85.183.254.9 (Type: outgoing, Port: 52063, Process: wlmail.exe

[p3k1ti]

Hello,

Malwarebytes Pro blocked the following outgoing connections ...

--------- 2012/02/15 ----------

2012/02/15 18:09:51 +0100 CHIMNHO hendrik MESSAGE Scheduled update executed successfully: database updated from version v2012.02.15.01 to version v2012.02.15.03

2012/02/15 20:43:11 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 52063, Process: wlmail.exe)

2012/02/15 20:43:11 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 52064, Process: wlmail.exe)

---------- 2012/02/16 ----------

2012/02/16 08:43:59 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50065, Process: wlmail.exe)

2012/02/16 08:43:59 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 50066, Process: wlmail.exe)

2012/02/16 18:43:33 +0100 CHIMNHO hendrik MESSAGE Scheduled update executed successfully: database updated from version v2012.02.15.03 to version v2012.02.16.04

2012/02/16 20:45:02 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 54823, Process: wlmail.exe)

2012/02/16 20:45:02 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 54824, Process: wlmail.exe)

---------- 2012/02/17 ----------

2012/02/17 21:21:20 +0100 CHIMNHO (null) MESSAGE Scheduled update executed successfully: database updated from version v2012.02.16.04 to version v2012.02.17.06

2012/02/17 21:40:05 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49549, Process: wlmail.exe)

2012/02/17 21:40:05 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49550, Process: wlmail.exe)

A Quick Scan run returned ...

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Datenbank Version: v2012.02.17.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

hendrik :: CHIMNHO [Administrator]

Schutz: Aktiviert

17.02.2012 22:01:44

mbam-log-2012-02-17 (22-01-44).txt

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 206635

Laufzeit: 56 Sekunde(n)

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)

(Ende)

A scan with DDS returned ...

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by hendrik at 21:57:36 on 2012-02-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8167.5600 [GMT 1:00]

.

AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

AV: Microsoft Security Essentials *Disabled/Updated* {85C1E965-F997-4AB1-E20C-5C67B92E993B}

SP: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {3EA00881-DFAD-453F-D8BC-6715C2A9D386}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\avmwlanstick\WlanNetService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe

C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe

C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE

C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE

C:\Program Files (x86)\HTTP Debugger Pro\mfnsvc.exe

C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

D:\Development\VMWarePlayer\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe

C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe

C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

D:\Security\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\SmartTechnology\Software\ProfilerU.exe

C:\Program Files\SmartTechnology\Software\SaiMfd.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe

D:\Apps\Dexpot\dexpot.exe

C:\Program Files\Windows Sidebar\sidebar.exe

D:\Apps\AnyDVD\AnyDVDtray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\F-Secure\Common\FSM32.EXE

C:\Program Files (x86)\avmwlanstick\WLanGUI.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

D:\Apps\Logitech Webcam\LWS\Webcam Software\LWS.exe

D:\Security\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

D:\Apps\Dexpot\Dexpot64.exe

C:\Program Files (x86)\F-Secure\Spam Control\fsscoepl_x64.exe

D:\Apps\Logitech Webcam\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

D:\Apps\AnyDVD\ADvdDiscHlp64.exe

C:\Windows\system32\conhost.exe

D:\Apps\Dexpot\plugins\SevenDex.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\DllHost.exe

C:\Users\hendrik\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LULnchr.exe

C:\Users\hendrik\AppData\Local\Logitech® Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe

D:\Internet\Firefox\firefox.exe

D:\Security\Malwarebytes' Anti-Malware\mbam.exe

D:\Development\UEStudio\uestudio.exe

D:\Development\Console2\Console.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://nmd.msn.com

uDefault_Page_URL = hxxp://nmd.msn.com

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = localhost:8080

mWinlogon: Userinit=userinit.exe

BHO: AutorunsDisabled - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll

uRun: [Dexpot] D:\Apps\Dexpot\dexpot.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AnyDVD] D:\Apps\AnyDVD\AnyDVDtray.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash

mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe

mRun: [LWS] D:\Apps\Logitech Webcam\LWS\Webcam Software\LWS.exe -hide

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "D:\Security\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download Links As... - file://C:\Windows\system32\page.htm

IE: Download Target(s) As... - file://C:\Windows\system32\link.htm

IE: Free YouTube Download - C:\Users\hendrik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

LSP: C:\Windows\mfnspstd32.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{8B8C37AB-7F08-49D3-9F8A-E01037C14D55} : DhcpNameServer = 192.168.178.1

TCP: Interfaces\{A123F424-038D-4140-A10D-EAF6AA9FE2B9} : DhcpNameServer = 10.49.0.1

TCP: Interfaces\{FA258952-3DD1-41E0-B54F-E020E9FD5C9E} : DhcpNameServer = 8.8.4.4 4.2.2.5

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Internet\MP3 Skype Recorder\Skype4Com.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: ftp\DownloadMage - {99488E3C-CC26-4854-ABCD-9F462E1129F3} - D:\Internet\DLMage\DmPh.dll

Name-Space Handler: http\DownloadMage - {99488E3C-CC26-4854-ABCD-9F462E1129F3} - D:\Internet\DLMage\DmPh.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

IFEO: taskmgr.exe - "D:\APPS\SYSINTERNALS\PROCESSEXPLORER\PROCEXP.EXE"

BHO-X64: AutorunsDisabled - No File

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{C6867EB7-8350-4856-877F-93CF8AE3DC9C}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{265EEE8E-3228-44D3-AEA5-F7FDF5860049}

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash

mRun-x64: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun-x64: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe

mRun-x64: [LWS] D:\Apps\Logitech Webcam\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "D:\Security\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

IFEO-X64: taskmgr.exe - "D:\APPS\SYSINTERNALS\PROCESSEXPLORER\PROCEXP.EXE"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\ydetzlqe.default\

FF - prefs.js: network.proxy.http - localhost

FF - prefs.js: network.proxy.http_port - 8008

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\hendrik\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: D:\Apps\iTunes\Mozilla Plugins\npitunes.dll

.

============= SERVICES / DRIVERS ===============

.

R0 apmwin;apmwin;C:\Windows\system32\DRIVERS\apmwin.sys --> C:\Windows\system32\DRIVERS\apmwin.sys [?]

R0 DSFKSVCS;Kernel Services for DSF;C:\Windows\system32\DRIVERS\dsfksvcs.sys --> C:\Windows\system32\DRIVERS\dsfksvcs.sys [?]

R0 dsfroot;root enumerated bus driver;C:\Windows\system32\DRIVERS\dsfroot.sys --> C:\Windows\system32\DRIVERS\dsfroot.sys [?]

R0 gpt_loader;GUID Partition table support driver;C:\Windows\system32\DRIVERS\gpt_loader.sys --> C:\Windows\system32\DRIVERS\gpt_loader.sys [?]

R0 mounthlp;Mounter helper driver for HFS volumes;C:\Windows\system32\DRIVERS\mounthlp.sys --> C:\Windows\system32\DRIVERS\mounthlp.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2011-11-4 61960]

R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys --> C:\Windows\system32\drivers\fses.sys [?]

R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys --> C:\Windows\system32\drivers\fsdfw.sys [?]

R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2011-11-4 15016]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 DTSAudioService;DTSAudioService;C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [2011-10-25 210024]

R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2011-11-4 221864]

R2 HfsplusRec;HfsplusRec;C:\Windows\system32\DRIVERS\hfsplusrec.sys --> C:\Windows\system32\DRIVERS\hfsplusrec.sys [?]

R2 HTTPDebugger;HTTP Debugger;C:\Program Files (x86)\HTTP Debugger Pro\mfnsvc.exe [2011-10-23 66600]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-25 13592]

R2 MBAMService;MBAMService;D:\Security\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-25 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-7 381248]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\drivers\asmthub3.sys --> C:\Windows\system32\drivers\asmthub3.sys [?]

R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\drivers\asmtxhci.sys --> C:\Windows\system32\drivers\asmtxhci.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\drivers\btath_bus.sys --> C:\Windows\system32\drivers\btath_bus.sys [?]

R3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-11-4 198808]

R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2011-11-4 61088]

R3 fwlanusbn;FRITZ!WLAN N;C:\Windows\system32\DRIVERS\fwlanusbn.sys --> C:\Windows\system32\DRIVERS\fwlanusbn.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 SaiK0CCB;SaiK0CCB;C:\Windows\system32\DRIVERS\SaiK0CCB.sys --> C:\Windows\system32\DRIVERS\SaiK0CCB.sys [?]

R3 SaiU0CCB;SaiU0CCB;C:\Windows\system32\DRIVERS\SaiU0CCB.sys --> C:\Windows\system32\DRIVERS\SaiU0CCB.sys [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/02/16 20:59:41;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

S3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 Hfsplus;Hfsplus;C:\Windows\system32\DRIVERS\hfsplus.sys --> C:\Windows\system32\DRIVERS\hfsplus.sys [?]

S3 HRMCFGSPC;DSF General Configuration Space Redirection Module;C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS --> C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS [?]

