Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows Vista SP2 - Google Suchergebnisse werden umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.04.2012, 10:48   #1
DarKxRaideR
 
Windows Vista SP2 - Google Suchergebnisse werden umgeleitet - Standard

Windows Vista SP2 - Google Suchergebnisse werden umgeleitet



Ich habe nach einem Trojanerbefall mein System nun scheinbar Virenfrei bekommen, jedoch werden meine Googlesuchergebnisse beim Klick auf einen Link umgeleitet z.B. an 108.59.9.20 und das aber auchnur sporadisch, d.h. beim zweiten anklicken kann es funktionieren, der Fehler besteht in Firefox und im Internet Explorer, ebenso funktioniert bei beiden nicht die Google Instant Funktion!

Anbei der OTL LOG

Zitat:
OTL logfile created on: 24.04.2012 11:28:27 - Run 2
OTL by OldTimer - Version 3.2.41.0 Folder = C:\Users\MeinBenutzer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,91% Memory free
4,23 Gb Paging File | 3,27 Gb Available in Paging File | 77,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 18,38 Gb Free Space | 26,34% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 36,97 Gb Free Space | 53,18% Space Free | Partition Type: NTFS
Drive G: | 982,72 Mb Total Space | 19,53 Mb Free Space | 1,99% Space Free | Partition Type: FAT

Computer Name: MeinBenutzer-PC | User Name: MeinBenutzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\MeinBenutzer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\MeinBenutzer\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\MeinBenutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\48302596a8c8f2ab396b3be518dbd800\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2680.37453__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2680.37707__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2680.37409__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2680.37469__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2680.37699__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2680.37652__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2680.37445__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2680.37468__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2680.37430__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime. dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2680.37579__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2636.18438__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2636.18428__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2636.18430__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2636.18442__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2636.18438__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2636.18443__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2636.18441__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2636.18458__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2636.18457__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2636.18430__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2636.18485__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2636.18438__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2636.18435__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2642.27815__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2636.18443__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2636.18451__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2636.18440__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2636.18451__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2636.18429__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2636.18442__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dl l ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2636.18437__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2680.37776__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2680.37713_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2680.37404__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2680.37439__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2680.37713__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2680.37724__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2680.37406__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2680.37721__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2636.18439__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2636.18435__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2636.18458__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2636.18440__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2636.18433__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2680.37407__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2680.37405__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2636.18437__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2680.37724__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2636.18452__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()


========== Win32 Services (SafeList) ==========

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe File not found
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe File not found
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe File not found
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_6c825ce.dll ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avgdjroc) -- File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/lists/1788986263971|https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=45842834&t=de770198994.1334952397.9e176564|hxxp://www.google.at/"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb110/?loc=IB_DS&a=6R8eW3qB6G&&i=26&search="
FF - prefs.js..network.proxy.ftp: ":"
FF - prefs.js..network.proxy.http: ":"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":"
FF - prefs.js..network.proxy.ssl: ":"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\VLC\npvlc.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\MeinBenutzer\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.04.16 11:30:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.04.16 11:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.04.16 11:30:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 13:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.17 10:30:44 | 000,000,000 | ---D | M]

[2011.05.29 10:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinBenutzer\AppData\Roaming\mozilla\Extensions
[2012.04.17 16:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MeinBenutzer\AppData\Roaming\mozilla\Firefox\Profiles\q207hpkp.default\extensions
[2011.12.26 17:41:13 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\MeinBenutzer\AppData\Roaming\mozilla\Firefox\Profiles\q207hpkp.default\extensions\ffxtlbr@incredibar.com
[2012.04.17 11:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.11 17:56:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.17 11:35:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MeinBenutzer\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q207HPKP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.19 13:19:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.17 11:34:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.04 02:16:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.04 02:16:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.04 02:16:25 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.04 02:16:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.04 02:16:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.04 02:16:25 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Skype Click to Call = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Anti-Banner = C:\Users\MeinBenutzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012.04.12 15:25:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Programme\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe File not found
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe File not found
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\MeinBenutzer\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 File not found
O4 - HKCU..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart File not found
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9FB07D2-AE8D-4D55-A89E-DA79D5AF8393}: DhcpNameServer = 192.168.100.199 217.0.43.33 217.0.43.17
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\MeinBenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\MeinBenutzer\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Device Detection - hkey= - key= - C:\Programme\HappyFoto-Designer\dd.exe ()
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.04.24 11:15:41 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\MeinBenutzer\Desktop\OTL.exe
[2012.04.19 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.19 13:49:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.04.17 12:05:27 | 000,000,000 | ---D | C] -- C:\Users\MeinBenutzer\AppData\Roaming\Malwarebytes
[2012.04.17 12:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.17 11:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012.04.17 11:16:17 | 000,000,000 | ---D | C] -- C:\Users\MeinBenutzer\AppData\Local\FLVService
[2012.04.17 11:16:17 | 000,000,000 | ---D | C] -- C:\Users\MeinBenutzer\Documents\Ask and Record Toolbar
[2012.04.17 11:16:15 | 000,000,000 | ---D | C] -- C:\Windows\Ask & Record Toolbar
[2012.04.17 10:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.04.16 10:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.04.16 10:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.04.16 10:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012.04.16 10:19:58 | 000,570,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.04.16 10:16:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.16 09:55:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.16 09:55:01 | 000,000,000 | ---D | C] -- C:\Users\MeinBenutzer\AppData\Local\temp
[2012.04.13 18:23:11 | 000,100,864 | ---- | C] (GMER) -- C:\agdiifow.sys
[2012.04.12 15:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012.04.12 15:15:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

========== Files - Modified Within 30 Days ==========

[2012.04.24 11:30:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.24 11:30:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.24 11:30:01 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.24 11:30:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.24 11:14:22 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\MeinBenutzer\Desktop\OTL.exe
[2012.04.24 11:14:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.24 10:58:01 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.24 10:31:52 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.24 10:31:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 10:31:35 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.24 10:31:33 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Ihnsbygqyo.job
[2012.04.24 10:31:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.24 10:31:26 | 2145,370,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.18 19:05:16 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012.04.18 19:05:16 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012.04.18 19:05:01 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012.04.17 14:11:21 | 000,004,024 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2012.04.16 18:40:29 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.16 10:22:58 | 000,115,369 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2012.04.16 10:22:58 | 000,097,961 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.16 10:19:58 | 000,570,160 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2012.04.13 18:23:11 | 000,100,864 | ---- | M] (GMER) -- C:\agdiifow.sys
[2012.04.13 09:59:54 | 000,017,408 | ---- | M] () -- C:\Users\MeinBenutzer\AppData\Local\WebpageIcons.db
[2012.04.12 18:20:02 | 000,002,637 | ---- | M] () -- C:\Users\MeinBenutzer\Desktop\Microsoft Office Word 2003.lnk
[2012.04.12 17:39:52 | 000,347,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.12 15:25:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.04.09 18:22:07 | 000,001,455 | ---- | M] () -- C:\Users\MeinBenutzer\AppData\Local\RecConfig.xml
[2012.04.08 18:09:22 | 000,143,360 | RHS- | M] () -- C:\Windows\System32\KBDURDU5.dll

========== Files Created - No Company Name ==========

[2012.04.18 19:05:01 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012.04.17 16:46:23 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.17 14:11:20 | 000,004,024 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2012.04.17 11:26:51 | 2145,370,112 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.16 10:22:58 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.04.16 10:22:58 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2012.04.13 09:59:52 | 000,017,408 | ---- | C] () -- C:\Users\MeinBenutzer\AppData\Local\WebpageIcons.db
[2012.04.08 18:09:22 | 000,143,360 | RHS- | C] () -- C:\Windows\System32\KBDURDU5.dll
[2012.04.08 18:09:22 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Ihnsbygqyo.job
[2012.03.02 21:13:32 | 000,001,455 | ---- | C] () -- C:\Users\MeinBenutzer\AppData\Local\RecConfig.xml
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.02.28 18:07:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.25 09:11:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.02.25 09:11:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.01.18 20:02:57 | 000,001,940 | ---- | C] () -- C:\Users\MeinBenutzer\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== LOP Check ==========

