Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2013, 10:00   #1
CeejayCC
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Guten Tag,
ich habe ein Problem mit einem Trojaner. Folgendes hat sich ereignet:
Mein Vater bekam folgende E-Mail die ich eindeutig als SPAM identifizieren würde und gelöscht hätte.

Sehr geehrte Damen und Herren,

anbei erhalten Sie Ihre Rechnung fur die Dienste der freenet Breitband GmbH, die Sie unter Ihrer Kundennummer 94802366 genutzt haben. Einzelheiten entnehmen Sie bitte dem angehangten PDF-Dokument als ZIP-Datei.

Mit freundlichen GrьЯen,
Vielen Dank. Ihr freenet Service-Team

________________________________________________________________________________

freenet Breitband GmbH, Postfach 2120, 24001 Kiel
Geschдftsfьhrung: Thorsten Meier, Andreas Sand, Claas Voigt
Hamburg - HRB 105837, Amtsgericht Hamburg
St.-Nr.: 27 / 001 / 01026, USt.-ID: DE259893671

Im Anhang war eine Zip-Datei: Ihre_Rechnung_für_Ihre_Bestellung_2013.zip

Absender: Kontakt@freenet.de

Nun hat mein Vater gedacht es handele sich dabei um eine Rechnung die er erwartet hatte. Er hat das Archiv geöffnet. Darin befindet sich eine *.exe Datei. Der Dateiname ist mir nicht bekannt, da ich nicht dabei war und es ungern wiederholen möchte. Die EXE-Datei selbst hat er nicht ausgeführt sondern lediglich das Archiv geöffnet.

Nun meldet sich seitdem das Virenschutzprogramm (Avast) regelmäßig mit folgender Meldung:

bösartige Webseite blockiert
Objekt: hxxp://jetaqua.com/f44/myse.php
Infektion: URL:Mal
Prozess: C:\Users\janosch\AppData\Roaming\usersrdef.exe


Ich hoffe jemand von euch kann uns weiterhelfen.
Der Rechner befindet sich im Netzwerk mit Server und insgesamt 4 angeschlossenen Arbeitsplätzen.

Ich habe eine gezippte eml Datei der Email bereits an virus@trojaner-board.de geschickt.

Gruß Cee

Alt 12.06.2013, 10:07   #2
markusg
/// Malware-holic
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 12.06.2013, 10:56   #3
CeejayCC
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Hallo,

das Programm hängt an der Stelle "Scanning Firefox settings..."
Könnte dies auch schon durch einen Schädling verursacht werden?

Gruß Cee
__________________

Alt 12.06.2013, 14:09   #4
markusg
/// Malware-holic
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Nein.
schaun wir mal weiter.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.06.2013, 14:24   #5
CeejayCC
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