S3 HRMINTS;DSF Interrupt Redirection Module;C:\Windows\system32\DRIVERS\HRMINTS.SYS --> C:\Windows\system32\DRIVERS\HRMINTS.SYS [?]

S3 HRMPORTS;DSF IO Port Redirection Module;C:\Windows\system32\DRIVERS\HRMPORTS.SYS --> C:\Windows\system32\DRIVERS\HRMPORTS.SYS [?]

S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\system32\DRIVERS\ladfGSCamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSCamd64.sys [?]

S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\system32\DRIVERS\ladfGSRamd64.sys --> C:\Windows\system32\DRIVERS\ladfGSRamd64.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2011-12-10 290872]

S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys --> C:\Windows\system32\drivers\nvstusb.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

.txt=UEStudio.txt

.

=============== Created Last 30 ================

.

2012-02-17 20:39:40 -------- d-----w- C:\Users\hendrik\AppData\Local\{531C3484-17B6-4AD4-A8CE-652CE3F80339}

2012-02-17 20:39:29 -------- d-----w- C:\Users\hendrik\AppData\Local\{433DC215-40EA-47DA-AE13-AB95343C45E1}

2012-02-17 20:30:06 8602168 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{602A9E96-CA7E-48C2-B494-1181C9F4D647}\mpengine.dll

2012-02-16 19:44:44 -------- d-----w- C:\Users\hendrik\AppData\Local\{1829198D-B236-42E7-B879-1F7B8AE867E5}

2012-02-16 19:44:10 -------- d-----w- C:\Users\hendrik\AppData\Local\{20C4E619-4F93-49E3-AD72-06B5B5E79C0D}

2012-02-16 17:54:07 -------- d-----w- C:\Windows\pss

2012-02-16 07:43:45 -------- d-----w- C:\Users\hendrik\AppData\Local\{916B7F67-5A71-4C00-9B45-19B3999D94F9}

2012-02-16 07:43:23 -------- d-----w- C:\Users\hendrik\AppData\Local\{728CF9C6-E093-4692-8624-0B0C8DB97310}

2012-02-15 21:40:19 8602168 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-15 20:57:43 -------- d-----w- C:\Windows\Downloaded Installations

2012-02-15 20:01:38 98103 ----a-w- C:\Windows\SysWow64\uninstall.exe

2012-02-15 20:01:31 -------- d-----w- C:\Program Files (x86)\HTTP Debugger Pro

2012-02-15 19:42:57 -------- d-----w- C:\Users\hendrik\AppData\Local\{EDAA1AB4-65D5-4985-94F9-2F73FAF203DC}

2012-02-15 19:42:34 -------- d-----w- C:\Users\hendrik\AppData\Local\{F238944B-88E0-4C0A-80B0-5583D43F5342}

2012-02-15 08:07:06 -------- d-----w- C:\Users\hendrik\AppData\Roaming\Malwarebytes

2012-02-15 08:06:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-15 08:06:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-15 07:42:09 -------- d-----w- C:\Users\hendrik\AppData\Local\{A4E22D99-15B3-4486-9A96-C761713A016A}

2012-02-15 07:41:46 -------- d-----w- C:\Users\hendrik\AppData\Local\{057DD420-2B70-4554-8FD0-7F04F8F9C751}

2012-02-14 19:53:10 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-14 19:53:10 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-14 19:53:09 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-14 19:53:09 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-14 19:53:08 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-14 19:53:08 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-14 19:53:05 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-14 19:53:05 634880 ----a-w- C:\Windows\System32\msvcrt.dll

2012-02-14 19:41:21 -------- d-----w- C:\Users\hendrik\AppData\Local\{26521D8F-76C9-443A-98F8-652040FD2A98}

2012-02-14 19:41:05 -------- d-----w- C:\Users\hendrik\AppData\Local\{01773542-9D58-4211-A549-791D2E65E219}

2012-02-13 18:28:02 -------- d-----w- C:\Users\hendrik\AppData\Local\{22A2994E-A965-48A1-B995-1D28F363E0CE}

2012-02-13 18:27:46 -------- d-----w- C:\Users\hendrik\AppData\Local\{0BD8E3C6-79CB-492B-AAC5-C1F7B72D50E9}

2012-02-12 13:35:50 -------- d-----w- C:\Users\hendrik\AppData\Local\{FEE2A2EC-F77C-4405-B260-8DC7FC1F8188}

2012-02-12 13:35:16 -------- d-----w- C:\Users\hendrik\AppData\Local\{7187D90B-54C9-4BB3-893B-9557C302E901}

2012-02-12 01:35:03 -------- d-----w- C:\Users\hendrik\AppData\Local\{6D50AC1A-5FF3-44A9-B480-62B206D85035}

2012-02-12 01:34:29 -------- d-----w- C:\Users\hendrik\AppData\Local\{8B07D5B3-D96C-489E-8351-9E90F93AC00D}

2012-02-11 13:34:16 -------- d-----w- C:\Users\hendrik\AppData\Local\{E1B9DBE9-9079-455D-B562-0564FF3B48CC}

2012-02-11 13:34:05 -------- d-----w- C:\Users\hendrik\AppData\Local\{F6080B35-9CB8-4560-A457-1FEA12E1B657}

2012-02-08 19:48:01 -------- d-----w- C:\Users\hendrik\AppData\Local\{F09BFC83-2B6A-4B2C-8762-FBF43CE68C21}

2012-02-08 19:47:50 -------- d-----w- C:\Users\hendrik\AppData\Local\{219AAF78-1EE3-4F7B-9079-55E61F9F8813}

2012-02-07 18:36:55 -------- d-----w- C:\Users\hendrik\AppData\Local\{2B567097-B56B-4A6D-AFE1-47B210F55277}

2012-02-07 18:36:43 -------- d-----w- C:\Users\hendrik\AppData\Local\{B07E072E-9086-44C3-ADB3-64A3019EDFC9}

2012-02-06 18:38:41 -------- d-----w- C:\Users\hendrik\AppData\Local\{8DAE9F0C-DE1B-44BB-8136-263C64C5711E}

2012-02-06 18:38:14 -------- d-----w- C:\Users\hendrik\AppData\Local\{E246C3C2-8B8A-4E4E-B1AC-B2900C27EA88}

2012-02-06 03:20:00 -------- d-----w- C:\Users\hendrik\AppData\Local\{696D4D20-9FF8-4DA0-BD27-B65C89AEB953}

2012-02-06 03:19:26 -------- d-----w- C:\Users\hendrik\AppData\Local\{6312EC51-C4D0-4A7F-84AA-0772FE543D1E}

2012-02-05 17:07:55 -------- d-----w- C:\Program Files\iPod

2012-02-05 17:07:54 -------- d-----w- C:\Program Files\iTunes

2012-02-05 17:07:36 -------- d-sh--w- C:\Windows\ftpcache

2012-02-05 15:19:00 -------- d-----w- C:\Users\hendrik\AppData\Local\{E14418B6-95E0-45F3-BB80-63F5D2FBF7B2}

2012-02-05 15:18:48 -------- d-----w- C:\Users\hendrik\AppData\Local\{903788CE-721C-4791-AD7B-B390AD2C6260}

2012-01-22 10:00:40 -------- d-----w- C:\Users\hendrik\AppData\Local\{9CD57320-BD0A-413E-A9CF-65F4400E7148}

2012-01-22 10:00:27 -------- d-----w- C:\Users\hendrik\AppData\Local\{23341D16-EF83-4FEA-A3FB-A0C797FE6AD3}

2012-01-21 10:14:51 -------- d-----w- C:\Users\hendrik\AppData\Local\{1FF90434-DE59-4CF3-9ADD-F5C096316CAA}

2012-01-21 10:14:39 -------- d-----w- C:\Users\hendrik\AppData\Local\{FA4C5F01-E87E-4F93-90C8-D021CBD48F95}

2012-01-20 18:40:01 -------- d-----w- C:\Users\hendrik\AppData\Local\{5DEDBB13-6A25-4A4F-91F2-EC28133262BE}

2012-01-20 18:39:45 -------- d-----w- C:\Users\hendrik\AppData\Local\{4BC55CC1-720F-4796-94FD-1452BAEBAA55}

.

==================== Find3M ====================

.

2012-02-16 19:58:54 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-02-16 19:58:54 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-02-16 19:58:54 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-18 19:47:10 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-12-18 19:42:59 28672 ----a-w- C:\Windows\SysWow64\lcdmrm.exe

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-12-13 17:15:11 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-12-13 17:15:11 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-12-04 21:23:57 138872 ----a-w- C:\Windows\SysWow64\drivers\AnyDVD.sys

2011-12-04 21:23:57 138872 ----a-w- C:\Windows\System32\drivers\AnyDVD.sys

2011-12-03 17:10:40 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-11-22 20:25:14 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

.

============= FINISH: 21:58:59,66 ===============

Thanks a lot in advance for your support,

Hendrik

Kaspersky TDSSKiller shows ...