[2012.02.08 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\DAEMON Tools Lite
[2011.05.18 19:54:43 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.21 19:53:24 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\FOG Downloader
[2012.01.31 10:42:56 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\HappyFoto
[2008.05.16 20:39:12 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\mquadr.at
[2012.02.08 16:17:13 | 000,000,000 | ---D | M] -- C:\Users\MeinBenutzer\AppData\Roaming\ProtectDISC
[2012.04.24 10:31:33 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\Ihnsbygqyo.job
[2012.04.23 15:16:48 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2010.07.30 15:38:53 | 000,000,000 | ---D | M] -- C:\$AVG8.VAULT$
[2012.04.16 10:16:31 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2007.09.28 00:09:46 | 000,000,000 | ---D | M] -- C:\Acer
[2001.01.13 01:47:40 | 000,000,000 | ---D | M] -- C:\Book
[2011.12.25 13:41:48 | 000,000,000 | ---D | M] -- C:\Boot
[2007.10.21 15:31:51 | 000,000,000 | ---D | M] -- C:\cbt
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2007.09.28 00:08:16 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2001.01.13 01:47:40 | 000,000,000 | ---D | M] -- C:\DRV
[2010.05.17 11:25:02 | 000,000,000 | ---D | M] -- C:\Games
[2001.01.12 18:23:20 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.30 19:56:53 | 000,000,000 | ---D | M] -- C:\MyWorks
[2011.02.02 19:53:56 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.19 13:49:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.24 10:51:50 | 000,000,000 | ---D | M] -- C:\ProgramData
[2007.09.28 00:08:16 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.04.24 11:30:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2007.09.28 00:08:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.17 15:16:53 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >
[2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\MeinBenutzer\AppData\Local\No23 Recorder.exe

< %systemroot%\*. /mp /s >

< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.17 18:43:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.17 18:43:43 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.17 18:43:42 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: ENETHOOK.DLL >
[2007.04.17 20:36:34 | 000,090,112 | ---- | M] (acer) MD5=C41A868BFC6C68C7A72A2553C44460FA -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007.04.17 20:36:34 | 000,090,112 | ---- | M] (acer) MD5=C41A868BFC6C68C7A72A2553C44460FA -- C:\Windows\System32\eNetHook.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.01.02 16:15:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.01.02 16:15:09 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006.12.22 05:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
[2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007.03.21 13:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2007.10.14 23:17:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.10.14 23:17:15 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.04.16 10:19:58 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys

< %systemroot%\System32\config\*.sav >
[2001.01.13 01:49:55 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2001.01.13 01:49:52 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2001.01.13 01:49:55 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2001.01.13 01:50:11 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2001.01.13 01:50:13 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[2007.05.04 16:10:02 | 000,319,488 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2012.04.08 18:09:22 | 000,143,360 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\KBDURDU5.dll
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll

< %USERPROFILE%\*.* >
[2012.04.24 11:44:45 | 002,883,584 | -HS- | M] () -- C:\Users\MeinBenutzer\ntuser.dat
[2012.04.24 11:44:45 | 000,262,144 | -H-- | M] () -- C:\Users\MeinBenutzer\ntuser.dat.LOG1
[2007.09.28 00:09:00 | 000,000,000 | -H-- | M] () -- C:\Users\MeinBenutzer\ntuser.dat.LOG2
[2012.04.23 15:16:40 | 000,065,536 | -HS- | M] () -- C:\Users\MeinBenutzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.04.23 15:16:40 | 000,524,288 | -HS- | M] () -- C:\Users\MeinBenutzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.09.28 00:20:49 | 000,524,288 | -HS- | M] () -- C:\Users\MeinBenutzer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.09.28 00:09:00 | 000,000,020 | -HS- | M] () -- C:\Users\MeinBenutzer\ntuser.ini

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6

< End of report >
Danke im Vorraus,

DarK RaideR

Alt 24.04.2012, 12:39   #2
DarKxRaideR
 
Windows Vista SP2 - Google Suchergebnisse werden umgeleitet - Standard

Windows Vista SP2 - Google Suchergebnisse werden umgeleitet



Hier noch der TDSS Log :

Zitat:
13:32:42.0509 4560 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
13:32:43.0238 4560 ============================================================
13:32:43.0238 4560 Current date / time: 2012/04/24 13:32:43.0238
13:32:43.0238 4560 SystemInfo:
13:32:43.0238 4560
13:32:43.0239 4560 OS Version: 6.0.6002 ServicePack: 2.0
13:32:43.0239 4560 Product type: Workstation
13:32:43.0239 4560 ComputerName: MeinBenutzer-PC
13:32:43.0239 4560 UserName: MeinBenutzer
13:32:43.0239 4560 Windows directory: C:\Windows
13:32:43.0239 4560 System windows directory: C:\Windows
13:32:43.0239 4560 Processor architecture: Intel x86
13:32:43.0239 4560 Number of processors: 2
13:32:43.0239 4560 Page size: 0x1000
13:32:43.0239 4560 Boot type: Normal boot
13:32:43.0239 4560 ============================================================
13:32:43.0919 4560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200,

Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:32:43.0922 4560 Drive \Device\Harddisk1\DR1 - Size: 0x3D700000 (0.96 Gb), SectorSize: 0x200,

Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:43.0926 4560 ============================================================
13:32:43.0926 4560 \Device\Harddisk0\DR0:
13:32:43.0926 4560 MBR partitions:
13:32:43.0926 4560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum

0x8B8C000
13:32:43.0926 4560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F11000, BlocksNum

0x8B08000
13:32:43.0926 4560 \Device\Harddisk1\DR1:
13:32:43.0928 4560 MBR partitions:
13:32:43.0928 4560 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1EB7E0
13:32:43.0928 4560 ============================================================
13:32:43.0950 4560 C: <-> \Device\Harddisk0\DR0\Partition0
13:32:44.0259 4560 D: <-> \Device\Harddisk0\DR0\Partition1
13:32:44.0259 4560 ============================================================
13:32:44.0259 4560 Initialize success
13:32:44.0259 4560 ============================================================
13:32:49.0653 4324 ============================================================
13:32:49.0653 4324 Scan started
13:32:49.0653 4324 Mode: Manual; SigCheck; TDLFS;
13:32:49.0653 4324 ============================================================
13:32:54.0198 4324 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32

\drivers\acedrv11.sys
13:32:54.0363 4324 acedrv11 - ok
13:32:54.0423 4324 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32

\drivers\acpi.sys
13:32:54.0443 4324 ACPI - ok
13:32:54.0958 4324 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32

\Macromed\Flash\FlashPlayerUpdateService.exe
13:32:54.0974 4324 AdobeFlashPlayerUpdateSvc - ok
13:32:55.0270 4324 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32

\drivers\adp94xx.sys
13:32:55.0322 4324 adp94xx - ok
13:32:55.0974 4324 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32

\drivers\adpahci.sys
13:32:56.0005 4324 adpahci - ok
13:32:56.0406 4324 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32

\drivers\adpu160m.sys
13:32:56.0431 4324 adpu160m - ok
13:32:56.0669 4324 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32

\drivers\adpu320.sys
13:32:56.0703 4324 adpu320 - ok
13:32:56.0763 4324 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:32:56.0831 4324 AeLookupSvc - ok
13:32:56.0944 4324 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32

\drivers\afd.sys
13:32:56.0990 4324 AFD - ok
13:32:57.0031 4324 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32

\drivers\agp440.sys
13:32:57.0047 4324 agp440 - ok
13:32:57.0075 4324 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32

\drivers\djsvs.sys
13:32:57.0104 4324 aic78xx - ok
13:32:57.0192 4324 ALaunchService (3845b6555de995f6c0c07ae2abcc0532) C:\Acer\ALaunch\ALaunchSvc.exe
13:32:57.0210 4324 ALaunchService ( UnsignedFile.Multi.Generic ) - warning
13:32:57.0210 4324 ALaunchService - detected UnsignedFile.Multi.Generic (1)
13:32:57.0244 4324 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:32:57.0301 4324 ALG - ok
13:32:57.0356 4324 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32

\drivers\aliide.sys
13:32:57.0374 4324 aliide - ok
13:32:57.0402 4324 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32

\drivers\amdagp.sys
13:32:57.0421 4324 amdagp - ok
13:32:57.0451 4324 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32

\drivers\amdide.sys
13:32:57.0465 4324 amdide - ok
13:32:57.0523 4324 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32

\drivers\amdk7.sys
13:32:57.0726 4324 AmdK7 - ok
13:32:57.0769 4324 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32