So hier nun der log
Code:
ATTFilter
15:19:37.0490 4128  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:19:37.0817 4128  ============================================================
15:19:37.0817 4128  Current date / time: 2013/06/12 15:19:37.0817
15:19:37.0833 4128  SystemInfo:
15:19:37.0833 4128  
15:19:37.0833 4128  OS Version: 6.1.7601 ServicePack: 1.0
15:19:37.0833 4128  Product type: Workstation
15:19:37.0833 4128  ComputerName: JANOSCH
15:19:37.0833 4128  UserName: janosch
15:19:37.0833 4128  Windows directory: C:\Windows
15:19:37.0833 4128  System windows directory: C:\Windows
15:19:37.0833 4128  Running under WOW64
15:19:37.0833 4128  Processor architecture: Intel x64
15:19:37.0833 4128  Number of processors: 3
15:19:37.0833 4128  Page size: 0x1000
15:19:37.0833 4128  Boot type: Normal boot
15:19:37.0833 4128  ============================================================
15:19:39.0112 4128  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:19:39.0143 4128  Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:39.0143 4128  Drive \Device\Harddisk3\DR3 - Size: 0x3B6000000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x791, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:19:39.0143 4128  ============================================================
15:19:39.0143 4128  \Device\Harddisk0\DR0:
15:19:39.0143 4128  MBR partitions:
15:19:39.0143 4128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:19:39.0143 4128  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FBAB0
15:19:39.0143 4128  \Device\Harddisk2\DR2:
15:19:39.0143 4128  MBR partitions:
15:19:39.0143 4128  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x1D1C4542
15:19:39.0143 4128  \Device\Harddisk3\DR3:
15:19:39.0159 4128  MBR partitions:
15:19:39.0159 4128  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x1DAFFD0
15:19:39.0159 4128  ============================================================
15:19:39.0175 4128  C: <-> \Device\Harddisk0\DR0\Partition2
15:19:39.0175 4128  S: <-> \Device\Harddisk2\DR2\Partition1
15:19:39.0175 4128  ============================================================
15:19:39.0175 4128  Initialize success
15:19:39.0175 4128  ============================================================
15:19:58.0565 1532  ============================================================
15:19:58.0565 1532  Scan started
15:19:58.0565 1532  Mode: Manual; SigCheck; TDLFS; 
15:19:58.0565 1532  ============================================================
15:19:59.0283 1532  ================ Scan system memory ========================
15:19:59.0283 1532  System memory - ok
15:19:59.0283 1532  ================ Scan services =============================
15:19:59.0423 1532  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:19:59.0611 1532  1394ohci - ok
15:19:59.0657 1532  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:19:59.0673 1532  ACPI - ok
15:19:59.0689 1532  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:19:59.0845 1532  AcpiPmi - ok
15:19:59.0969 1532  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:20:00.0001 1532  AdobeARMservice - ok
15:20:00.0157 1532  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:20:00.0188 1532  AdobeFlashPlayerUpdateSvc - ok
15:20:00.0219 1532  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:20:00.0250 1532  adp94xx - ok
15:20:00.0266 1532  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:20:00.0281 1532  adpahci - ok
15:20:00.0297 1532  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:20:00.0313 1532  adpu320 - ok
15:20:00.0344 1532  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:20:00.0391 1532  AeLookupSvc - ok
15:20:00.0453 1532  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
15:20:00.0562 1532  AFD - ok
15:20:00.0609 1532  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:20:00.0640 1532  agp440 - ok
15:20:00.0671 1532  [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
15:20:00.0749 1532  aksdf - ok
15:20:00.0812 1532  [ BA2342582697D66A2BFE84B702BDD78F ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
15:20:00.0843 1532  aksfridge - ok
15:20:00.0890 1532  [ A56F1B0F967AEF8A82D7771E6D166DEF ] akshasp         C:\Windows\system32\DRIVERS\akshasp.sys
15:20:00.0937 1532  akshasp - ok
15:20:00.0983 1532  [ E444E6F621A3CDF0E3FF018293895061 ] aksusb          C:\Windows\system32\DRIVERS\aksusb.sys
15:20:01.0015 1532  aksusb - ok
15:20:01.0046 1532  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
15:20:01.0093 1532  ALG - ok
15:20:01.0186 1532  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:20:01.0217 1532  aliide - ok
15:20:01.0264 1532  [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:20:01.0358 1532  AMD External Events Utility - ok
15:20:01.0373 1532  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
15:20:01.0373 1532  amdide - ok
15:20:01.0405 1532  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:20:01.0514 1532  AmdK8 - ok
15:20:01.0732 1532  [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:20:02.0044 1532  amdkmdag - ok
15:20:02.0091 1532  [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:20:02.0122 1532  amdkmdap - ok
15:20:02.0153 1532  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:20:02.0200 1532  AmdPPM - ok
15:20:02.0231 1532  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:20:02.0247 1532  amdsata - ok
