 3256        tssecsrv - ok
20:37:45.0728 3256        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:45.0738 3256        TsUsbFlt - ok
20:37:45.0747 3256        tsusbhub - ok
20:37:45.0767 3256        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:45.0798 3256        tunnel - ok
20:37:45.0824 3256        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:45.0834 3256        uagp35 - ok
20:37:45.0866 3256        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:45.0898 3256        udfs - ok
20:37:45.0934 3256        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:45.0946 3256        UI0Detect - ok
20:37:45.0967 3256        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:45.0977 3256        uliagpkx - ok
20:37:45.0999 3256        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:46.0010 3256        umbus - ok
20:37:46.0030 3256        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:46.0040 3256        UmPass - ok
20:37:46.0068 3256        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:46.0082 3256        UmRdpService - ok
20:37:46.0117 3256        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:46.0151 3256        upnphost - ok
20:37:46.0180 3256        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:46.0193 3256        usbaudio - ok
20:37:46.0220 3256        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:46.0231 3256        usbccgp - ok
20:37:46.0257 3256        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:46.0271 3256        usbcir - ok
20:37:46.0288 3256        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:46.0298 3256        usbehci - ok
20:37:46.0323 3256        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:46.0336 3256        usbhub - ok
20:37:46.0349 3256        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:46.0362 3256        usbohci - ok
20:37:46.0378 3256        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:46.0390 3256        usbprint - ok
20:37:46.0413 3256        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:46.0428 3256        usbscan - ok
20:37:46.0450 3256        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:46.0461 3256        USBSTOR - ok
20:37:46.0481 3256        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:46.0491 3256        usbuhci - ok
20:37:46.0517 3256        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:46.0552 3256        UxSms - ok
20:37:46.0572 3256        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:46.0583 3256        VaultSvc - ok
20:37:46.0605 3256        VClone          (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:46.0619 3256        VClone - ok
20:37:46.0641 3256        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:46.0650 3256        vdrvroot - ok
20:37:46.0684 3256        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:46.0720 3256        vds - ok
20:37:46.0736 3256        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:46.0749 3256        vga - ok
20:37:46.0771 3256        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:46.0801 3256        VgaSave - ok
20:37:46.0809 3256        VGPU - ok
20:37:46.0840 3256        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:46.0853 3256        vhdmp - ok
20:37:46.0916 3256        VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:46.0940 3256        VIAHdAudAddService - ok
20:37:46.0962 3256        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:46.0972 3256        viaide - ok
20:37:46.0994 3256        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:47.0006 3256        vmbus - ok
20:37:47.0019 3256        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:47.0029 3256        VMBusHID - ok
20:37:47.0047 3256        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:47.0057 3256        volmgr - ok
20:37:47.0100 3256        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:47.0117 3256        volmgrx - ok
20:37:47.0139 3256        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:47.0152 3256        volsnap - ok
20:37:47.0180 3256        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:47.0193 3256        vsmraid - ok
20:37:47.0252 3256        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:47.0297 3256        VSS - ok
20:37:47.0363 3256        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:47.0376 3256        vwifibus - ok
20:37:47.0411 3256        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:47.0445 3256        W32Time - ok
20:37:47.0461 3256        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:47.0473 3256        WacomPen - ok
20:37:47.0501 3256        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0530 3256        WANARP - ok
20:37:47.0537 3256        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0570 3256        Wanarpv6 - ok
20:37:47.0638 3256        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:47.0665 3256        wbengine - ok
20:37:47.0729 3256        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:47.0748 3256        WbioSrvc - ok
20:37:47.0780 3256        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:47.0799 3256        wcncsvc - ok
20:37:47.0815 3256        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:47.0827 3256        WcsPlugInService - ok