\drivers\amdk8.sys
13:32:57.0834 4324 AmdK8 - ok
13:32:57.0899 4324 ApfiltrService (18bff317bdb10c64a35e1ca85f1ec051) C:\Windows\system32

\DRIVERS\Apfiltr.sys
13:32:57.0947 4324 ApfiltrService - ok
13:32:58.0034 4324 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:32:58.0098 4324 Appinfo - ok
13:32:58.0135 4324 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32

\drivers\arc.sys
13:32:58.0150 4324 arc - ok
13:32:58.0205 4324 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32

\drivers\arcsas.sys
13:32:58.0221 4324 arcsas - ok
13:32:58.0309 4324 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32

\DRIVERS\asyncmac.sys
13:32:58.0349 4324 AsyncMac - ok
13:32:58.0508 4324 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32

\drivers\atapi.sys
13:32:58.0524 4324 atapi - ok
13:32:58.0964 4324 Ati External Event Utility (370cb1afeab75f8b326aa95c2d157508) C:\Windows\system32

\Ati2evxx.exe
13:32:59.0049 4324 Ati External Event Utility - ok
13:33:00.0058 4324 atikmdag (074c20d7c1efb227cb620678cbcd6e44) C:\Windows\system32

\DRIVERS\atikmdag.sys
13:33:00.0261 4324 atikmdag - ok
13:33:01.0357 4324 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32

\Audiosrv.dll
13:33:01.0469 4324 AudioEndpointBuilder - ok
13:33:01.0476 4324 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:33:01.0518 4324 Audiosrv - ok
13:33:01.0593 4324 Automatisches LiveUpdate - Scheduler - ok
13:33:02.0019 4324 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files\Kaspersky

Lab\Kaspersky Internet Security 2012\avp.exe
13:33:02.0045 4324 AVP - ok
13:33:02.0392 4324 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32

\DRIVERS\b57nd60x.sys
13:33:02.0454 4324 b57nd60x - ok
13:33:02.0520 4324 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32

\drivers\Beep.sys
13:33:02.0596 4324 Beep - ok
13:33:02.0694 4324 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:33:02.0797 4324 BFE - ok
13:33:03.0508 4324 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:33:03.0668 4324 BITS - ok
13:33:03.0676 4324 blbdrive - ok
13:33:03.0919 4324 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32

\DRIVERS\bowser.sys
13:33:03.0965 4324 bowser - ok
13:33:04.0027 4324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32

\drivers\brfiltlo.sys
13:33:04.0058 4324 BrFiltLo - ok
13:33:04.0099 4324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32

\drivers\brfiltup.sys
13:33:04.0170 4324 BrFiltUp - ok
13:33:04.0233 4324 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:33:04.0307 4324 Browser - ok
13:33:04.0391 4324 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32

\drivers\brserid.sys
13:33:04.0447 4324 Brserid - ok
13:33:04.0560 4324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32

\drivers\brserwdm.sys
13:33:04.0635 4324 BrSerWdm - ok
13:33:04.0688 4324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32

\drivers\brusbmdm.sys
13:33:04.0754 4324 BrUsbMdm - ok
13:33:04.0891 4324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32

\drivers\brusbser.sys
13:33:04.0973 4324 BrUsbSer - ok
13:33:05.0006 4324 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32

\drivers\bthmodem.sys
13:33:05.0071 4324 BTHMODEM - ok
13:33:05.0365 4324 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32

\DRIVERS\cdfs.sys
13:33:05.0429 4324 cdfs - ok
13:33:05.0490 4324 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32

\DRIVERS\cdrom.sys
13:33:05.0601 4324 cdrom - ok
13:33:05.0770 4324 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:33:05.0871 4324 CertPropSvc - ok
13:33:05.0970 4324 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32

\DRIVERS\circlass.sys
13:33:06.0037 4324 circlass - ok
13:33:06.0090 4324 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:33:06.0150 4324 CLFS - ok
13:33:06.0822 4324 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194)

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:06.0847 4324 clr_optimization_v2.0.50727_32 - ok
13:33:07.0496 4324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:07.0522 4324 clr_optimization_v4.0.30319_32 - ok
13:33:07.0567 4324 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32

\DRIVERS\CmBatt.sys
13:33:07.0629 4324 CmBatt - ok
13:33:07.0728 4324 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32

\drivers\cmdide.sys
13:33:07.0751 4324 cmdide - ok
13:33:07.0885 4324 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32

\DRIVERS\compbatt.sys
13:33:07.0911 4324 Compbatt - ok
13:33:07.0917 4324 COMSysApp - ok
13:33:07.0941 4324 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32

\drivers\crcdisk.sys
13:33:07.0963 4324 crcdisk - ok
13:33:08.0021 4324 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32

\drivers\crusoe.sys
13:33:08.0098 4324 Crusoe - ok
13:33:08.0158 4324 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
13:33:08.0224 4324 CryptSvc - ok
13:33:08.0305 4324 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:33:08.0429 4324 DcomLaunch - ok
13:33:08.0923 4324 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32

\Drivers\dfsc.sys
13:33:08.0979 4324 DfsC - ok
13:33:10.0035 4324 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:33:10.0130 4324 DFSR - ok
13:33:11.0364 4324 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:33:11.0431 4324 Dhcp - ok
13:33:11.0545 4324 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32

\drivers\disk.sys
13:33:11.0580 4324 disk - ok
13:33:11.0600 4324 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32

\DRIVERS\DKbFltr.sys
13:33:11.0621 4324 DKbFltr - ok
13:33:11.0668 4324 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:33:11.0733 4324 Dnscache - ok
13:33:12.0069 4324 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:33:12.0135 4324 dot3svc - ok
13:33:12.0195 4324 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:33:12.0253 4324 DPS - ok
13:33:12.0526 4324 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys
13:33:12.0548 4324 DritekPortIO - ok
13:33:12.0581 4324 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32

\drivers\drmkaud.sys
13:33:12.0640 4324 drmkaud - ok
13:33:12.0879 4324 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32

\drivers\dxgkrnl.sys
13:33:12.0977 4324 DXGKrnl - ok
13:33:13.0042 4324 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32

\DRIVERS\E1G60I32.sys
13:33:13.0150 4324 E1G60 - ok
13:33:13.0275 4324 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:33:13.0342 4324 EapHost - ok
13:33:13.0442 4324 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32

\drivers\ecache.sys
13:33:13.0474 4324 Ecache - ok
13:33:13.0861 4324 eDataSecurity Service (83599212a2b5cded676a9d09d9856171) C:\Acer\Empowering

Technology\eDataSecurity\eDSService.exe
13:33:13.0902 4324 eDataSecurity Service - ok
13:33:14.0079 4324 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:33:14.0112 4324 ehRecvr - ok
13:33:14.0240 4324 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:33:14.0258 4324 ehSched - ok
13:33:14.0313 4324 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:33:14.0347 4324 ehstart - ok
13:33:14.0409 4324 eLockService - ok
13:33:14.0461 4324 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32

\drivers\elxstor.sys
13:33:14.0482 4324 elxstor - ok
13:33:14.0990 4324 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:33:15.0097 4324 EMDMgmt - ok
13:33:15.0122 4324 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32

\DRIVERS\enecir.sys
13:33:15.0157 4324 enecir - ok
13:33:15.0367 4324 eNet Service (ee377c3d1805558677c7c5fe2f7b3006) C:\Acer\Empowering

Technology\eNet\eNet Service.exe
13:33:15.0404 4324 eNet Service ( UnsignedFile.Multi.Generic ) - warning
13:33:15.0404 4324 eNet Service - detected UnsignedFile.Multi.Generic (1)
13:33:15.0443 4324 eRecoveryService - ok
13:33:15.0473 4324 eSettingsService - ok
13:33:16.0113 4324 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:33:16.0212 4324 EventSystem - ok
13:33:16.0265 4324 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32

\drivers\exfat.sys
13:33:16.0311 4324 exfat - ok
13:33:16.0430 4324 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32

\drivers\fastfat.sys
13:33:16.0468 4324 fastfat - ok
13:33:16.0593 4324 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32

\DRIVERS\fdc.sys
13:33:16.0669 4324 fdc - ok
13:33:16.0734 4324 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:33:16.0785 4324 fdPHost - ok
13:33:16.0820 4324 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:33:16.0882 4324 FDResPub - ok
13:33:16.0943 4324 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32