15:20:02.0263 1532  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:20:02.0278 1532  amdsbs - ok
15:20:02.0309 1532  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:20:02.0309 1532  amdxata - ok
15:20:02.0356 1532  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
15:20:02.0497 1532  AppID - ok
15:20:02.0528 1532  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:20:02.0590 1532  AppIDSvc - ok
15:20:02.0637 1532  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
15:20:02.0715 1532  Appinfo - ok
15:20:02.0793 1532  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:20:02.0887 1532  AppMgmt - ok
15:20:02.0965 1532  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:20:03.0011 1532  arc - ok
15:20:03.0043 1532  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:20:03.0058 1532  arcsas - ok
15:20:03.0105 1532  [ 954950D11ADA98AC1B7EE3C770E4622C ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
15:20:03.0183 1532  asmthub3 - ok
15:20:03.0261 1532  [ 01DBB05DB1DB95803E3C9F2B49AFE79C ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
15:20:03.0323 1532  asmtxhci - ok
15:20:03.0386 1532  aspnet_state - ok
15:20:03.0464 1532  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
15:20:03.0479 1532  aswFsBlk - ok
15:20:03.0526 1532  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
15:20:03.0526 1532  aswMonFlt - ok
15:20:03.0542 1532  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
15:20:03.0557 1532  aswRdr - ok
15:20:03.0620 1532  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
15:20:03.0667 1532  aswRvrt - ok
15:20:03.0713 1532  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
15:20:03.0776 1532  aswSnx - ok
15:20:03.0791 1532  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\Windows\system32\drivers\aswSP.sys
15:20:03.0807 1532  aswSP - ok
15:20:03.0823 1532  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
15:20:03.0823 1532  aswTdi - ok
15:20:03.0885 1532  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
15:20:03.0932 1532  aswVmm - ok
15:20:03.0932 1532  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:20:03.0994 1532  AsyncMac - ok
15:20:04.0025 1532  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
15:20:04.0041 1532  atapi - ok
15:20:04.0088 1532  [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
15:20:04.0103 1532  AthBTPort - ok
15:20:04.0135 1532  [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
15:20:04.0150 1532  ATHDFU - ok
15:20:04.0181 1532  [ FB3FF3DB34CB86F2B936B24D96F21F6F ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
15:20:04.0213 1532  AtherosSvc ( UnsignedFile.Multi.Generic ) - warning
15:20:04.0213 1532  AtherosSvc - detected UnsignedFile.Multi.Generic (1)
15:20:04.0322 1532  [ DACE94C8AB40EFCD819C023F51C60C2E ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:20:04.0447 1532  athr - ok
15:20:04.0525 1532  [ 36322190763845975E0D001E90687BF2 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
15:20:04.0571 1532  athur - ok
15:20:04.0774 1532  [ 60216B0E704584DE6D5A9F59E9C34C47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
15:20:04.0852 1532  atikmdag - ok
15:20:04.0915 1532  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:20:05.0024 1532  AudioEndpointBuilder - ok
15:20:05.0039 1532  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:20:05.0071 1532  AudioSrv - ok
15:20:05.0149 1532  [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
15:20:05.0195 1532  Autodesk Licensing Service - ok
15:20:05.0273 1532  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:20:05.0305 1532  avast! Antivirus - ok
15:20:05.0351 1532  [ 43744F1D3CDE20F3925F10927C9036C2 ] AVMCOWAN        C:\Windows\system32\DRIVERS\AVMCOWAN.sys
15:20:05.0492 1532  AVMCOWAN - ok
15:20:05.0507 1532  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:20:05.0554 1532  AxInstSV - ok
15:20:05.0601 1532  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:20:05.0663 1532  b06bdrv - ok
15:20:05.0695 1532  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:20:05.0773 1532  b57nd60a - ok
15:20:05.0819 1532  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:20:05.0882 1532  BDESVC - ok
15:20:05.0913 1532  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:20:06.0007 1532  Beep - ok
15:20:06.0053 1532  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
15:20:06.0100 1532  BFE - ok
15:20:06.0131 1532  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
15:20:06.0256 1532  BITS - ok
15:20:06.0287 1532  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:20:06.0334 1532  blbdrive - ok
15:20:06.0365 1532  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:20:06.0459 1532  bowser - ok
15:20:06.0521 1532  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:20:06.0599 1532  BrFiltLo - ok
15:20:06.0631 1532  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:20:06.0662 1532  BrFiltUp - ok
15:20:06.0709 1532  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
15:20:06.0740 1532  Browser - ok
15:20:06.0755 1532  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:20:06.0849 1532  Brserid - ok
15:20:06.0880 1532  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:20:06.0943 1532  BrSerWdm - ok
15:20:06.0958 1532  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:20:07.0036 1532  BrUsbMdm - ok