Threats detected

Unsigned file

Service: danewFltr

Suspicious object, medium risk

22:24:13.0992 1960 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

22:24:14.0226 1960 ============================================================

22:24:14.0226 1960 Current date / time: 2012/02/17 22:24:14.0226

22:24:14.0226 1960 SystemInfo:

22:24:14.0227 1960

22:24:14.0227 1960 OS Version: 6.1.7601 ServicePack: 1.0

22:24:14.0227 1960 Product type: Workstation

22:24:14.0227 1960 ComputerName: CHIMNHO

22:24:14.0227 1960 UserName: hendrik

22:24:14.0227 1960 Windows directory: C:\Windows

22:24:14.0227 1960 System windows directory: C:\Windows

22:24:14.0227 1960 Running under WOW64

22:24:14.0227 1960 Processor architecture: Intel x64

22:24:14.0227 1960 Number of processors: 8

22:24:14.0227 1960 Page size: 0x1000

22:24:14.0227 1960 Boot type: Normal boot

22:24:14.0227 1960 ============================================================

22:24:14.0385 1960 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:24:14.0396 1960 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:24:14.0399 1960 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x1D1C0F, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'W'

22:24:21.0388 1960 \Device\Harddisk0\DR0:

22:24:21.0389 1960 MBR used

22:24:21.0389 1960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2AB0

22:24:21.0389 1960 \Device\Harddisk1\DR1:

22:24:21.0389 1960 MBR used

22:24:21.0389 1960 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800

22:24:21.0389 1960 \Device\Harddisk2\DR2:

22:24:21.0389 1960 MBR used

22:24:21.0389 1960 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E06000

22:24:21.0437 1960 Initialize success

22:24:21.0437 1960 ============================================================

22:24:29.0373 3544 ============================================================

22:24:29.0373 3544 Scan started

22:24:29.0373 3544 Mode: Manual; SigCheck; TDLFS;

22:24:29.0373 3544 ============================================================

22:24:29.0512 3544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

22:24:29.0550 3544 1394ohci - ok

22:24:29.0561 3544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

22:24:29.0581 3544 ACPI - ok

22:24:29.0590 3544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

22:24:29.0607 3544 AcpiPmi - ok

22:24:29.0620 3544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

22:24:29.0646 3544 adp94xx - ok

22:24:29.0657 3544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

22:24:29.0677 3544 adpahci - ok

22:24:29.0693 3544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

22:24:29.0709 3544 adpu320 - ok

22:24:29.0723 3544 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

22:24:29.0747 3544 AFD - ok

22:24:29.0756 3544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

22:24:29.0774 3544 agp440 - ok

22:24:29.0784 3544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

22:24:29.0799 3544 aliide - ok

22:24:29.0807 3544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

22:24:29.0819 3544 amdide - ok

22:24:29.0829 3544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

22:24:29.0843 3544 AmdK8 - ok

22:24:29.0852 3544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

22:24:29.0868 3544 AmdPPM - ok

22:24:29.0878 3544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

22:24:29.0896 3544 amdsata - ok

22:24:29.0907 3544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

22:24:29.0925 3544 amdsbs - ok

22:24:29.0934 3544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

22:24:29.0952 3544 amdxata - ok

22:24:29.0963 3544 AnyDVD (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys

22:24:29.0990 3544 AnyDVD - ok

22:24:30.0001 3544 apmwin (d2d4af136ea9d2b45e3245d8bf7bf6a5) C:\Windows\system32\DRIVERS\apmwin.sys

22:24:30.0015 3544 apmwin - ok

22:24:30.0025 3544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

22:24:30.0054 3544 AppID - ok

22:24:30.0067 3544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

22:24:30.0081 3544 arc - ok

22:24:30.0091 3544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

22:24:30.0105 3544 arcsas - ok

22:24:30.0115 3544 asmthub3 (6fe3237c1177e66437e7ad0e8ac1a6e5) C:\Windows\system32\drivers\asmthub3.sys

22:24:30.0133 3544 asmthub3 - ok

22:24:30.0147 3544 asmtxhci (c4043e39a2abbc56581ca25df161e9f7) C:\Windows\system32\drivers\asmtxhci.sys

22:24:30.0168 3544 asmtxhci - ok

22:24:30.0180 3544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:24:30.0208 3544 AsyncMac - ok

22:24:30.0217 3544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

22:24:30.0231 3544 atapi - ok

22:24:30.0241 3544 AthBTPort (aaae03f8eda817ec28c5445193ea8bf3) C:\Windows\system32\DRIVERS\btath_flt.sys

22:24:30.0254 3544 AthBTPort - ok

22:24:30.0264 3544 ATHDFU (4ecc791539f23982411864037d1ac8fc) C:\Windows\system32\Drivers\AthDfu.sys

22:24:30.0278 3544 ATHDFU - ok

22:24:30.0291 3544 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys

22:24:30.0305 3544 avmeject - ok

22:24:30.0318 3544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

22:24:30.0346 3544 b06bdrv - ok

22:24:30.0357 3544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:24:30.0380 3544 b57nd60a - ok

22:24:30.0392 3544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:24:30.0418 3544 Beep - ok

22:24:30.0428 3544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys

22:24:30.0441 3544 blbdrive - ok

22:24:30.0452 3544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

22:24:30.0466 3544 bowser - ok

22:24:30.0475 3544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

22:24:30.0490 3544 BrFiltLo - ok

22:24:30.0498 3544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

22:24:30.0514 3544 BrFiltUp - ok

22:24:30.0525 3544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:24:30.0547 3544 Brserid - ok

22:24:30.0556 3544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:24:30.0574 3544 BrSerWdm - ok

22:24:30.0583 3544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:24:30.0599 3544 BrUsbMdm - ok

22:24:30.0608 3544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:24:30.0623 3544 BrUsbSer - ok

22:24:30.0633 3544 BTATH_A2DP (3b1b573371b206d1d5f25e0ef5fcd6d6) C:\Windows\system32\drivers\btath_a2dp.sys

22:24:30.0659 3544 BTATH_A2DP - ok

22:24:30.0668 3544 BTATH_BUS (2d0446336d9db55a742b999ec16adf15) C:\Windows\system32\drivers\btath_bus.sys

22:24:30.0681 3544 BTATH_BUS - ok

22:24:30.0692 3544 BTATH_HCRP (9a9694bbeb2849eaf95dffcae5df02ad) C:\Windows\system32\DRIVERS\btath_hcrp.sys

22:24:30.0707 3544 BTATH_HCRP - ok

22:24:30.0716 3544 BTATH_LWFLT (fc0a8075ddf2e9c66267aec91e0676f9) C:\Windows\system32\DRIVERS\btath_lwflt.sys

22:24:30.0731 3544 BTATH_LWFLT - ok

22:24:30.0741 3544 BTATH_RCP (5eb4815cbddba4541f2380dae6e269ab) C:\Windows\system32\DRIVERS\btath_rcp.sys

22:24:30.0759 3544 BTATH_RCP - ok

22:24:30.0771 3544 BtFilter (0ecede7b33cfd9a52a61220abbd09a50) C:\Windows\system32\DRIVERS\btfilter.sys

22:24:30.0790 3544 BtFilter - ok

22:24:30.0802 3544 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys

22:24:30.0817 3544 BthEnum - ok

22:24:30.0828 3544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

22:24:30.0848 3544 BTHMODEM - ok

22:24:30.0857 3544 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

22:24:30.0877 3544 BthPan - ok

22:24:30.0889 3544 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

22:24:30.0920 3544 BTHPORT - ok

22:24:30.0930 3544 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

22:24:30.0945 3544 BTHUSB - ok

22:24:30.0954 3544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:24:30.0982 3544 cdfs - ok

22:24:30.0992 3544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

22:24:31.0009 3544 cdrom - ok

22:24:31.0020 3544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

22:24:31.0035 3544 circlass - ok

22:24:31.0045 3544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:24:31.0064 3544 CLFS - ok

22:24:31.0079 3544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

22:24:31.0091 3544 CmBatt - ok

22:24:31.0100 3544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

22:24:31.0111 3544 cmdide - ok

22:24:31.0122 3544 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

22:24:31.0146 3544 CNG - ok

22:24:31.0155 3544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

22:24:31.0167 3544 Compbatt - ok

22:24:31.0176 3544 CompFilter64 (403433d758c2d8908937265c1fb34f34) C:\Windows\system32\DRIVERS\lvbflt64.sys

22:24:31.0187 3544 CompFilter64 - ok

22:24:31.0196 3544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

22:24:31.0215 3544 CompositeBus - ok

22:24:31.0224 3544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

22:24:31.0236 3544 crcdisk - ok

22:24:31.0246 3544 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys

22:24:31.0255 3544 danewFltr ( UnsignedFile.Multi.Generic ) - warning

22:24:31.0255 3544 danewFltr - detected UnsignedFile.Multi.Generic (1)

22:24:31.0267 3544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

22:24:31.0297 3544 DfsC - ok

22:24:31.0306 3544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:24:31.0332 3544 discache - ok

22:24:31.0342 3544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

22:24:31.0355 3544 Disk - ok

22:24:31.0366 3544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:24:31.0382 3544 drmkaud - ok

22:24:31.0395 3544 DSFKSVCS (4c639a503201e3f9fb001b840b934a3f) C:\Windows\system32\DRIVERS\dsfksvcs.sys