20:37:47.0861 3256        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:47.0870 3256        Wd - ok
20:37:47.0907 3256        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:47.0925 3256        Wdf01000 - ok
20:37:47.0945 3256        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0961 3256        WdiServiceHost - ok
20:37:47.0968 3256        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0984 3256        WdiSystemHost - ok
20:37:48.0020 3256        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:48.0039 3256        WebClient - ok
20:37:48.0063 3256        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:48.0097 3256        Wecsvc - ok
20:37:48.0113 3256        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:48.0145 3256        wercplsupport - ok
20:37:48.0158 3256        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:48.0191 3256        WerSvc - ok
20:37:48.0221 3256        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:48.0254 3256        WfpLwf - ok
20:37:48.0270 3256        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:48.0280 3256        WIMMount - ok
20:37:48.0309 3256        WinDefend - ok
20:37:48.0320 3256        WinHttpAutoProxySvc - ok
20:37:48.0367 3256        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:48.0399 3256        Winmgmt - ok
20:37:48.0472 3256        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:48.0521 3256        WinRM - ok
20:37:48.0603 3256        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:48.0618 3256        WinUsb - ok
20:37:48.0665 3256        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:48.0688 3256        Wlansvc - ok
20:37:48.0788 3256        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:48.0825 3256        wlidsvc - ok
20:37:48.0872 3256        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:48.0882 3256        WmiAcpi - ok
20:37:48.0935 3256        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:48.0947 3256        wmiApSrv - ok
20:37:48.0992 3256        WMPNetworkSvc - ok
20:37:49.0018 3256        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:49.0029 3256        WPCSvc - ok
20:37:49.0052 3256        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:49.0065 3256        WPDBusEnum - ok
20:37:49.0086 3256        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:49.0121 3256        ws2ifsl - ok
20:37:49.0137 3256        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:49.0154 3256        wscsvc - ok
20:37:49.0163 3256        WSearch - ok
20:37:49.0248 3256        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:49.0288 3256        wuauserv - ok
20:37:49.0358 3256        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:49.0394 3256        WudfPf - ok
20:37:49.0416 3256        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:49.0446 3256        WUDFRd - ok
20:37:49.0465 3256        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:49.0496 3256        wudfsvc - ok
20:37:49.0520 3256        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:49.0539 3256        WwanSvc - ok
20:37:49.0575 3256        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:49.0585 3256        xusb21 - ok
20:37:49.0642 3256        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:50.0004 3256        \Device\Harddisk0\DR0 - ok
20:37:50.0032 3256        Boot (0x1200)  (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:50.0034 3256        \Device\Harddisk0\DR0\Partition0 - ok
20:37:50.0048 3256        Boot (0x1200)  (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:50.0049 3256        \Device\Harddisk0\DR0\Partition1 - ok
20:37:50.0073 3256        Boot (0x1200)  (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:50.0074 3256        \Device\Harddisk0\DR0\Partition2 - ok
20:37:50.0085 3256        Boot (0x1200)  (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:50.0086 3256        \Device\Harddisk0\DR0\Partition3 - ok
20:37:50.0089 3256        ============================================================
20:37:50.0089 3256        Scan finished
20:37:50.0089 3256        ============================================================
20:37:50.0096 2804        Detected object count: 1
20:37:50.0096 2804        Actual detected object count: 1
20:37:59.0593 2804        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0593 2804        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 21.06.2012 19:54
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

boreal99 22.06.2012 07:43
Combofix Logfile:
Code:
ComboFix 12-06-21.02 - VuN 21.06.2012  23:11:52.1.2 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.4095.2898 [GMT 2:00]
ausgeführt von:: c:\users\VuN\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-21 18:21 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 18:21 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 18:21 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 18:21 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 18:21 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 18:21 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 18:21 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 18:21 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 18:21 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-20 18:02 . 2012-06-20 18:02        --------        d-----w-        C:\_OTL