15:20:07.0052 1532  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:20:07.0067 1532  BrUsbSer - ok
15:20:07.0114 1532  [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
15:20:07.0145 1532  BTATH_A2DP - ok
15:20:07.0161 1532  [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
15:20:07.0177 1532  BTATH_BUS - ok
15:20:07.0192 1532  [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
15:20:07.0208 1532  BTATH_HCRP - ok
15:20:07.0223 1532  [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
15:20:07.0239 1532  BTATH_LWFLT - ok
15:20:07.0255 1532  [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
15:20:07.0255 1532  BTATH_RCP - ok
15:20:07.0286 1532  [ E24FBEFF8FD3BD997AA5E9BD68BD7C74 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
15:20:07.0301 1532  BtFilter - ok
15:20:07.0348 1532  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
15:20:07.0426 1532  BthEnum - ok
15:20:07.0457 1532  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:20:07.0520 1532  BTHMODEM - ok
15:20:07.0535 1532  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:20:07.0551 1532  BthPan - ok
15:20:07.0598 1532  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
15:20:07.0660 1532  BTHPORT - ok
15:20:07.0691 1532  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
15:20:07.0769 1532  bthserv - ok
15:20:07.0801 1532  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
15:20:07.0847 1532  BTHUSB - ok
15:20:07.0879 1532  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:20:07.0925 1532  cdfs - ok
15:20:07.0972 1532  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
15:20:08.0019 1532  cdrom - ok
15:20:08.0066 1532  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:20:08.0159 1532  CertPropSvc - ok
15:20:08.0191 1532  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:20:08.0269 1532  circlass - ok
15:20:08.0315 1532  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
15:20:08.0347 1532  CLFS - ok
15:20:08.0362 1532  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:20:08.0378 1532  clr_optimization_v2.0.50727_32 - ok
15:20:08.0456 1532  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:20:08.0487 1532  clr_optimization_v2.0.50727_64 - ok
15:20:08.0565 1532  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:20:08.0612 1532  clr_optimization_v4.0.30319_32 - ok
15:20:08.0643 1532  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:20:08.0659 1532  clr_optimization_v4.0.30319_64 - ok
15:20:08.0674 1532  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:20:08.0721 1532  CmBatt - ok
15:20:08.0752 1532  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:20:08.0768 1532  cmdide - ok
15:20:08.0815 1532  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
15:20:08.0846 1532  CNG - ok
15:20:08.0877 1532  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:20:08.0893 1532  Compbatt - ok
15:20:08.0924 1532  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:20:08.0971 1532  CompositeBus - ok
15:20:08.0971 1532  COMSysApp - ok
15:20:09.0017 1532  [ D0C2CAA17C7B6D2200E1B5AA9D07135E ] cpuz135         C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys
15:20:09.0049 1532  cpuz135 - ok
15:20:09.0064 1532  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:20:09.0080 1532  crcdisk - ok
15:20:09.0127 1532  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:20:09.0173 1532  CryptSvc - ok
15:20:09.0220 1532  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
15:20:09.0314 1532  CSC - ok
15:20:09.0345 1532  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
15:20:09.0407 1532  CscService - ok
15:20:09.0454 1532  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:20:09.0563 1532  DcomLaunch - ok
15:20:09.0595 1532  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
15:20:09.0641 1532  defragsvc - ok
15:20:09.0688 1532  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:20:09.0766 1532  DfsC - ok
15:20:09.0813 1532  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:20:09.0844 1532  Dhcp - ok
15:20:09.0875 1532  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
15:20:09.0907 1532  discache - ok
15:20:09.0922 1532  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:20:09.0922 1532  Disk - ok
15:20:09.0953 1532  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:20:10.0031 1532  Dnscache - ok
15:20:10.0078 1532  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:20:10.0156 1532  dot3svc - ok
15:20:10.0187 1532  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
15:20:10.0281 1532  DPS - ok
15:20:10.0328 1532  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:20:10.0390 1532  drmkaud - ok
15:20:10.0437 1532  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:20:10.0484 1532  DXGKrnl - ok
15:20:10.0499 1532  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
15:20:10.0562 1532  EapHost - ok
15:20:10.0687 1532  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:20:10.0765 1532  ebdrv - ok
15:20:10.0811 1532  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
15:20:10.0874 1532  EFS - ok
15:20:10.0952 1532  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:20:11.0030 1532  ehRecvr - ok
15:20:11.0077 1532  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
15:20:11.0139 1532  ehSched - ok