22:24:31.0422 3544 DSFKSVCS - ok

22:24:31.0432 3544 dsfroot (13699ba0680d8eeef67945f5a405610c) C:\Windows\system32\DRIVERS\dsfroot.sys

22:24:31.0447 3544 dsfroot - ok

22:24:31.0462 3544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

22:24:31.0493 3544 DXGKrnl - ok

22:24:31.0504 3544 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys

22:24:31.0526 3544 e1cexpress - ok

22:24:31.0536 3544 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

22:24:31.0550 3544 E1G60 - ok

22:24:31.0578 3544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

22:24:31.0622 3544 ebdrv - ok

22:24:31.0635 3544 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys

22:24:31.0650 3544 ElbyCDIO - ok

22:24:31.0662 3544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

22:24:31.0693 3544 elxstor - ok

22:24:31.0702 3544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

22:24:31.0714 3544 ErrDev - ok

22:24:31.0727 3544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:24:31.0760 3544 exfat - ok

22:24:31.0766 3544 F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys

22:24:31.0784 3544 F-Secure Gatekeeper - ok

22:24:31.0789 3544 F-Secure HIPS (1c8ab0d7d5451c58962940539f913473) C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys

22:24:31.0802 3544 F-Secure HIPS - ok

22:24:31.0812 3544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:24:31.0843 3544 fastfat - ok

22:24:31.0853 3544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

22:24:31.0866 3544 fdc - ok

22:24:31.0877 3544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:24:31.0891 3544 FileInfo - ok

22:24:31.0900 3544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:24:31.0926 3544 Filetrace - ok

22:24:31.0936 3544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

22:24:31.0950 3544 flpydisk - ok

22:24:31.0960 3544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

22:24:31.0985 3544 FltMgr - ok

22:24:31.0996 3544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:24:32.0012 3544 FsDepends - ok

22:24:32.0022 3544 FSES (81491719ad2f5bb3563334f87c82f734) C:\Windows\system32\drivers\fses.sys

22:24:32.0035 3544 FSES - ok

22:24:32.0045 3544 FSFW (b5b3d6eb4f40abfc4f28be0e5b5538e5) C:\Windows\system32\drivers\fsdfw.sys

22:24:32.0062 3544 FSFW - ok

22:24:32.0074 3544 fssfltr (dc0dce4ec2c5d2cf6472f9fd6aa9a7dc) C:\Windows\system32\DRIVERS\fssfltr.sys

22:24:32.0089 3544 fssfltr - ok

22:24:32.0095 3544 fsvista (8a920e6cff3163c843c06e14cf787bd8) C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys

22:24:32.0107 3544 fsvista - ok

22:24:32.0116 3544 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:24:32.0130 3544 Fs_Rec - ok

22:24:32.0140 3544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

22:24:32.0162 3544 fvevol - ok

22:24:32.0175 3544 fwlanusbn (15585492e45e2f30768b2d5b57929d99) C:\Windows\system32\DRIVERS\fwlanusbn.sys

22:24:32.0197 3544 fwlanusbn - ok

22:24:32.0206 3544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

22:24:32.0219 3544 gagp30kx - ok

22:24:32.0228 3544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:24:32.0240 3544 GEARAspiWDM - ok

22:24:32.0251 3544 gpt_loader (f3d356c6757a397c8523e9703f14a66b) C:\Windows\system32\DRIVERS\gpt_loader.sys

22:24:32.0262 3544 gpt_loader - ok

22:24:32.0272 3544 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

22:24:32.0283 3544 hcmon - ok

22:24:32.0292 3544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:24:32.0305 3544 hcw85cir - ok

22:24:32.0317 3544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

22:24:32.0341 3544 HdAudAddService - ok

22:24:32.0351 3544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

22:24:32.0373 3544 HDAudBus - ok

22:24:32.0384 3544 Hfsplus (f0dfd3f69a94b819d305e9d230cf0126) C:\Windows\system32\DRIVERS\hfsplus.sys

22:24:32.0403 3544 Hfsplus - ok

22:24:32.0413 3544 HfsplusRec (6c9f4bb1f5a1b872c63822d29bc3e4c0) C:\Windows\system32\DRIVERS\hfsplusrec.sys

22:24:32.0426 3544 HfsplusRec - ok

22:24:32.0435 3544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

22:24:32.0450 3544 HidBatt - ok

22:24:32.0459 3544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

22:24:32.0479 3544 HidBth - ok

22:24:32.0488 3544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

22:24:32.0505 3544 HidIr - ok

22:24:32.0516 3544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

22:24:32.0531 3544 HidUsb - ok

22:24:32.0543 3544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

22:24:32.0557 3544 HpSAMD - ok

22:24:32.0566 3544 HRMACPI - ok

22:24:32.0576 3544 HRMCFGSPC (1696a06c0ef55dfcd540b32556d3819a) C:\Windows\system32\DRIVERS\HRMCFGSPC.SYS

22:24:32.0590 3544 HRMCFGSPC - ok

22:24:32.0599 3544 HRMINTS (f58f8f2a11ce4a695c9333c416d0321f) C:\Windows\system32\DRIVERS\HRMINTS.SYS

22:24:32.0612 3544 HRMINTS - ok

22:24:32.0623 3544 HRMPORTS (6bc42dc759d42a4edca7452b4d08d870) C:\Windows\system32\DRIVERS\HRMPORTS.SYS

22:24:32.0639 3544 HRMPORTS - ok

22:24:32.0652 3544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

22:24:32.0690 3544 HTTP - ok

22:24:32.0700 3544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

22:24:32.0711 3544 hwpolicy - ok

22:24:32.0721 3544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

22:24:32.0739 3544 i8042prt - ok

22:24:32.0751 3544 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys

22:24:32.0783 3544 iaStor - ok

22:24:32.0796 3544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

22:24:32.0816 3544 iaStorV - ok

22:24:32.0826 3544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

22:24:32.0838 3544 iirsp - ok

22:24:32.0866 3544 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\Windows\system32\drivers\RTKVHD64.sys

22:24:32.0926 3544 IntcAzAudAddService - ok

22:24:32.0935 3544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

22:24:32.0948 3544 intelide - ok

22:24:32.0957 3544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys

22:24:32.0973 3544 intelppm - ok

22:24:32.0983 3544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:24:33.0011 3544 IpFilterDriver - ok

22:24:33.0022 3544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

22:24:33.0038 3544 IPMIDRV - ok

22:24:33.0048 3544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:24:33.0078 3544 IPNAT - ok

22:24:33.0088 3544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:24:33.0103 3544 IRENUM - ok

22:24:33.0112 3544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

22:24:33.0124 3544 isapnp - ok

22:24:33.0134 3544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

22:24:33.0152 3544 iScsiPrt - ok

22:24:33.0161 3544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:24:33.0174 3544 kbdclass - ok

22:24:33.0183 3544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

22:24:33.0196 3544 kbdhid - ok

22:24:33.0206 3544 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

22:24:33.0221 3544 KSecDD - ok

22:24:33.0231 3544 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

22:24:33.0246 3544 KSecPkg - ok

22:24:33.0255 3544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:24:33.0281 3544 ksthunk - ok

22:24:33.0294 3544 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\Windows\system32\DRIVERS\ladfGSCamd64.sys

22:24:33.0315 3544 LADF_CaptureOnly - ok

22:24:33.0326 3544 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\Windows\system32\DRIVERS\ladfGSRamd64.sys

22:24:33.0350 3544 LADF_RenderOnly - ok

22:24:33.0363 3544 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

22:24:33.0375 3544 LGBusEnum - ok

22:24:33.0385 3544 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

22:24:33.0397 3544 LGVirHid - ok

22:24:33.0407 3544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:24:33.0435 3544 lltdio - ok

22:24:33.0447 3544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

22:24:33.0463 3544 LSI_FC - ok

22:24:33.0472 3544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

22:24:33.0489 3544 LSI_SAS - ok

22:24:33.0498 3544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

22:24:33.0512 3544 LSI_SAS2 - ok

22:24:33.0522 3544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

22:24:33.0538 3544 LSI_SCSI - ok

22:24:33.0549 3544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:24:33.0576 3544 luafv - ok

22:24:33.0588 3544 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys

22:24:33.0605 3544 LVRS64 - ok

22:24:33.0644 3544 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys

22:24:33.0715 3544 LVUVC64 - ok

22:24:33.0725 3544 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

22:24:33.0739 3544 MBAMProtector - ok

22:24:33.0754 3544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

22:24:33.0766 3544 megasas - ok

22:24:33.0777 3544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

22:24:33.0795 3544 MegaSR - ok

22:24:33.0805 3544 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys

22:24:33.0816 3544 MEIx64 - ok

22:24:33.0826 3544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:24:33.0852 3544 Modem - ok

22:24:33.0861 3544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:24:33.0877 3544 monitor - ok

22:24:33.0886 3544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:24:33.0898 3544 mouclass - ok

22:24:33.0908 3544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:24:33.0923 3544 mouhid - ok