\drivers\fileinfo.sys
13:33:16.0959 4324 FileInfo - ok
13:33:16.0991 4324 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32

\drivers\filetrace.sys
13:33:17.0071 4324 Filetrace - ok
13:33:17.0259 4324 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32

\DRIVERS\flpydisk.sys
13:33:17.0334 4324 flpydisk - ok
13:33:17.0517 4324 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32

\drivers\fltmgr.sys
13:33:17.0536 4324 FltMgr - ok
13:33:17.0641 4324 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:33:17.0707 4324 FontCache - ok
13:33:17.0784 4324 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3)

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:33:17.0799 4324 FontCache3.0.0.0 - ok
13:33:17.0955 4324 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32

\drivers\Fs_Rec.sys
13:33:17.0997 4324 Fs_Rec - ok
13:33:18.0032 4324 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32

\drivers\gagp30kx.sys
13:33:18.0050 4324 gagp30kx - ok
13:33:18.0140 4324 getPlus(R) Helper (7bec703f31e1d441db16886c9aa4cba9) C:\Program

Files\NOS\bin\getPlus_HelperSvc.exe
13:33:18.0184 4324 getPlus(R) Helper - ok
13:33:18.0258 4324 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:33:18.0350 4324 gpsvc - ok
13:33:19.0043 4324 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program

Files\Google\Update\GoogleUpdate.exe
13:33:19.0072 4324 gupdate - ok
13:33:19.0091 4324 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program

Files\Google\Update\GoogleUpdate.exe
13:33:19.0112 4324 gupdatem - ok
13:33:19.0158 4324 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:33:19.0184 4324 gusvc - ok
13:33:19.0241 4324 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32

\drivers\HdAudio.sys
13:33:19.0402 4324 HdAudAddService - ok
13:33:19.0891 4324 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32

\DRIVERS\HDAudBus.sys
13:33:19.0993 4324 HDAudBus - ok
13:33:20.0011 4324 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32

\drivers\hidbth.sys
13:33:20.0113 4324 HidBth - ok
13:33:20.0149 4324 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32

\DRIVERS\hidir.sys
13:33:20.0173 4324 HidIr - ok
13:33:20.0330 4324 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:33:20.0369 4324 hidserv - ok
13:33:20.0417 4324 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32

\DRIVERS\hidusb.sys
13:33:20.0456 4324 HidUsb - ok
13:33:20.0774 4324 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:33:20.0853 4324 hkmsvc - ok
13:33:21.0075 4324 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32

\drivers\hpcisss.sys
13:33:21.0107 4324 HpCISSs - ok
13:33:21.0165 4324 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32

\DRIVERS\VSTAZL3.SYS
13:33:21.0232 4324 HSFHWAZL - ok
13:33:21.0973 4324 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32

\DRIVERS\HSX_DPV.sys
13:33:22.0101 4324 HSF_DPV - ok
13:33:22.0189 4324 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32

\DRIVERS\HSXHWAZL.sys
13:33:22.0248 4324 HSXHWAZL - ok
13:33:22.0308 4324 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32

\drivers\HTTP.sys
13:33:22.0397 4324 HTTP - ok
13:33:22.0570 4324 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32

\drivers\i2omp.sys
13:33:22.0593 4324 i2omp - ok
13:33:22.0664 4324 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32

\DRIVERS\i8042prt.sys
13:33:22.0719 4324 i8042prt - ok
13:33:22.0810 4324 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel

Matrix Storage Manager\Iaantmon.exe
13:33:22.0847 4324 IAANTMON - ok
13:33:22.0900 4324 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32

\drivers\iastor.sys
13:33:22.0926 4324 iaStor - ok
13:33:22.0981 4324 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32

\drivers\iastorv.sys
13:33:23.0013 4324 iaStorV - ok
13:33:23.0282 4324 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:33:23.0357 4324 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:33:23.0357 4324 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:33:23.0990 4324 idsvc (98477b08e61945f974ed9fdc4cb6bdab)

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:33:24.0074 4324 idsvc - ok
13:33:24.0194 4324 igfx - ok
13:33:24.0219 4324 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32

\drivers\iirsp.sys
13:33:24.0234 4324 iirsp - ok
13:33:24.0354 4324 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:33:24.0428 4324 IKEEXT - ok
13:33:24.0579 4324 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering

Technology\eRecovery\int15.sys
13:33:24.0597 4324 int15 - ok
13:33:25.0046 4324 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32

\drivers\RTKVHDA.sys
13:33:25.0219 4324 IntcAzAudAddService - ok
13:33:26.0487 4324 intelide (97469037714070e45194ed318d636401) C:\Windows\system32

\drivers\intelide.sys
13:33:26.0509 4324 intelide - ok
13:33:26.0650 4324 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32

\DRIVERS\intelppm.sys
13:33:26.0721 4324 intelppm - ok
13:33:26.0974 4324 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:33:27.0040 4324 IPBusEnum - ok
13:33:27.0070 4324 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32

\DRIVERS\ipfltdrv.sys
13:33:27.0121 4324 IpFilterDriver - ok
13:33:27.0320 4324 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:33:27.0493 4324 iphlpsvc - ok
13:33:27.0499 4324 IpInIp - ok
13:33:27.0555 4324 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32

\drivers\ipmidrv.sys
13:33:27.0650 4324 IPMIDRV - ok
13:33:27.0806 4324 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32

\DRIVERS\ipnat.sys
13:33:27.0849 4324 IPNAT - ok
13:33:27.0920 4324 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32

\drivers\irenum.sys
13:33:27.0974 4324 IRENUM - ok
13:33:28.0025 4324 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32

\drivers\isapnp.sys
13:33:28.0040 4324 isapnp - ok
13:33:28.0089 4324 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32

\DRIVERS\msiscsi.sys
13:33:28.0108 4324 iScsiPrt - ok
13:33:28.0139 4324 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32

\drivers\iteatapi.sys
13:33:28.0153 4324 iteatapi - ok
13:33:28.0185 4324 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32

\drivers\iteraid.sys
13:33:28.0201 4324 iteraid - ok
13:33:28.0383 4324 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32

\DRIVERS\kbdclass.sys
13:33:28.0412 4324 kbdclass - ok
13:33:28.0461 4324 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32

\DRIVERS\kbdhid.sys
13:33:28.0490 4324 kbdhid - ok
13:33:28.0622 4324 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:33:28.0690 4324 KeyIso - ok
13:33:28.0810 4324 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32

\DRIVERS\kl1.sys
13:33:28.0842 4324 KL1 - ok
13:33:28.0901 4324 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32

\DRIVERS\kl2.sys
13:33:28.0937 4324 kl2 - ok
13:33:29.0034 4324 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32

\DRIVERS\klif.sys
13:33:29.0087 4324 KLIF - ok
13:33:29.0126 4324 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32

\DRIVERS\klim6.sys
13:33:29.0148 4324 KLIM6 - ok
13:33:29.0187 4324 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32

\DRIVERS\klmouflt.sys
13:33:29.0208 4324 klmouflt - ok
13:33:29.0270 4324 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32

\Drivers\ksecdd.sys
13:33:29.0301 4324 KSecDD - ok
13:33:29.0366 4324 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:33:29.0460 4324 KtmRm - ok
13:33:29.0530 4324 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:33:29.0565 4324 LanmanServer - ok
13:33:29.0617 4324 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:33:29.0646 4324 LanmanWorkstation - ok
13:33:29.0911 4324 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
13:33:29.0966 4324 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:33:29.0966 4324 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:33:30.0135 4324 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32

\DRIVERS\lltdio.sys
13:33:30.0188 4324 lltdio - ok
13:33:30.0944 4324 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:33:30.0984 4324 lltdsvc - ok
13:33:31.0156 4324 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:33:31.0241 4324 lmhosts - ok
13:33:31.0268 4324 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32

\drivers\lsi_fc.sys
13:33:31.0287 4324 LSI_FC - ok
13:33:31.0303 4324 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32

\drivers\lsi_sas.sys
13:33:31.0322 4324 LSI_SAS - ok
13:33:31.0382 4324 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32

\drivers\lsi_scsi.sys
13:33:31.0401 4324 LSI_SCSI - ok
13:33:31.0751 4324 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32