15:20:11.0170 1532  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:20:11.0201 1532  elxstor - ok
15:20:11.0233 1532  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:20:11.0279 1532  ErrDev - ok
15:20:11.0326 1532  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
15:20:11.0404 1532  EventSystem - ok
15:20:11.0420 1532  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
15:20:11.0451 1532  exfat - ok
15:20:11.0467 1532  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:20:11.0513 1532  fastfat - ok
15:20:11.0576 1532  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
15:20:11.0638 1532  Fax - ok
15:20:11.0669 1532  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:20:11.0732 1532  fdc - ok
15:20:11.0763 1532  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
15:20:11.0888 1532  fdPHost - ok
15:20:11.0903 1532  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:20:11.0966 1532  FDResPub - ok
15:20:11.0997 1532  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:20:12.0013 1532  FileInfo - ok
15:20:12.0028 1532  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:20:12.0075 1532  Filetrace - ok
15:20:12.0169 1532  [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
15:20:12.0200 1532  FLEXnet Licensing Service 64 - ok
15:20:12.0231 1532  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:20:12.0231 1532  flpydisk - ok
15:20:12.0278 1532  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:20:12.0309 1532  FltMgr - ok
15:20:12.0387 1532  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
15:20:12.0418 1532  FontCache - ok
15:20:12.0481 1532  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:20:12.0512 1532  FontCache3.0.0.0 - ok
15:20:12.0559 1532  [ CE7593C10A04D08F9B043890216F5728 ] FPCIBASE        C:\Windows\system32\DRIVERS\fpcibase.sys
15:20:12.0605 1532  FPCIBASE - ok
15:20:12.0652 1532  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:20:12.0652 1532  FsDepends - ok
15:20:12.0683 1532  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:20:12.0699 1532  Fs_Rec - ok
15:20:12.0746 1532  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:20:12.0761 1532  fvevol - ok
15:20:12.0777 1532  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:20:12.0793 1532  gagp30kx - ok
15:20:12.0839 1532  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
15:20:12.0933 1532  gpsvc - ok
15:20:13.0042 1532  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:13.0073 1532  gupdate - ok
15:20:13.0073 1532  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:20:13.0089 1532  gupdatem - ok
15:20:13.0167 1532  [ D619BA1712B83D14149850E758B835AD ] hardlock        C:\Windows\system32\drivers\hardlock.sys
15:20:13.0292 1532  hardlock - ok
15:20:13.0307 1532  hasplms - ok
15:20:13.0370 1532  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:20:13.0463 1532  hcw85cir - ok
15:20:13.0541 1532  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:20:13.0604 1532  HdAudAddService - ok
15:20:13.0635 1532  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:20:13.0682 1532  HDAudBus - ok
15:20:13.0713 1532  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:20:13.0760 1532  HidBatt - ok
15:20:13.0791 1532  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:20:13.0853 1532  HidBth - ok
15:20:13.0869 1532  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:20:13.0885 1532  HidIr - ok
15:20:13.0916 1532  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
15:20:14.0009 1532  hidserv - ok
15:20:14.0041 1532  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:20:14.0087 1532  HidUsb - ok
15:20:14.0119 1532  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:20:14.0181 1532  hkmsvc - ok
15:20:14.0212 1532  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:20:14.0228 1532  HomeGroupListener - ok
15:20:14.0275 1532  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:20:14.0306 1532  HomeGroupProvider - ok
15:20:14.0337 1532  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:20:14.0337 1532  HpSAMD - ok
15:20:14.0540 1532  [ 5B04BB81767E1A91233E4B5269B1F2C3 ] HSETUApplicationService C:\Program Files (x86)\HSETU\ApplicationService\ApplicationService.exe
15:20:14.0649 1532  HSETUApplicationService - ok
15:20:14.0696 1532  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:20:14.0727 1532  HTTP - ok
15:20:14.0774 1532  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:20:14.0789 1532  hwpolicy - ok
15:20:14.0821 1532  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:20:14.0836 1532  i8042prt - ok
15:20:14.0867 1532  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:20:14.0883 1532  iaStorV - ok
15:20:14.0961 1532  [ F85EB9654B4C771470CD13A0A170D3B9 ] IBUpdaterService C:\Windows\system32\dmwu.exe
15:20:15.0008 1532  IBUpdaterService - ok
15:20:15.0039 1532  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:20:15.0070 1532  IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:20:15.0070 1532  IDriverT - detected UnsignedFile.Multi.Generic (1)
15:20:15.0148 1532  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:20:15.0195 1532  idsvc - ok
15:20:15.0460 1532  [ BC610ABB825504272364EFE4C831E672 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:20:15.0788 1532  igfx - ok