22:24:33.0932 3544 mounthlp (2d96f6ba820eb20bdaab501b5e046bdc) C:\Windows\system32\DRIVERS\mounthlp.sys

22:24:33.0947 3544 mounthlp - ok

22:24:33.0956 3544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

22:24:33.0972 3544 mountmgr - ok

22:24:33.0983 3544 MpFilter (a58b5299e89fd6bfc6e872f3af2d13b0) C:\Windows\system32\DRIVERS\MpFilter.sys

22:24:34.0003 3544 MpFilter - ok

22:24:34.0013 3544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

22:24:34.0030 3544 mpio - ok

22:24:34.0039 3544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:24:34.0067 3544 mpsdrv - ok

22:24:34.0078 3544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

22:24:34.0097 3544 MRxDAV - ok

22:24:34.0107 3544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:24:34.0126 3544 mrxsmb - ok

22:24:34.0137 3544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:24:34.0160 3544 mrxsmb10 - ok

22:24:34.0170 3544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:24:34.0185 3544 mrxsmb20 - ok

22:24:34.0194 3544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

22:24:34.0206 3544 msahci - ok

22:24:34.0215 3544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

22:24:34.0230 3544 msdsm - ok

22:24:34.0241 3544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:24:34.0267 3544 Msfs - ok

22:24:34.0276 3544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:24:34.0301 3544 mshidkmdf - ok

22:24:34.0310 3544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

22:24:34.0321 3544 msisadrv - ok

22:24:34.0332 3544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:24:34.0357 3544 MSKSSRV - ok

22:24:34.0367 3544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:24:34.0392 3544 MSPCLOCK - ok

22:24:34.0401 3544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:24:34.0426 3544 MSPQM - ok

22:24:34.0438 3544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

22:24:34.0461 3544 MsRPC - ok

22:24:34.0471 3544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

22:24:34.0485 3544 mssmbios - ok

22:24:34.0494 3544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:24:34.0521 3544 MSTEE - ok

22:24:34.0530 3544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

22:24:34.0545 3544 MTConfig - ok

22:24:34.0555 3544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:24:34.0570 3544 Mup - ok

22:24:34.0582 3544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:24:34.0608 3544 NativeWifiP - ok

22:24:34.0623 3544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

22:24:34.0669 3544 NDIS - ok

22:24:34.0678 3544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:24:34.0723 3544 NdisCap - ok

22:24:34.0732 3544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:24:34.0759 3544 NdisTapi - ok

22:24:34.0768 3544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

22:24:34.0796 3544 Ndisuio - ok

22:24:34.0806 3544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

22:24:34.0836 3544 NdisWan - ok

22:24:34.0845 3544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

22:24:34.0873 3544 NDProxy - ok

22:24:34.0882 3544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:24:34.0910 3544 NetBIOS - ok

22:24:34.0920 3544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

22:24:34.0950 3544 NetBT - ok

22:24:34.0966 3544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

22:24:34.0978 3544 nfrd960 - ok

22:24:34.0988 3544 NisDrv (61a2397fc3c3bc8684d9931013ce5711) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

22:24:35.0002 3544 NisDrv - ok

22:24:35.0013 3544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:24:35.0038 3544 Npfs - ok

22:24:35.0048 3544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:24:35.0074 3544 nsiproxy - ok

22:24:35.0094 3544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

22:24:35.0137 3544 Ntfs - ok

22:24:35.0146 3544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:24:35.0173 3544 Null - ok

22:24:35.0184 3544 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

22:24:35.0202 3544 NVHDA - ok

22:24:35.0281 3544 nvlddmkm (cbf698abe989d60ec0d0b6b81ad82930) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:24:35.0432 3544 nvlddmkm - ok

22:24:35.0444 3544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

22:24:35.0461 3544 nvraid - ok

22:24:35.0471 3544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

22:24:35.0488 3544 nvstor - ok

22:24:35.0499 3544 NvStUSB (66fbdb104695db602d5e7565e91db35d) C:\Windows\system32\drivers\nvstusb.sys

22:24:35.0517 3544 NvStUSB - ok

22:24:35.0528 3544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

22:24:35.0544 3544 nv_agp - ok

22:24:35.0553 3544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

22:24:35.0569 3544 ohci1394 - ok

22:24:35.0581 3544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

22:24:35.0596 3544 Parport - ok

22:24:35.0605 3544 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

22:24:35.0619 3544 partmgr - ok

22:24:35.0630 3544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

22:24:35.0645 3544 pci - ok

22:24:35.0654 3544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

22:24:35.0665 3544 pciide - ok

22:24:35.0675 3544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

22:24:35.0692 3544 pcmcia - ok

22:24:35.0701 3544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:24:35.0714 3544 pcw - ok

22:24:35.0726 3544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:24:35.0766 3544 PEAUTH - ok

22:24:35.0787 3544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

22:24:35.0816 3544 PptpMiniport - ok

22:24:35.0825 3544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

22:24:35.0842 3544 Processor - ok

22:24:35.0854 3544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

22:24:35.0885 3544 Psched - ok

22:24:35.0902 3544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

22:24:35.0936 3544 ql2300 - ok

22:24:35.0946 3544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

22:24:35.0960 3544 ql40xx - ok

22:24:35.0970 3544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:24:35.0987 3544 QWAVEdrv - ok

22:24:35.0996 3544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:24:36.0020 3544 RasAcd - ok

22:24:36.0030 3544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:24:36.0057 3544 RasAgileVpn - ok

22:24:36.0068 3544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:24:36.0094 3544 Rasl2tp - ok

22:24:36.0105 3544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:24:36.0132 3544 RasPppoe - ok

22:24:36.0141 3544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:24:36.0183 3544 RasSstp - ok

22:24:36.0194 3544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

22:24:36.0229 3544 rdbss - ok

22:24:36.0238 3544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

22:24:36.0255 3544 rdpbus - ok

22:24:36.0264 3544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:24:36.0291 3544 RDPCDD - ok

22:24:36.0301 3544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:24:36.0328 3544 RDPENCDD - ok

22:24:36.0338 3544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:24:36.0365 3544 RDPREFMP - ok

22:24:36.0375 3544 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

22:24:36.0406 3544 RDPWD - ok

22:24:36.0416 3544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

22:24:36.0434 3544 rdyboost - ok

22:24:36.0446 3544 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

22:24:36.0463 3544 RFCOMM - ok

22:24:36.0476 3544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:24:36.0506 3544 rspndr - ok

22:24:36.0516 3544 SaiK0CCB (7449b5949bb85742cdf247be7f9b653a) C:\Windows\system32\DRIVERS\SaiK0CCB.sys

22:24:36.0532 3544 SaiK0CCB - ok

22:24:36.0542 3544 SaiMini (4b6dd6826cee2342a86e375cc0183ab0) C:\Windows\system32\DRIVERS\SaiMini.sys

22:24:36.0557 3544 SaiMini - ok

22:24:36.0567 3544 SaiNtBus (b2d3a1e5818a51f4691e44a3cb6aff42) C:\Windows\system32\drivers\SaiBus.sys

22:24:36.0582 3544 SaiNtBus - ok

22:24:36.0592 3544 SaiU0CCB (325f2aab1df5f37d6aee3c1db1d9fee1) C:\Windows\system32\DRIVERS\SaiU0CCB.sys

22:24:36.0606 3544 SaiU0CCB - ok

22:24:36.0616 3544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

22:24:36.0633 3544 sbp2port - ok

22:24:36.0643 3544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

22:24:36.0671 3544 scfilter - ok

22:24:36.0683 3544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:24:36.0712 3544 secdrv - ok

22:24:36.0724 3544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

22:24:36.0739 3544 Serenum - ok

22:24:36.0748 3544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

22:24:36.0764 3544 Serial - ok

22:24:36.0773 3544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

22:24:36.0787 3544 sermouse - ok

22:24:36.0799 3544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

22:24:36.0814 3544 sffdisk - ok

22:24:36.0823 3544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

22:24:36.0837 3544 sffp_mmc - ok

22:24:36.0846 3544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

22:24:36.0860 3544 sffp_sd - ok

22:24:36.0869 3544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

22:24:36.0882 3544 sfloppy - ok

22:24:36.0892 3544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

22:24:36.0905 3544 SiSRaid2 - ok

22:24:36.0914 3544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

22:24:36.0927 3544 SiSRaid4 - ok

22:24:36.0937 3544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:24:36.0965 3544 Smb - ok

22:24:36.0976 3544 SOFTHIDUSBK - ok

22:24:36.0984 3544 SOFTUSBK - ok

22:24:36.0994 3544 SOFTUSBTESTHUB - ok

22:24:37.0002 3544 SOFTWADP - ok

22:24:37.0012 3544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:24:37.0024 3544 spldr - ok