\drivers\luafv.sys
13:33:31.0822 4324 luafv - ok
13:33:31.0868 4324 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:33:31.0884 4324 Mcx2Svc - ok
13:33:31.0974 4324 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32

\DRIVERS\mdmxsdk.sys
13:33:31.0988 4324 mdmxsdk - ok
13:33:32.0038 4324 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32

\drivers\megasas.sys
13:33:32.0052 4324 megasas - ok
13:33:32.0111 4324 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:33:32.0150 4324 MMCSS - ok
13:33:32.0230 4324 MobilityService - ok
13:33:32.0454 4324 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32

\drivers\modem.sys
13:33:32.0504 4324 Modem - ok
13:33:32.0559 4324 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32

\DRIVERS\monitor.sys
13:33:32.0617 4324 monitor - ok
13:33:32.0725 4324 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32

\DRIVERS\mouclass.sys
13:33:32.0744 4324 mouclass - ok
13:33:32.0878 4324 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32

\DRIVERS\mouhid.sys
13:33:32.0934 4324 mouhid - ok
13:33:33.0051 4324 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32

\drivers\mountmgr.sys
13:33:33.0066 4324 MountMgr - ok
13:33:33.0112 4324 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32

\drivers\mpio.sys
13:33:33.0129 4324 mpio - ok
13:33:33.0457 4324 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32

\drivers\mpsdrv.sys
13:33:33.0507 4324 mpsdrv - ok
13:33:34.0170 4324 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:33:34.0279 4324 MpsSvc - ok
13:33:34.0332 4324 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32

\drivers\mraid35x.sys
13:33:34.0351 4324 Mraid35x - ok
13:33:34.0398 4324 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32

\drivers\mrxdav.sys
13:33:34.0449 4324 MRxDAV - ok
13:33:34.0942 4324 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32

\DRIVERS\mrxsmb.sys
13:33:34.0976 4324 mrxsmb - ok
13:33:35.0873 4324 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32

\DRIVERS\mrxsmb10.sys
13:33:35.0951 4324 mrxsmb10 - ok
13:33:36.0196 4324 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32

\DRIVERS\mrxsmb20.sys
13:33:36.0251 4324 mrxsmb20 - ok
13:33:36.0300 4324 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32

\DRIVERS\msahci.sys
13:33:36.0323 4324 msahci - ok
13:33:36.0660 4324 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32

\drivers\msdsm.sys
13:33:36.0744 4324 msdsm - ok
13:33:36.0776 4324 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:33:36.0817 4324 MSDTC - ok
13:33:36.0962 4324 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32

\drivers\Msfs.sys
13:33:36.0990 4324 Msfs - ok
13:33:37.0119 4324 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32

\drivers\msisadrv.sys
13:33:37.0134 4324 msisadrv - ok
13:33:37.0615 4324 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:33:37.0702 4324 MSiSCSI - ok
13:33:37.0708 4324 msiserver - ok
13:33:37.0776 4324 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32

\drivers\MSKSSRV.sys
13:33:37.0841 4324 MSKSSRV - ok
13:33:37.0896 4324 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32

\drivers\MSPCLOCK.sys
13:33:37.0960 4324 MSPCLOCK - ok
13:33:37.0995 4324 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32

\drivers\MSPQM.sys
13:33:38.0070 4324 MSPQM - ok
13:33:38.0220 4324 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32

\drivers\MsRPC.sys
13:33:38.0250 4324 MsRPC - ok
13:33:38.0463 4324 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32

\DRIVERS\mssmbios.sys
13:33:38.0487 4324 mssmbios - ok
13:33:38.0538 4324 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32

\drivers\MSTEE.sys
13:33:38.0648 4324 MSTEE - ok
13:33:38.0684 4324 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32

\Drivers\mup.sys
13:33:38.0711 4324 Mup - ok
13:33:38.0765 4324 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:33:38.0808 4324 napagent - ok
13:33:38.0872 4324 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32

\DRIVERS\nwifi.sys
13:33:38.0892 4324 NativeWifiP - ok
13:33:39.0010 4324 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32

\drivers\ndis.sys
13:33:39.0041 4324 NDIS - ok
13:33:39.0265 4324 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32

\DRIVERS\ndistapi.sys
13:33:39.0305 4324 NdisTapi - ok
13:33:39.0345 4324 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32

\DRIVERS\ndisuio.sys
13:33:39.0374 4324 Ndisuio - ok
13:33:39.0586 4324 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32

\DRIVERS\ndiswan.sys
13:33:39.0662 4324 NdisWan - ok
13:33:39.0879 4324 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32

\drivers\NDProxy.sys
13:33:39.0942 4324 NDProxy - ok
13:33:39.0988 4324 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32

\DRIVERS\netbios.sys
13:33:40.0034 4324 NetBIOS - ok
13:33:40.0149 4324 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32

\DRIVERS\netbt.sys
13:33:40.0205 4324 netbt - ok
13:33:40.0257 4324 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:33:40.0278 4324 Netlogon - ok
13:33:40.0992 4324 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:33:41.0071 4324 Netman - ok
13:33:42.0089 4324 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:33:42.0145 4324 netprofm - ok
13:33:42.0233 4324 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248)

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:42.0250 4324 NetTcpPortSharing - ok
13:33:43.0211 4324 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32

\DRIVERS\NETw3v32.sys
13:33:43.0356 4324 NETw3v32 - ok
13:33:45.0502 4324 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32

\DRIVERS\NETw4v32.sys
13:33:45.0727 4324 NETw4v32 - ok
13:33:46.0261 4324 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32

\drivers\nfrd960.sys
13:33:46.0286 4324 nfrd960 - ok
13:33:46.0590 4324 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:33:46.0660 4324 NlaSvc - ok
13:33:46.0873 4324 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32

\drivers\Npfs.sys
13:33:46.0929 4324 Npfs - ok
13:33:46.0982 4324 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:33:47.0046 4324 nsi - ok
13:33:47.0147 4324 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32

\drivers\nsiproxy.sys
13:33:47.0208 4324 nsiproxy - ok
13:33:48.0574 4324 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32

\drivers\Ntfs.sys
13:33:48.0678 4324 Ntfs - ok
13:33:48.0745 4324 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32

\DRIVERS\NTIDrvr.sys
13:33:48.0769 4324 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
13:33:48.0769 4324 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
13:33:48.0791 4324 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32

\drivers\ntrigdigi.sys
13:33:48.0868 4324 ntrigdigi - ok
13:33:48.0927 4324 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32

\drivers\Null.sys
13:33:48.0991 4324 Null - ok
13:33:49.0077 4324 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32

\drivers\nvraid.sys
13:33:49.0104 4324 nvraid - ok
13:33:49.0128 4324 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32

\drivers\nvstor.sys
13:33:49.0149 4324 nvstor - ok
13:33:49.0174 4324 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32

\drivers\nv_agp.sys
13:33:49.0190 4324 nv_agp - ok
13:33:49.0194 4324 NwlnkFlt - ok
13:33:49.0200 4324 NwlnkFwd - ok
13:33:49.0240 4324 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32

\DRIVERS\ohci1394.sys
13:33:49.0262 4324 ohci1394 - ok
13:33:49.0653 4324 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common

Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:49.0669 4324 ose - ok
13:33:50.0310 4324 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:33:50.0440 4324 p2pimsvc - ok
13:33:50.0451 4324 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:33:50.0498 4324 p2psvc - ok
13:33:50.0716 4324 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32

\drivers\parport.sys
13:33:50.0781 4324 Parport - ok
13:33:51.0123 4324 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32

\drivers\partmgr.sys
13:33:51.0147 4324 partmgr - ok
13:33:51.0241 4324 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32

\drivers\parvdm.sys
13:33:51.0339 4324 Parvdm - ok
13:33:51.0370 4324 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:33:51.0399 4324 PcaSvc - ok
13:33:51.0438 4324 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32

\drivers\pci.sys
13:33:51.0456 4324 pci - ok
13:33:51.0493 4324 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32

\DRIVERS\pciide.sys
13:33:51.0509 4324 pciide - ok
13:33:51.0546 4324 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32

\drivers\pcmcia.sys
13:33:51.0568 4324 pcmcia - ok
13:33:51.0857 4324 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32