2012-06-18 21:04 . 2012-06-18 21:04        --------        d-----w-        c:\program files (x86)\ESET
2012-06-17 10:59 . 2012-06-17 10:59        --------        d-----w-        c:\program files (x86)\MozBackup
2012-06-16 15:47 . 2012-06-16 15:49        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-16 15:47 . 2012-06-16 15:47        --------        d-----w-        c:\program files (x86)\DAEMON Tools Lite
2012-06-16 10:15 . 2012-06-16 10:15        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-06-16 10:15 . 2012-06-16 10:15        772592        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-06-16 10:13 . 2012-06-16 10:13        --------        d-----w-        c:\program files\Java
2012-06-15 20:48 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3952FE24-B6AD-4A8C-9B15-36A442645FBF}\mpengine.dll
2012-06-14 23:46 . 2012-06-16 19:15        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 23:46 . 2012-06-16 19:15        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 10:13 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-09 11:53 . 2012-06-09 11:53        --------        d-----w-        c:\users\VuN\AppData\Local\Macromedia
2012-05-28 14:35 . 2012-05-28 14:35        --------        d-----w-        c:\users\VuN\AppData\Roaming\LolClient2
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 10:15 . 2010-12-03 13:32        687600        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-06-16 10:13 . 2012-05-20 17:05        955840        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-06-16 10:13 . 2011-09-21 15:03        839096        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-08 19:41 . 2012-04-22 18:20        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:41 . 2012-04-22 18:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-04 20:19 . 2012-03-30 11:19        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-01-09 14:19        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 15:01        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2011-10-29 16384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MultiSkypeLauncher.lnk - c:\program files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe [2011-6-13 114176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-10-29 169472]
NETGEAR WN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111\wn111.exe [2008-4-1 2502656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: microsoft.com)\fai.music.metaservices
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,7c,e3,d9,f1,1f,06,3c,ee,5a,38,35,7a,53,ce,81,4c,b8,ca,59,a1,
  45,75,f1,a8,aa,13,43,91,3e,1a,db,3e,d3,68,3f,47,ae,f7,ce,7e,c1,8f,1e,03,88,\
"rkeysecu"=hex:bb,6e,1e,e3,89,67,51,33,1d,60,84,81,bd,19,c6,ad
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1C8132558822EDDB8A195AE2E7AD8737831FD61C9003A75EC0E34609D115486D59EBAF42C3CF08E1CC5D4F9978875D00D3F22EBB76F61DC21280986B90CACD608810CFCF0347C9DFE0809FCC61FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DF1C22A6820FA928B7B8A2F2B94B79A85578F722EF01069BDD75B49853746505AAC75EB2B85E2AC74007E8A4AB5B9C006262FE9559B4B1B2E5B139C71C9EE96BB12233F2BE3D06114D429CF800ABA97DD2DF10DBB4CB7F1062CD56918B3F9F5106F88113E55194D30C5417609FB1F19C6DBAE7A215D66DB957A3719DFE0C476595495B3137586B3A366B45AF678BCDD1064EBB69A2DDAEEC039FC770441A0C633156CDAA665D7F9DC89A4B72D725F251D3CEA28159E8C61FE9F233593C8513649C965A1CDC9BC285CCA63B265DC4652E49C1A9A4B976890DEA9D6666FEE92BADECE0D83B04BDE6F3A047BCF2BB3236C7406A0BDD0044EFBFD947A83CFAE8E6CC6C421644A95D49F20D9A9FB61741F9DE83957A40C5211C61265A469BF08E7096C8E1608EB5BAE2F4C2FDB83BA21D2B476BBCBC6B3747A3962E1A1571EFEB2714C55931737CEEDB7912D3919C13C4FA5E45940FED860C4BF4D16ED721C1B78297784742125AB0977D44219D352D396878E1EA90F5B92A269C0503C43C2E7B6D914CBC89602AB6950129F092E1C729F93E25E32177209B46A43A474B66A75DDD05922534CEB106CC75739480626AB562965AFB52126C5959A6B6A309B4456D37F963D0D7C599E6508C4C8CB1E4793984D2D6BC79655505076E4BBBD285123EFF8AC9820C30F201ADE934BBB9CAEC33AA366302D4831B2E41D727720F3697880F790766D24AADFC3BF8C82F58B5ADB82F9CFDF5E68C0FBC7D3E5420E7AB673C5D8CBDA87039BAF11BD8D730A5A217C2BBD3C210A10DB3F6001A982719DB73A769BFA0CB52A26E2A41489663D5BA9C9640113DD913932910B31386369214072B966CF18F3C5E05393A10768064373EF517C4F440B44448E98932354C7AD76C8AC818F4DF16738DC67E720CB132ECC1B088A81C6BE73E8D5CB7D0D88934F55ECE1D914C113066BE0200B03A5C49ADBFC14A9CB9AAAEE49085D66B0768676AB125D804A4C6E790FC42ED6F04EAD69994BF3FC663B80C1624E7968D7D811779BEF97AAB38950000BEE77B8C16319E252C01CCB9AE526DB07D0BFC564B0D30B9C43FD30645A38B91BCC57C1DEC682B02719F100C91D3410DC3FC3614ABFA64D79CAF28E86E1582E4D519A29479C98DF8B1852296626F916DDCC8E43918D92BED0C9C9E6D7871AC5876D83480D4D42E449020AF9788CF509D7AE1B1757E5574495094CFD29F8174D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  08:24:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 65.805.144.064 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 63.997.652.992 Bytes frei
.
- - End Of File - - 71F7615C8D48DABD861F3C6159FE9952
--- --- ---

cosinus 22.06.2012 10:44
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Firefox::
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:02 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129