22:24:37.0039 3544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

22:24:37.0066 3544 srv - ok

22:24:37.0077 3544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

22:24:37.0103 3544 srv2 - ok

22:24:37.0114 3544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

22:24:37.0135 3544 srvnet - ok

22:24:37.0149 3544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

22:24:37.0161 3544 stexstor - ok

22:24:37.0171 3544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

22:24:37.0182 3544 swenum - ok

22:24:37.0195 3544 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys

22:24:37.0206 3544 tap0901 - ok

22:24:37.0228 3544 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

22:24:37.0279 3544 Tcpip - ok

22:24:37.0300 3544 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

22:24:37.0367 3544 TCPIP6 - ok

22:24:37.0378 3544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

22:24:37.0405 3544 tcpipreg - ok

22:24:37.0415 3544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:24:37.0441 3544 TDPIPE - ok

22:24:37.0450 3544 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:24:37.0476 3544 TDTCP - ok

22:24:37.0486 3544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

22:24:37.0514 3544 tdx - ok

22:24:37.0524 3544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

22:24:37.0537 3544 TermDD - ok

22:24:37.0551 3544 truecrypt (8de922cd4fea6f83b10805df965b9a08) C:\Windows\system32\drivers\truecrypt.sys

22:24:37.0569 3544 truecrypt - ok

22:24:37.0580 3544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:24:37.0608 3544 tssecsrv - ok

22:24:37.0618 3544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

22:24:37.0636 3544 TsUsbFlt - ok

22:24:37.0645 3544 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

22:24:37.0662 3544 TsUsbGD - ok

22:24:37.0672 3544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

22:24:37.0702 3544 tunnel - ok

22:24:37.0712 3544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

22:24:37.0728 3544 uagp35 - ok

22:24:37.0739 3544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

22:24:37.0774 3544 udfs - ok

22:24:37.0786 3544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

22:24:37.0801 3544 uliagpkx - ok

22:24:37.0811 3544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

22:24:37.0825 3544 umbus - ok

22:24:37.0834 3544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

22:24:37.0847 3544 UmPass - ok

22:24:37.0858 3544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

22:24:37.0871 3544 USBAAPL64 - ok

22:24:37.0881 3544 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

22:24:37.0898 3544 usbaudio - ok

22:24:37.0908 3544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

22:24:37.0923 3544 usbccgp - ok

22:24:37.0932 3544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

22:24:37.0951 3544 usbcir - ok

22:24:37.0960 3544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

22:24:37.0976 3544 usbehci - ok

22:24:37.0987 3544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

22:24:38.0011 3544 usbhub - ok

22:24:38.0021 3544 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

22:24:38.0036 3544 usbohci - ok

22:24:38.0045 3544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

22:24:38.0062 3544 usbprint - ok

22:24:38.0071 3544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:24:38.0088 3544 USBSTOR - ok

22:24:38.0097 3544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

22:24:38.0111 3544 usbuhci - ok

22:24:38.0122 3544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

22:24:38.0135 3544 vdrvroot - ok

22:24:38.0145 3544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:24:38.0159 3544 vga - ok

22:24:38.0168 3544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:24:38.0195 3544 VgaSave - ok

22:24:38.0205 3544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

22:24:38.0224 3544 vhdmp - ok

22:24:38.0233 3544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

22:24:38.0246 3544 viaide - ok

22:24:38.0255 3544 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys

22:24:38.0267 3544 VKbms - ok

22:24:38.0279 3544 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

22:24:38.0293 3544 vmci - ok

22:24:38.0303 3544 vmkbd (3a717d3e29c107351347b478a9d0043f) C:\Windows\system32\drivers\VMkbd.sys

22:24:38.0317 3544 vmkbd - ok

22:24:38.0326 3544 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

22:24:38.0340 3544 VMnetAdapter - ok

22:24:38.0350 3544 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

22:24:38.0364 3544 VMnetBridge - ok

22:24:38.0376 3544 VMnetuserif (b6a3766c3e99fb1f6663c6b4b7c3f3a1) C:\Windows\system32\drivers\vmnetuserif.sys

22:24:38.0392 3544 VMnetuserif - ok

22:24:38.0404 3544 vmx86 (e53cad9b1fa901ca2046501ee88f9cef) C:\Windows\system32\drivers\vmx86.sys

22:24:38.0419 3544 vmx86 - ok

22:24:38.0429 3544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

22:24:38.0445 3544 volmgr - ok

22:24:38.0456 3544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

22:24:38.0479 3544 volmgrx - ok

22:24:38.0490 3544 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

22:24:38.0511 3544 volsnap - ok

22:24:38.0521 3544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

22:24:38.0536 3544 vsmraid - ok

22:24:38.0547 3544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:24:38.0565 3544 vwifibus - ok

22:24:38.0576 3544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

22:24:38.0592 3544 WacomPen - ok

22:24:38.0602 3544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:24:38.0631 3544 WANARP - ok

22:24:38.0633 3544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

22:24:38.0662 3544 Wanarpv6 - ok

22:24:38.0675 3544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

22:24:38.0691 3544 Wd - ok

22:24:38.0704 3544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:24:38.0735 3544 Wdf01000 - ok

22:24:38.0749 3544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:24:38.0775 3544 WfpLwf - ok

22:24:38.0784 3544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:24:38.0796 3544 WIMMount - ok

22:24:38.0812 3544 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

22:24:38.0827 3544 WinUsb - ok

22:24:38.0839 3544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

22:24:38.0851 3544 WmiAcpi - ok

22:24:38.0864 3544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:24:38.0891 3544 ws2ifsl - ok

22:24:38.0910 3544 WSOFTUSBK - ok

22:24:38.0921 3544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

22:24:38.0951 3544 WudfPf - ok

22:24:38.0962 3544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:24:38.0995 3544 WUDFRd - ok

22:24:39.0004 3544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:24:39.0015 3544 \Device\Harddisk0\DR0 - ok

22:24:39.0016 3544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

22:24:39.0104 3544 \Device\Harddisk1\DR1 - ok

22:24:39.0108 3544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

22:24:39.0602 3544 \Device\Harddisk2\DR2 - ok

22:24:39.0605 3544 Boot (0x1200) (5624f33f91837a09178c78a327bf89db) \Device\Harddisk0\DR0\Partition0

22:24:39.0606 3544 \Device\Harddisk0\DR0\Partition0 - ok

22:24:39.0608 3544 Boot (0x1200) (041b4a37212cc8773320efd6d908b548) \Device\Harddisk1\DR1\Partition0

22:24:39.0609 3544 \Device\Harddisk1\DR1\Partition0 - ok

22:24:39.0613 3544 Boot (0x1200) (0403420f3b08da76fc1db5f65d67aeb7) \Device\Harddisk2\DR2\Partition0

22:24:39.0613 3544 \Device\Harddisk2\DR2\Partition0 - ok

22:24:39.0614 3544 ============================================================

22:24:39.0614 3544 Scan finished

22:24:39.0614 3544 ============================================================

22:24:39.0622 4916 Detected object count: 1

22:24:39.0622 4916 Actual detected object count: 1

22:27:24.0304 4916 danewFltr ( UnsignedFile.Multi.Generic ) - skipped by user

22:27:24.0304 4916 danewFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip

Attach.rar

[p3k1ti]

I reinstalled my machine and all the "troublemakers are back" ...

2012/02/19 11:26:55 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49360, Process: msnmsgr.exe)

2012/02/19 11:26:55 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49364, Process: msnmsgr.exe)

2012/02/19 12:07:44 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 51937, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52110, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52114, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52117, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52121, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52124, Process: firefox.exe)

2012/02/19 12:14:24 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52128, Process: firefox.exe)

2012/02/19 12:17:12 +0100 CHIMNHO hendrik IP-BLOCK 109.163.226.216 (Type: outgoing, Port: 52203, Process: firefox.exe)

2012/02/19 12:18:40 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 52452, Process: firefox.exe)

2012/02/19 12:23:21 +0100 CHIMNHO hendrik IP-BLOCK 83.128.58.236 (Type: outgoing, Port: 52684, Process: skype.exe)

2012/02/19 12:23:21 +0100 CHIMNHO hendrik IP-BLOCK 83.128.58.236 (Type: outgoing, Port: 52685, Process: skype.exe)

2012/02/19 12:23:21 +0100 CHIMNHO hendrik IP-BLOCK 83.128.58.236 (Type: outgoing, Port: 52686, Process: skype.exe)

2012/02/19 12:23:21 +0100 CHIMNHO hendrik IP-BLOCK 83.128.58.236 (Type: outgoing, Port: 52687, Process: skype.exe)

2012/02/19 12:27:37 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52835, Process: firefox.exe)

2012/02/19 12:28:33 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52856, Process: firefox.exe)

2012/02/19 12:28:33 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52860, Process: firefox.exe)

2012/02/19 12:28:33 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52863, Process: firefox.exe)

2012/02/19 12:28:33 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52867, Process: firefox.exe)

2012/02/19 12:28:33 +0100 CHIMNHO hendrik IP-BLOCK 91.223.82.146 (Type: outgoing, Port: 52870, Process: firefox.exe)

... malwarebytes was installed right after Windows was installed and before any network connection was established for the 1st time

[LDTate]

Uninstall skype and see what happens

[p3k1ti]

Hello,

I just uninstalled skype ...

... why not uninstalling "MS Messenger", too?

The "firefox" entries are okay, because I was searching for information abut the "suspicious" IPs.