\drivers\peauth.sys
13:33:51.0960 4324 PEAUTH - ok
13:33:53.0251 4324 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:33:53.0590 4324 pla - ok
13:33:54.0204 4324 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:33:54.0255 4324 PlugPlay - ok
13:33:54.0333 4324 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:33:54.0380 4324 PNRPAutoReg - ok
13:33:54.0393 4324 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:33:54.0466 4324 PNRPsvc - ok
13:33:54.0721 4324 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:33:54.0805 4324 PolicyAgent - ok
13:33:55.0342 4324 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32

\DRIVERS\raspptp.sys
13:33:55.0384 4324 PptpMiniport - ok
13:33:55.0529 4324 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32

\drivers\processr.sys
13:33:55.0600 4324 Processor - ok
13:33:55.0984 4324 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:33:56.0041 4324 ProfSvc - ok
13:33:56.0091 4324 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:33:56.0107 4324 ProtectedStorage - ok
13:33:56.0285 4324 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32

\DRIVERS\pacer.sys
13:33:56.0370 4324 PSched - ok
13:33:56.0476 4324 PSDFilter (9aed513c256e49bd3485190f4db0dcd1) C:\Windows\system32

\DRIVERS\psdfilter.sys
13:33:56.0507 4324 PSDFilter - ok
13:33:56.0525 4324 PSDNServ (aa7c6ff04fe84674959bcc9762f400a3) C:\Windows\system32

\drivers\PSDNServ.sys
13:33:56.0538 4324 PSDNServ - ok
13:33:56.0555 4324 psdvdisk (d0ab5a590ff8ec49241fafc3cf29f49d) C:\Windows\system32

\drivers\psdvdisk.sys
13:33:56.0568 4324 psdvdisk - ok
13:33:56.0704 4324 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32

\drivers\ql2300.sys
13:33:56.0752 4324 ql2300 - ok
13:33:56.0863 4324 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32

\drivers\ql40xx.sys
13:33:56.0880 4324 ql40xx - ok
13:33:56.0935 4324 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:33:56.0978 4324 QWAVE - ok
13:33:57.0180 4324 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32

\drivers\qwavedrv.sys
13:33:57.0215 4324 QWAVEdrv - ok
13:33:57.0321 4324 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32

\DRIVERS\rasacd.sys
13:33:57.0396 4324 RasAcd - ok
13:33:57.0438 4324 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:33:57.0490 4324 RasAuto - ok
13:33:57.0793 4324 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32

\DRIVERS\rasl2tp.sys
13:33:57.0878 4324 Rasl2tp - ok
13:33:57.0954 4324 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:33:58.0007 4324 RasMan - ok
13:33:58.0144 4324 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32

\DRIVERS\raspppoe.sys
13:33:58.0190 4324 RasPppoe - ok
13:33:58.0261 4324 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32

\DRIVERS\rassstp.sys
13:33:58.0296 4324 RasSstp - ok
13:33:58.0355 4324 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32

\DRIVERS\rdbss.sys
13:33:58.0403 4324 rdbss - ok
13:33:58.0462 4324 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32

\DRIVERS\RDPCDD.sys
13:33:58.0490 4324 RDPCDD - ok
13:33:59.0648 4324 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32

\drivers\rdpdr.sys
13:33:59.0739 4324 rdpdr - ok
13:33:59.0764 4324 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32

\drivers\rdpencdd.sys
13:33:59.0800 4324 RDPENCDD - ok
13:33:59.0848 4324 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32

\drivers\RDPWD.sys
13:33:59.0896 4324 RDPWD - ok
13:33:59.0933 4324 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:33:59.0985 4324 RemoteAccess - ok
13:34:00.0385 4324 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:34:00.0452 4324 RemoteRegistry - ok
13:34:01.0036 4324 RichVideo (c1c132455200ad4704142442c89d0fa4) C:\Program Files\CyberLink\Shared

Files\RichVideo.exe
13:34:01.0082 4324 RichVideo ( UnsignedFile.Multi.Generic ) - warning
13:34:01.0082 4324 RichVideo - detected UnsignedFile.Multi.Generic (1)
13:34:01.0113 4324 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32

\DRIVERS\rimmptsk.sys
13:34:01.0162 4324 rimmptsk - ok
13:34:01.0168 4324 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32

\DRIVERS\rimsptsk.sys
13:34:01.0213 4324 rimsptsk - ok
13:34:01.0235 4324 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32

\DRIVERS\rixdptsk.sys
13:34:01.0275 4324 rismxdp - ok
13:34:01.0317 4324 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:34:01.0362 4324 RpcLocator - ok
13:34:01.0445 4324 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:34:01.0517 4324 RpcSs - ok
13:34:01.0986 4324 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32

\DRIVERS\rspndr.sys
13:34:02.0046 4324 rspndr - ok
13:34:02.0148 4324 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:34:02.0180 4324 SamSs - ok
13:34:02.0410 4324 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32

\drivers\sbp2port.sys
13:34:02.0435 4324 sbp2port - ok
13:34:02.0497 4324 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:34:02.0568 4324 SCardSvr - ok
13:34:03.0308 4324 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:34:03.0407 4324 Schedule - ok
13:34:03.0435 4324 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:34:03.0472 4324 SCPolicySvc - ok
13:34:03.0918 4324 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32

\DRIVERS\sdbus.sys
13:34:03.0974 4324 sdbus - ok
13:34:04.0324 4324 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:34:04.0364 4324 SDRSVC - ok
13:34:04.0385 4324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32

\drivers\secdrv.sys
13:34:04.0478 4324 secdrv - ok
13:34:04.0690 4324 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:34:04.0775 4324 seclogon - ok
13:34:04.0996 4324 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:34:05.0065 4324 SENS - ok
13:34:05.0179 4324 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32

\drivers\serenum.sys
13:34:05.0256 4324 Serenum - ok
13:34:05.0486 4324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32

\drivers\serial.sys
13:34:05.0606 4324 Serial - ok
13:34:05.0844 4324 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32

\drivers\sermouse.sys
13:34:05.0921 4324 sermouse - ok
13:34:06.0452 4324 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:34:06.0491 4324 SessionEnv - ok
13:34:06.0626 4324 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32

\DRIVERS\sffdisk.sys
13:34:06.0707 4324 sffdisk - ok
13:34:06.0759 4324 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32

\drivers\sffp_mmc.sys
13:34:06.0877 4324 sffp_mmc - ok
13:34:06.0915 4324 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32

\DRIVERS\sffp_sd.sys
13:34:06.0977 4324 sffp_sd - ok
13:34:07.0006 4324 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32

\DRIVERS\sfloppy.sys
13:34:07.0053 4324 sfloppy - ok
13:34:07.0172 4324 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:34:07.0244 4324 SharedAccess - ok
13:34:07.0290 4324 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:34:07.0336 4324 ShellHWDetection - ok
13:34:07.0360 4324 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32

\drivers\sisagp.sys
13:34:07.0376 4324 sisagp - ok
13:34:07.0451 4324 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32

\drivers\sisraid2.sys
13:34:07.0465 4324 SiSRaid2 - ok
13:34:07.0492 4324 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32

\drivers\sisraid4.sys
13:34:07.0508 4324 SiSRaid4 - ok
13:34:07.0710 4324 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program

Files\Skype\Updater\Updater.exe
13:34:07.0725 4324 SkypeUpdate - ok
13:34:08.0158 4324 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:34:08.0539 4324 slsvc - ok
13:34:08.0897 4324 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32

\SLUINotify.dll
13:34:08.0957 4324 SLUINotify - ok
13:34:09.0010 4324 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32

\DRIVERS\smb.sys
13:34:09.0043 4324 Smb - ok
13:34:09.0088 4324 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:34:09.0128 4324 SNMPTRAP - ok
13:34:09.0299 4324 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32

\DRIVERS\snp2uvc.sys
13:34:09.0408 4324 SNP2UVC - ok
13:34:09.0575 4324 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32

\drivers\spldr.sys
13:34:09.0590 4324 spldr - ok
13:34:09.0638 4324 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:34:09.0662 4324 Spooler - ok
13:34:09.0809 4324 sptd (ab5c8f6e63674dbad9c1e449e8fd77ce) C:\Windows\System32

\Drivers\sptd.sys
13:34:09.0846 4324 sptd - ok
13:34:09.0908 4324 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32

\DRIVERS\srv.sys
13:34:09.0970 4324 srv - ok
13:34:10.0013 4324 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32

\DRIVERS\srv2.sys
13:34:10.0050 4324 srv2 - ok
13:34:10.0084 4324 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32