15:20:15.0819 1532  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:20:15.0835 1532  iirsp - ok
15:20:15.0866 1532  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
15:20:15.0928 1532  IKEEXT - ok
15:20:15.0959 1532  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
15:20:15.0991 1532  intelide - ok
15:20:16.0006 1532  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:20:16.0053 1532  intelppm - ok
15:20:16.0084 1532  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:20:16.0147 1532  IPBusEnum - ok
15:20:16.0178 1532  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:20:16.0256 1532  IpFilterDriver - ok
15:20:16.0303 1532  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:20:16.0349 1532  iphlpsvc - ok
15:20:16.0381 1532  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:20:16.0443 1532  IPMIDRV - ok
15:20:16.0474 1532  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:20:16.0552 1532  IPNAT - ok
15:20:16.0568 1532  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:20:16.0661 1532  IRENUM - ok
15:20:16.0693 1532  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:20:16.0708 1532  isapnp - ok
15:20:16.0739 1532  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:20:16.0755 1532  iScsiPrt - ok
15:20:16.0771 1532  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
15:20:16.0786 1532  kbdclass - ok
15:20:16.0802 1532  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
15:20:16.0802 1532  kbdhid - ok
15:20:16.0817 1532  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
15:20:16.0833 1532  KeyIso - ok
15:20:16.0864 1532  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:20:16.0895 1532  KSecDD - ok
15:20:16.0942 1532  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:20:16.0958 1532  KSecPkg - ok
15:20:16.0973 1532  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:20:17.0067 1532  ksthunk - ok
15:20:17.0098 1532  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:20:17.0176 1532  KtmRm - ok
15:20:17.0207 1532  [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
15:20:17.0254 1532  L1E - ok
15:20:17.0285 1532  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:20:17.0348 1532  LanmanServer - ok
15:20:17.0379 1532  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:20:17.0441 1532  LanmanWorkstation - ok
15:20:17.0504 1532  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:20:17.0613 1532  lltdio - ok
15:20:17.0660 1532  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:20:17.0722 1532  lltdsvc - ok
15:20:17.0738 1532  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:20:17.0769 1532  lmhosts - ok
15:20:17.0800 1532  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:20:17.0800 1532  LSI_FC - ok
15:20:17.0831 1532  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:20:17.0847 1532  LSI_SAS - ok
15:20:17.0847 1532  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:20:17.0863 1532  LSI_SAS2 - ok
15:20:17.0878 1532  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:20:17.0894 1532  LSI_SCSI - ok
15:20:17.0894 1532  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:20:17.0956 1532  luafv - ok
15:20:17.0987 1532  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:20:18.0050 1532  Mcx2Svc - ok
15:20:18.0097 1532  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:20:18.0128 1532  megasas - ok
15:20:18.0143 1532  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:20:18.0159 1532  MegaSR - ok
15:20:18.0190 1532  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
15:20:18.0206 1532  MEIx64 - ok
15:20:18.0284 1532  Microsoft SharePoint Workspace Audit Service - ok
15:20:18.0315 1532  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
15:20:18.0377 1532  MMCSS - ok
15:20:18.0424 1532  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
15:20:18.0502 1532  Modem - ok
15:20:18.0533 1532  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:20:18.0596 1532  monitor - ok
15:20:18.0627 1532  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:20:18.0658 1532  mouclass - ok
15:20:18.0674 1532  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:20:18.0689 1532  mouhid - ok
15:20:18.0721 1532  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:20:18.0736 1532  mountmgr - ok
15:20:18.0814 1532  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:20:18.0845 1532  MozillaMaintenance - ok
15:20:18.0877 1532  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:20:18.0892 1532  mpio - ok
15:20:18.0908 1532  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:20:18.0970 1532  mpsdrv - ok
15:20:19.0017 1532  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:20:19.0048 1532  MpsSvc - ok
15:20:19.0095 1532  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:20:19.0157 1532  MRxDAV - ok
15:20:19.0235 1532  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:20:19.0391 1532  mrxsmb - ok
15:20:19.0438 1532  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:20:19.0501 1532  mrxsmb10 - ok
15:20:19.0547 1532  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:20:19.0594 1532  mrxsmb20 - ok
15:20:19.0625 1532  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:20:19.0641 1532  msahci - ok
15:20:19.0657 1532  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:20:19.0672 1532  msdsm - ok
15:20:19.0703 1532  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