Cheers,

Hendrik

[LDTate]

Did the issue stop?

[LDTate]

You might be interested in this topic

http://forums.malwarebytes.org/index.php?showtopic=103232&st=0&p=510648entry510648

[p3k1ti]

Hi LDTate,

if I understand your mentioned link right ...

... the malicious 83.128.58.236 is part of the Skype-P2P-Network and its not an indicator of an infection?!

But what about "MS Messenger" and "Windows Mail" ?!

>> IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 49364, Process: msnmsgr.exe)

MS Messenger uses the ports TCP/UDP 49152 – 65535 for "Remote Assistance"

... do they use a P2P network as well?

At the end I am still a bit worried about "Windows Live Mail"

>> 2012/02/18 14:21:19 +0100 CHIMNHO hendrik IP-BLOCK 85.183.254.9 (Type: outgoing, Port: 52412, Process: wlmail.exe)

Is it because of any kind of "interaction between "Windows Live Mail" and "Windows Messenger" ???

Cheers,

Hendrik

[p3k1ti]

BTW .. since I removed skype - not any "blocked IP" message poped up again

[LDTate]

I use both MSN Messanger and Windows live, but I don't have those outgoing.

Let run Combofix.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[p3k1ti]

Well,

I used ComboFix and it crashed my system for the 2nd time ...

lucky me, this time I was able to use one of my former "recovery points", which wasnt possible some days ago and forced me to reinstall Windows 7.

Okay, dont care ...

... here are the logs

ComboFix 12-02-19.02 - hendrik 20.02.2012 23:52:29.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8167.6195 [GMT 1:00]

ausgeführt von:: d:\hendrik\Downloads\ComboFix.exe

AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: F-Secure Internet Security 2011 10.51 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\HTTP Debugger Pro\mfnsvc.exe

c:\windows\mfnhks32.dll

c:\windows\mfnhks64.dll

c:\windows\mfnspadv32.dll

c:\windows\mfnspadv64.dll

c:\windows\mfnspinst32.exe

c:\windows\mfnspinst64.exe

c:\windows\mfnspstd32.dll

c:\windows\mfnspstd64.dll

c:\windows\mfnswitch.exe

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\SysWow64\uninstall.exe

.

.

((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HTTPDebugger

.

.

((((((((((((((((((((((( Dateien erstellt von 2012-01-20 bis 2012-02-20 ))))))))))))))))))))))))))))))

.

.

2012-02-20 22:54 . 2012-02-20 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-20 20:46 . 2012-02-20 20:46 -------- d-----w- c:\program files\iTunes

2012-02-20 20:46 . 2012-02-20 20:46 -------- d-----w- c:\program files\iPod

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-02-20 18:51 . 2012-02-20 18:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-02-20 18:51 . 2012-02-20 18:51 -------- d-----w- c:\program files (x86)\QuickTime

2012-02-20 18:50 . 2012-02-20 18:50 -------- d-----w- c:\program files (x86)\Safari

2012-02-20 08:22 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-02-20 08:22 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-02-20 08:22 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-02-20 08:21 . 2012-02-20 08:21 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-02-20 08:21 . 2012-02-20 18:50 -------- d-----w- c:\program files\Common Files\Apple

2012-02-20 08:21 . 2012-02-20 08:21 -------- d-----w- c:\program files\Bonjour

2012-02-20 08:21 . 2012-02-20 08:21 -------- d-----w- c:\program files (x86)\Bonjour

2012-02-20 08:21 . 2012-02-20 20:46 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-02-20 07:32 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll

2012-02-20 07:32 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-20 07:32 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-02-20 07:32 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-20 07:32 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-19 22:17 . 2011-03-23 16:00 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys

2012-02-19 17:48 . 2012-02-19 17:48 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-19 14:47 . 2012-02-19 14:47 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-02-18 23:39 . 2012-02-18 23:39 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2

2012-02-18 23:20 . 2012-02-18 23:20 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-02-18 16:28 . 2012-02-18 16:28 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-02-18 16:27 . 2012-02-19 12:05 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-02-18 16:27 . 2012-02-19 12:05 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-02-18 16:27 . 2012-02-19 12:05 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-02-18 15:24 . 2010-12-17 06:56 545 ----a-w- c:\windows\UC.PIF

2012-02-18 15:24 . 2010-12-17 06:56 545 ----a-w- c:\windows\RAR.PIF

2012-02-18 15:24 . 2010-12-17 06:56 545 ----a-w- c:\windows\NOCLOSE.PIF

2012-02-18 15:24 . 2010-12-17 06:56 545 ----a-w- c:\windows\LHA.PIF

2012-02-18 15:24 . 2010-12-17 06:56 545 ----a-w- c:\windows\ARJ.PIF

2012-02-18 15:22 . 2012-02-18 15:23 -------- d-----w- c:\programdata\IDMComp

2012-02-18 15:13 . 2012-02-20 22:54 -------- d-----w- c:\program files (x86)\HTTP Debugger Pro

2012-02-18 14:57 . 2012-02-19 12:09 -------- d-----w- c:\programdata\Origin

2012-02-18 14:57 . 2012-02-18 15:05 -------- d-----w- c:\program files (x86)\Origin Games

2012-02-18 14:57 . 2012-02-18 14:57 -------- d-----w- c:\programdata\Electronic Arts

2012-02-18 13:32 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll

2012-02-18 13:31 . 2007-01-24 14:27 393576 ----a-w- c:\windows\system32\xactengine2_6.dll

2012-02-18 09:56 . 2012-02-18 14:19 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-02-18 09:16 . 2012-02-18 09:16 -------- d-----w- c:\programdata\InstallMate

2012-02-18 09:15 . 2012-02-19 21:22 -------- d-----r- c:\program files (x86)\Skype

2012-02-18 09:15 . 2012-02-19 21:13 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-02-18 09:15 . 2012-02-19 21:13 -------- d-----w- c:\programdata\Skype

2012-02-18 03:16 . 2012-02-18 03:16 -------- d-----w- c:\program files (x86)\Common Files\LWS

2012-02-18 03:15 . 2012-02-18 22:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-18 03:15 . 2012-02-18 03:15 -------- d-----w- c:\windows\SysWow64\Macromed

2012-02-18 03:15 . 2012-02-18 03:15 -------- d-----w- c:\windows\system32\Macromed

2012-02-18 03:01 . 2012-02-18 03:01 -------- d-----w- c:\windows\SysWow64\wbem\en-US

2012-02-18 03:01 . 2012-02-18 03:01 -------- d-----w- c:\windows\system32\wbem\en-US

2012-02-18 02:38 . 2012-02-18 02:38 -------- d-----w- c:\programdata\SmartTechnology

2012-02-18 02:38 . 2012-02-18 02:38 -------- d-----w- c:\program files\SmartTechnology

2012-02-18 02:28 . 2012-02-18 23:23 -------- d-----w- c:\programdata\Logitech

2012-02-18 02:28 . 2012-02-18 23:23 -------- d-----w- c:\program files (x86)\Logitech

2012-02-18 02:25 . 2012-02-20 08:22 -------- dc----w- c:\windows\system32\DRVSTORE

2012-02-18 02:24 . 2012-02-20 20:46 -------- d-----w- c:\programdata\Apple Computer

2012-02-18 02:24 . 2012-02-19 21:13 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-02-18 02:24 . 2012-02-18 02:24 -------- d-----w- c:\programdata\Apple

2012-02-18 02:20 . 2012-02-18 23:23 -------- d-----w- c:\program files\Logitech

2012-02-18 02:19 . 2012-02-18 02:19 -------- d-----w- c:\programdata\LogiShrd

2012-02-18 02:12 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-02-18 02:11 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll

2012-02-18 02:10 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CC8BFFE-5A0C-4279-929C-F2C2F54627F3}\mpengine.dll

2012-02-18 02:09 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-02-18 02:09 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll

2012-02-18 01:59 . 2001-08-29 20:00 59904 ----a-w- c:\windows\SysWow64\wbemdisp.tlb

2012-02-18 01:59 . 1998-07-21 23:00 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll

2012-02-18 01:59 . 1998-07-21 23:00 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL

2012-02-18 01:59 . 1998-06-23 23:00 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX

2012-02-18 01:56 . 2012-02-18 01:56 -------- d-----w- c:\program files (x86)\Common Files\CyberLink

2012-02-18 01:55 . 2012-02-18 01:55 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-02-18 01:55 . 2012-02-18 01:55 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-02-18 01:55 . 2012-02-18 01:55 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-02-18 01:53 . 2012-02-18 01:53 -------- d-----w- c:\program files (x86)\Cyberlink

2012-02-18 01:52 . 2012-02-18 01:52 -------- d-----w- c:\program files (x86)\Common Files\LightScribe

2012-02-18 01:51 . 2012-02-18 01:56 -------- d-----w- c:\programdata\CyberLink

2012-02-18 01:35 . 2012-02-18 01:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2012-02-18 01:19 . 2012-02-18 01:19 -------- d-----w- c:\program files\Common Files\Adobe

2012-02-18 00:40 . 2012-02-18 00:44 -------- d-----w- c:\program files (x86)\Windows Live