\DRIVERS\srvnet.sys
13:34:10.0106 4324 srvnet - ok
13:34:10.0181 4324 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:34:10.0221 4324 SSDPSRV - ok
13:34:10.0293 4324 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:34:10.0318 4324 SstpSvc - ok
13:34:10.0357 4324 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32

\DRIVERS\serscan.sys
13:34:10.0393 4324 StillCam - ok
13:34:10.0454 4324 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:34:10.0547 4324 stisvc - ok
13:34:10.0619 4324 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32

\DRIVERS\swenum.sys
13:34:10.0645 4324 swenum - ok
13:34:10.0740 4324 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:34:10.0820 4324 swprv - ok
13:34:10.0858 4324 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32

\drivers\symc8xx.sys
13:34:10.0883 4324 Symc8xx - ok
13:34:10.0909 4324 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32

\drivers\sym_hi.sys
13:34:10.0936 4324 Sym_hi - ok
13:34:10.0966 4324 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32

\drivers\sym_u3.sys
13:34:10.0980 4324 Sym_u3 - ok
13:34:11.0063 4324 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:34:11.0122 4324 SysMain - ok
13:34:11.0165 4324 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:34:11.0201 4324 TabletInputService - ok
13:34:11.0240 4324 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:34:11.0291 4324 TapiSrv - ok
13:34:11.0339 4324 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:34:11.0381 4324 TBS - ok
13:34:11.0519 4324 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32

\drivers\tcpip.sys
13:34:11.0594 4324 Tcpip - ok
13:34:11.0605 4324 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32

\DRIVERS\tcpip.sys
13:34:11.0687 4324 Tcpip6 - ok
13:34:11.0740 4324 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32

\drivers\tcpipreg.sys
13:34:11.0787 4324 tcpipreg - ok
13:34:11.0824 4324 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32

\drivers\tdpipe.sys
13:34:11.0873 4324 TDPIPE - ok
13:34:11.0909 4324 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32

\drivers\tdtcp.sys
13:34:11.0960 4324 TDTCP - ok
13:34:12.0027 4324 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32

\DRIVERS\tdx.sys
13:34:12.0066 4324 tdx - ok
13:34:12.0100 4324 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32

\DRIVERS\termdd.sys
13:34:12.0120 4324 TermDD - ok
13:34:12.0226 4324 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:34:12.0289 4324 TermService - ok
13:34:12.0339 4324 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:34:12.0371 4324 Themes - ok
13:34:12.0497 4324 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:34:12.0544 4324 THREADORDER - ok
13:34:12.0584 4324 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:34:12.0697 4324 TrkWks - ok
13:34:12.0738 4324 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba)

C:\Windows\servicing\TrustedInstaller.exe
13:34:12.0797 4324 TrustedInstaller - ok
13:34:12.0838 4324 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32

\DRIVERS\tssecsrv.sys
13:34:12.0882 4324 tssecsrv - ok
13:34:12.0921 4324 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32

\DRIVERS\tunmp.sys
13:34:12.0955 4324 tunmp - ok
13:34:13.0005 4324 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32

\DRIVERS\tunnel.sys
13:34:13.0022 4324 tunnel - ok
13:34:13.0068 4324 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32

\drivers\uagp35.sys
13:34:13.0083 4324 uagp35 - ok
13:34:13.0151 4324 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32

\DRIVERS\udfs.sys
13:34:13.0178 4324 udfs - ok
13:34:13.0219 4324 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:34:13.0252 4324 UI0Detect - ok
13:34:13.0256 4324 UIUSys - ok
13:34:13.0286 4324 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32

\drivers\uliagpkx.sys
13:34:13.0302 4324 uliagpkx - ok
13:34:13.0324 4324 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32

\drivers\uliahci.sys
13:34:13.0346 4324 uliahci - ok
13:34:13.0380 4324 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32

\drivers\ulsata.sys
13:34:13.0395 4324 UlSata - ok
13:34:13.0416 4324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32

\drivers\ulsata2.sys
13:34:13.0432 4324 ulsata2 - ok
13:34:13.0464 4324 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32

\DRIVERS\umbus.sys
13:34:13.0493 4324 umbus - ok
13:34:13.0609 4324 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:34:13.0677 4324 upnphost - ok
13:34:13.0732 4324 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32

\drivers\usbaudio.sys
13:34:13.0769 4324 usbaudio - ok
13:34:13.0800 4324 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32

\DRIVERS\usbccgp.sys
13:34:13.0826 4324 usbccgp - ok
13:34:13.0866 4324 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32

\drivers\usbcir.sys
13:34:13.0914 4324 usbcir - ok
13:34:13.0938 4324 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32

\DRIVERS\usbehci.sys
13:34:13.0966 4324 usbehci - ok
13:34:14.0111 4324 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32

\DRIVERS\usbhub.sys
13:34:14.0176 4324 usbhub - ok
13:34:14.0201 4324 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32

\drivers\usbohci.sys
13:34:14.0259 4324 usbohci - ok
13:34:14.0330 4324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32

\DRIVERS\usbprint.sys
13:34:14.0389 4324 usbprint - ok
13:34:14.0464 4324 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32

\DRIVERS\USBSTOR.SYS
13:34:14.0493 4324 USBSTOR - ok
13:34:14.0534 4324 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32

\DRIVERS\usbuhci.sys
13:34:14.0587 4324 usbuhci - ok
13:34:14.0658 4324 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32

\Drivers\usbvideo.sys
13:34:14.0707 4324 usbvideo - ok
13:34:14.0748 4324 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:34:14.0789 4324 UxSms - ok
13:34:14.0962 4324 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:34:15.0090 4324 vds - ok
13:34:15.0123 4324 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32

\DRIVERS\vgapnp.sys
13:34:15.0209 4324 vga - ok
13:34:15.0291 4324 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32

\drivers\vga.sys
13:34:15.0346 4324 VgaSave - ok
13:34:15.0370 4324 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32

\drivers\viaagp.sys
13:34:15.0385 4324 viaagp - ok
13:34:15.0412 4324 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32

\drivers\viac7.sys
13:34:15.0457 4324 ViaC7 - ok
13:34:15.0491 4324 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32

\drivers\viaide.sys
13:34:15.0506 4324 viaide - ok
13:34:15.0591 4324 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32

\drivers\volmgr.sys
13:34:15.0607 4324 volmgr - ok
13:34:15.0902 4324 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32

\drivers\volmgrx.sys
13:34:15.0957 4324 volmgrx - ok
13:34:16.0011 4324 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32

\drivers\volsnap.sys
13:34:16.0037 4324 volsnap - ok
13:34:16.0138 4324 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32

\drivers\vsmraid.sys
13:34:16.0158 4324 vsmraid - ok
13:34:16.0396 4324 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:34:16.0504 4324 VSS - ok
13:34:16.0553 4324 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:34:16.0619 4324 W32Time - ok
13:34:16.0692 4324 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32

\drivers\wacompen.sys
13:34:16.0783 4324 WacomPen - ok
13:34:16.0812 4324 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32

\DRIVERS\wanarp.sys
13:34:16.0837 4324 Wanarp - ok
13:34:16.0840 4324 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32

\DRIVERS\wanarp.sys
13:34:16.0865 4324 Wanarpv6 - ok
13:34:16.0983 4324 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:34:17.0043 4324 wcncsvc - ok
13:34:17.0073 4324 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32

\WcsPlugInService.dll
13:34:17.0099 4324 WcsPlugInService - ok
13:34:17.0123 4324 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32

\drivers\wd.sys
13:34:17.0137 4324 Wd - ok
13:34:17.0317 4324 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32

\drivers\Wdf01000.sys
13:34:17.0364 4324 Wdf01000 - ok
13:34:17.0404 4324 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:34:17.0443 4324 WdiServiceHost - ok
13:34:17.0446 4324 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:34:17.0477 4324 WdiSystemHost - ok
13:34:17.0696 4324 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:34:17.0767 4324 WebClient - ok
13:34:17.0803 4324 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:34:17.0825 4324 Wecsvc - ok
13:34:17.0861 4324 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32

\wercplsupport.dll
13:34:17.0886 4324 wercplsupport - ok
13:34:17.0913 4324 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:34:17.0964 4324 WerSvc - ok
13:34:18.0032 4324 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32