2012-02-18 00:40 . 2012-02-18 00:40 -------- d-----w- c:\program files\Windows Live

2012-02-18 00:40 . 2012-02-18 00:40 -------- d-----w- c:\windows\PCHEALTH

2012-02-18 00:39 . 2012-02-18 02:50 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-02-18 00:37 . 2012-02-18 00:37 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-02-18 00:30 . 2012-02-18 00:30 525544 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-18 00:15 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-17 23:56 . 2012-02-18 00:01 42672 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys

2012-02-17 23:54 . 2012-02-17 23:54 46664 ----a-w- c:\windows\system32\drivers\fses.sys

2012-02-17 23:54 . 2012-02-17 23:54 95784 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-02-17 23:54 . 2012-02-17 23:53 574632 ----a-w- c:\windows\SysWow64\msvcp50.dll

2012-02-17 23:52 . 2012-02-17 23:53 -------- d-----w- c:\programdata\fssg

2012-02-17 23:51 . 2012-02-17 23:54 -------- d-----w- c:\programdata\f-secure

2012-02-17 23:50 . 2012-02-18 03:17 -------- d-----w- c:\program files (x86)\Common Files\logishrd

2012-02-17 23:50 . 2012-02-18 03:17 -------- d-----w- c:\program files\Common Files\logishrd

2012-02-17 23:48 . 2012-02-17 23:48 -------- d-----w- c:\program files (x86)\avmwlanstick

2012-02-17 23:48 . 2010-10-22 01:00 14120 ----a-r- c:\windows\system32\drivers\avmeject.sys

2012-02-17 23:48 . 2010-10-22 01:00 99328 ----a-w- c:\windows\system32\fwusbnci.dll

2012-02-17 23:48 . 2010-10-22 01:00 714368 ----a-w- c:\windows\system32\drivers\fwlanusbn.sys

2012-02-17 23:48 . 2010-10-22 01:00 15565 ----a-w- c:\windows\system32\drivers\fwlanusbn.bin

2012-02-17 23:46 . 2012-02-17 23:46 -------- d-----w- c:\programdata\SlySoft

2012-02-17 23:46 . 2012-02-20 20:31 -------- d-----w- c:\programdata\Atheros

2012-02-17 23:43 . 2012-02-17 23:43 -------- d-----w- c:\program files (x86)\Marvell

2012-02-17 23:43 . 2009-07-14 01:15 315904 ----a-w- c:\windows\SysWow64\Difx163e.rra

2012-02-17 23:43 . 2010-08-10 09:29 120920 ----a-w- c:\windows\system32\drivers\jraid.sys

2012-02-17 23:43 . 2012-02-17 23:43 -------- d-----w- c:\windows\RaidTool

2012-02-17 23:42 . 2011-02-22 10:59 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll

2012-02-17 23:42 . 2010-10-19 15:34 56344 ----a-w- c:\windows\system32\drivers\HECIx64.sys

2012-02-17 23:42 . 2012-02-17 23:42 -------- d-----w- c:\program files (x86)\ASM104xUSB3

2012-02-17 23:40 . 2012-02-17 23:40 -------- d-----w- c:\windows\SysWow64\RTCOM

2012-02-17 23:40 . 2012-02-17 23:40 -------- d-----w- c:\program files\Realtek

2012-02-17 23:38 . 2012-02-17 23:38 16896 ----a-w- c:\windows\AsTaskSched.dll

2012-02-17 23:38 . 2012-02-17 23:38 -------- d-----w- c:\program files (x86)\Common Files\Atheros

2012-02-17 23:38 . 2012-02-17 23:38 -------- d-----w- c:\program files (x86)\Bluetooth Suite

2012-02-17 23:35 . 2012-02-17 23:42 -------- d-----w- c:\program files (x86)\Intel

2012-02-17 23:32 . 2012-02-20 22:55 -------- d-----w- c:\programdata\NVIDIA

2012-02-17 23:32 . 2012-02-19 21:16 -------- d-----w- c:\users\UpdatusUser

2012-02-17 23:32 . 2012-02-17 23:32 -------- d-----w- c:\program files (x86)\NVIDIA Corporation

2012-02-17 23:32 . 2011-11-08 03:51 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll

2012-02-17 23:32 . 2011-11-08 03:51 5067584 ----a-w- c:\windows\system32\nvsvc64.dll

.

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-18 00:40 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-01-29 04:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys

2012-01-18 06:44 . 2012-01-18 06:44 25632 ----a-w- c:\windows\system32\drivers\lvbflt64.sys

2012-01-18 05:44 . 2012-01-18 05:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll

2012-01-18 05:44 . 2012-01-18 05:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll

2012-01-18 05:44 . 2012-01-18 05:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll

2012-01-18 05:44 . 2012-01-18 05:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys

2012-01-18 05:44 . 2012-01-18 05:44 769312 ----a-w- c:\windows\system32\LVUI64.dll

2012-01-18 05:44 . 2012-01-18 05:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll

2012-01-18 05:44 . 2012-01-18 05:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll

2012-01-18 05:44 . 2012-01-18 05:44 176416 ----a-w- c:\windows\system32\lvcod64.dll

2012-01-18 05:44 . 2012-01-18 05:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll

2012-01-18 05:44 . 2012-01-18 05:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll

2012-01-18 05:44 . 2012-01-18 05:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll

2012-01-18 05:44 . 2012-01-18 05:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll

2012-01-18 05:44 . 2012-01-18 05:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe

2012-01-18 05:44 . 2012-01-18 05:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe

.

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AnyDVD"="d:\apps\AnyDVD\AnyDVDtray.exe" [2012-02-20 5860984]

"Dexpot"="d:\apps\Dexpot\dexpot.exe" [2012-01-30 1421312]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="d:\apps\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]

"F-Secure TNB"="d:\security\F-Secure\FSGUI\TNBUtil.exe" [2012-02-17 1655464]

"F-Secure Manager"="d:\security\F-Secure\Common\FSM32.EXE" [2012-02-17 201384]

"Malwarebytes' Anti-Malware"="d:\security\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"LWS"="d:\apps\LogitechC525\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

"Logitech G35"="d:\apps\LogitechG35\G35.exe" [2010-10-05 1811800]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

.

c:\users\hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\hendrik\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;d:\security\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-08 2253120]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [x]

R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wgsslvpnsrc;WatchGuard SSLVPN Service;d:\security\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [2011-03-23 58368]

R4 F-Secure Filter;F-Secure File System Filter;d:\security\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-02-17 41896]

R4 F-Secure Recognizer;F-Secure File System Recognizer;d:\security\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-02-17 27304]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

S1 F-Secure HIPS;F-Secure HIPS Driver;d:\security\F-Secure\HIPS\drivers\fshs.sys [2012-02-17 61960]

S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]

S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]

S1 fsvista;F-Secure Vista Support Driver;d:\security\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-02-17 15016]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-07 381248]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]

S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;d:\security\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-02-17 198808]

S3 FSORSPClient;F-Secure ORSP Client;d:\security\F-Secure\ORSP Client\fsorsp.exe [2012-02-17 61088]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [x]

S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-04-22 12:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-20 c:\windows\Tasks\Scheduled scanning task.job

- d:\security\F-Secure\ANTI-V~1\fsav.exe [2012-02-17 23:54]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\hendrik\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-01-23 158208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]

"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-01-23 432640]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]

"combofix"="c:\combofix\CF15514.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: c:\windows\mfnspstd32.dll

LSP: d:\security\F-Secure\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\tc2ks5u9.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-HTTP Debugger Pro - c:\windows\system32\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-1002679150-2292389105-1398518112-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1002679150-2292389105-1398518112-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\avmwlanstick\WlanNetService.exe

d:\security\F-Secure\Anti-Virus\fsgk32st.exe

d:\security\F-Secure\Anti-Virus\FSGK32.EXE

d:\security\F-Secure\Common\FSMA32.EXE

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

d:\security\F-Secure\Common\FSHDLL32.EXE

d:\security\F-Secure\Anti-Virus\fssm32.exe

d:\security\F-Secure\Anti-Virus\fsav32.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-02-20 23:58:32 - PC wurde neu gestartet

ComboFix-quarantined-files.txt 2012-02-20 22:58

.

Vor Suchlauf: 6 Verzeichnis(se), 208.966.946.816 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 209.583.386.624 Bytes frei

.

- - End Of File - - 1144D5139DF2BB396ABF0DBA1BBCC065

Cheers,

Hendrik

[LDTate]

How's it running now?

Run a new MBAM scan

[p3k1ti]

Hello,

MBAM scan never reports any malicious file ...

... all I got was a "Blocking ..." pop-up from time to time. (wlmail, firefox, skype, ms messenger)

And because ComboFix crippled my system I had to "restore" it ...

... so all the mentioned "delete actions" are reverted.

As a summary I would say:

- ComboFix is a damn dangerous tool - it deletes files without asking the user for permission

- It looks like Malwarebytes produces some false-positives from time to time ;-)

Thanks a lot for your time and support!

Cheers,

Hendrik

[LDTate]

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!