\DRIVERS\HSX_CNXT.sys
13:34:18.0092 4324 winachsf - ok
13:34:18.0285 4324 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows

Defender\mpsvc.dll
13:34:18.0319 4324 WinDefend - ok
13:34:18.0325 4324 WinHttpAutoProxySvc - ok
13:34:18.0431 4324 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32

\wbem\WMIsvc.dll
13:34:18.0467 4324 Winmgmt - ok
13:34:18.0771 4324 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:34:18.0872 4324 WinRM - ok
13:34:18.0954 4324 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:34:18.0989 4324 Wlansvc - ok
13:34:19.0056 4324 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32

\DRIVERS\wmiacpi.sys
13:34:19.0098 4324 WmiAcpi - ok
13:34:19.0171 4324 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32

\wbem\WmiApSrv.exe
13:34:19.0198 4324 wmiApSrv - ok
13:34:19.0364 4324 WMIService (ee80ac462a171dbf06eeb2058b5d3bc6) C:\Acer\Empowering

Technology\ePower\ePowerSvc.exe
13:34:19.0408 4324 WMIService ( UnsignedFile.Multi.Generic ) - warning
13:34:19.0408 4324 WMIService - detected UnsignedFile.Multi.Generic (1)
13:34:19.0612 4324 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media

Player\wmpnetwk.exe
13:34:19.0669 4324 WMPNetworkSvc - ok
13:34:19.0940 4324 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:34:19.0994 4324 WPCSvc - ok
13:34:20.0034 4324 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32

\wpdbusenum.dll
13:34:20.0067 4324 WPDBusEnum - ok
13:34:20.0151 4324 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32

\DRIVERS\wpdusb.sys
13:34:20.0179 4324 WpdUsb - ok
13:34:20.0473 4324 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795)

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:34:20.0578 4324 WPFFontCache_v0400 - ok
13:34:20.0622 4324 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32

\drivers\ws2ifsl.sys
13:34:20.0682 4324 ws2ifsl - ok
13:34:20.0827 4324 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:34:20.0883 4324 wscsvc - ok
13:34:20.0890 4324 WSearch - ok
13:34:21.0129 4324 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
13:34:21.0251 4324 wuauserv - ok
13:34:21.0526 4324 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:34:21.0597 4324 wudfsvc - ok
13:34:21.0646 4324 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32

\DRIVERS\xaudio.sys
13:34:21.0711 4324 XAudio - ok
13:34:21.0767 4324 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32

\DRIVERS\xaudio.exe
13:34:21.0810 4324 XAudioService - ok
13:34:22.0011 4324 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936)

C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
13:34:22.0059 4324 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
13:34:22.0084 4324 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
13:34:24.0778 4324 \Device\Harddisk0\DR0 - ok
13:34:24.0787 4324 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
13:34:28.0131 4324 \Device\Harddisk1\DR1 - ok
13:34:28.0167 4324 Boot (0x1200) (4a840f60aef2e55f951a0520f6a84ae4) \Device\Harddisk0\DR0\Partition0
13:34:28.0169 4324 \Device\Harddisk0\DR0\Partition0 - ok
13:34:28.0209 4324 Boot (0x1200) (fb502ffff553d43aa60594c05fa9a674) \Device\Harddisk0\DR0\Partition1
13:34:28.0211 4324 \Device\Harddisk0\DR0\Partition1 - ok
13:34:28.0215 4324 Boot (0x1200) (aed8f39905933ea5a2446ef038748796) \Device\Harddisk1\DR1\Partition0
13:34:28.0217 4324 \Device\Harddisk1\DR1\Partition0 - ok
13:34:28.0217 4324 ============================================================
13:34:28.0217 4324 Scan finished
13:34:28.0217 4324 ============================================================
13:34:28.0227 4780 Detected object count: 7
13:34:28.0227 4780 Actual detected object count: 7
13:36:05.0483 4780 ALaunchService ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0483 4780 ALaunchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0485 4780 eNet Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0485 4780 eNet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0486 4780 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0486 4780 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0489 4780 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0489 4780 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0490 4780 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0490 4780 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0491 4780 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0491 4780 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:36:05.0492 4780 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:05.0493 4780 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Last but not least der MBAM Bericht :

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.24.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Martina :: MeinBenutzer-PC [Administrator]

Schutz: Deaktiviert

24.04.2012 13:50:33
mbam-log-2012-04-24 (13-50-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 329890
Laufzeit: 1 Stunde(n), 4 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Folgendes hat bei mir geholfen :

Zitat:
:OTL
[2012.04.08 18:09:22 | 000,000,318 | ---- | C] () -- C:\Windows\tasks\Ihnsbygqyo.job
[2012.04.08 18:09:22 | 000,143,360 | RHS- | C] () -- C:\Windows\System32\KBDURDU5.dll
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:B203B914
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:A95A95AC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:94188BC6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:AA9519A6

:Commands
[emptytemp]
[Reboot]
Es scheint mir, aus vergleichbaren Threads, als würde es wohl immer einen geplanten Task (*.job) geben und in Verbindung damit mehrere AlternateDataStreams und eine DLL die mit dem Problem zu tun haben. Ich halte mal ein Auge drauf und hoffe das dieser "Google Hijack" nicht zur Plage wird wie die GEMA, BKA und Co. Trojaner (obgleich die einfacher weg gehen^^)

Greetz,

DarK RaideR
__________________


Antwort

Themen zu Windows Vista SP2 - Google Suchergebnisse werden umgeleitet
.vault, 0x00000001, akamai, alternate, autorun, avp, avp.exe, branding, firefox, flash player, google, google suchergebnisse werden umgeleitet, home, internet, internet explorer, kaspersky, microsoft office word, nodrives, nvstor.sys, olympus, plug-in, popup, realtek, registry, required, searchscopes, software, symantec, system, tastatur, version=1.0, windows




Ähnliche Themen: Windows Vista SP2 - Google Suchergebnisse werden umgeleitet


  1. Google Suchergebnisse werden umgeleitet und Windows Sicherheitscenterdienst lässt sich nicht starten
    Log-Analyse und Auswertung - 01.07.2013 (15)
  2. Google Redirect ? Suchergebnisse werden auf andere Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (7)
  3. Trojanerbeseitigung - Google Suchergebnisse werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (37)
  4. Google Suchergebnisse werden weiter geleitet Windows 7 Firewall kann nicht mehr aktiviert werden
    Log-Analyse und Auswertung - 15.07.2011 (19)
  5. Google Suchergebnisse werden zu Werbeseiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (1)
  6. Google und Bing Suchergebnisse werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (39)
  7. google suchergebnisse werden umgeleitet - malware? Log files anbei
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (16)
  8. Google Suchergebnisse werden umgeleitet
    Log-Analyse und Auswertung - 16.11.2010 (12)
  9. Security Tools wirklich entfernt? Google suchergebnisse werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (15)
  10. Google Suchergebnisse und Links werden umgeleitet
    Log-Analyse und Auswertung - 24.09.2010 (16)
  11. Google-Suchergebnisse umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 04.03.2010 (1)
  12. Google Suchergebnisse werden umgeleitet auf falsche Seiten
    Log-Analyse und Auswertung - 22.02.2010 (3)
  13. Auch bei mir werden Google-Suchergebnisse umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 20.01.2010 (19)
  14. Google Suchergebnisse werden umgeleitet, Microsoft Update wird nicht angezeigt
    Log-Analyse und Auswertung - 10.03.2009 (18)
  15. Google Suchergebnisse umgeleitet
    Log-Analyse und Auswertung - 27.09.2008 (2)
  16. Brauche Hilfe, Google-Suchergebnisse werden umgeleitet
    Log-Analyse und Auswertung - 22.04.2006 (2)
  17. Bitte um Prüfung - google.de Suchergebnisse werden umgeleitet
    Log-Analyse und Auswertung - 02.01.2006 (2)

Zum Thema Windows Vista SP2 - Google Suchergebnisse werden umgeleitet - Ich habe nach einem Trojanerbefall mein System nun scheinbar Virenfrei bekommen, jedoch werden meine Googlesuchergebnisse beim Klick auf einen Link umgeleitet z.B. an 108.59.9.20 und das aber auchnur sporadisch, d.h. - Windows Vista SP2 - Google Suchergebnisse werden umgeleitet...
Archiv
Du betrachtest: Windows Vista SP2 - Google Suchergebnisse werden umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.