15:20:19.0735 1532  MSDTC - ok
15:20:19.0781 1532  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:20:19.0813 1532  Msfs - ok
15:20:19.0828 1532  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:20:19.0906 1532  mshidkmdf - ok
15:20:19.0937 1532  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:20:19.0969 1532  msisadrv - ok
15:20:19.0984 1532  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:20:20.0047 1532  MSiSCSI - ok
15:20:20.0047 1532  msiserver - ok
15:20:20.0093 1532  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:20:20.0125 1532  MSKSSRV - ok
15:20:20.0125 1532  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:20:20.0171 1532  MSPCLOCK - ok
15:20:20.0187 1532  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:20:20.0234 1532  MSPQM - ok
15:20:20.0281 1532  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:20:20.0312 1532  MsRPC - ok
15:20:20.0359 1532  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:20:20.0374 1532  mssmbios - ok
15:20:20.0390 1532  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:20:20.0437 1532  MSTEE - ok
15:20:20.0452 1532  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:20:20.0483 1532  MTConfig - ok
15:20:20.0515 1532  [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:20:20.0515 1532  MTsensor - ok
15:20:20.0530 1532  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:20:20.0546 1532  Mup - ok
15:20:20.0577 1532  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
15:20:20.0639 1532  napagent - ok
15:20:20.0686 1532  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:20:20.0717 1532  NativeWifiP - ok
15:20:20.0827 1532  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:20:20.0873 1532  NDIS - ok
15:20:20.0889 1532  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:20:20.0920 1532  NdisCap - ok
15:20:20.0936 1532  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:20:20.0983 1532  NdisTapi - ok
15:20:21.0014 1532  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:20:21.0107 1532  Ndisuio - ok
15:20:21.0154 1532  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:20:21.0232 1532  NdisWan - ok
15:20:21.0279 1532  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:20:21.0373 1532  NDProxy - ok
15:20:21.0419 1532  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:20:21.0497 1532  NetBIOS - ok
15:20:21.0529 1532  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:20:21.0591 1532  NetBT - ok
15:20:21.0607 1532  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
15:20:21.0622 1532  Netlogon - ok
15:20:21.0653 1532  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
15:20:21.0716 1532  Netman - ok
15:20:21.0731 1532  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
15:20:21.0794 1532  netprofm - ok
15:20:21.0825 1532  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:20:21.0856 1532  NetTcpPortSharing - ok
15:20:21.0887 1532  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:20:21.0934 1532  nfrd960 - ok
15:20:21.0965 1532  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:20:22.0012 1532  NlaSvc - ok
15:20:22.0043 1532  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:20:22.0090 1532  Npfs - ok
15:20:22.0106 1532  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
15:20:22.0153 1532  nsi - ok
15:20:22.0184 1532  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:20:22.0231 1532  nsiproxy - ok
15:20:22.0324 1532  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:20:22.0402 1532  Ntfs - ok
15:20:22.0418 1532  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
15:20:22.0465 1532  Null - ok
15:20:22.0496 1532  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
15:20:22.0543 1532  nusb3hub - ok
15:20:22.0621 1532  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:20:22.0683 1532  nusb3xhc - ok
15:20:22.0730 1532  [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm62x64.sys
15:20:22.0777 1532  NVENETFD - ok
15:20:22.0808 1532  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:20:22.0823 1532  nvraid - ok
15:20:22.0855 1532  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:20:22.0855 1532  nvstor - ok
15:20:22.0901 1532  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:20:22.0933 1532  nv_agp - ok
15:20:22.0933 1532  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:20:22.0979 1532  ohci1394 - ok
15:20:23.0057 1532  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:20:23.0089 1532  ose - ok
15:20:23.0260 1532  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:20:23.0354 1532  osppsvc - ok
15:20:23.0385 1532  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:20:23.0401 1532  p2pimsvc - ok
15:20:23.0432 1532  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:20:23.0447 1532  p2psvc - ok
15:20:23.0479 1532  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:20:23.0479 1532  Parport - ok
15:20:23.0525 1532  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:20:23.0557 1532  partmgr - ok
15:20:23.0588 1532  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:20:23.0635 1532  PcaSvc - ok
15:20:23.0666 1532  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
15:20:23.0681 1532  pci - ok
15:20:23.0697 1532  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
15:20:23.0713 1532  pciide - ok
15:20:23.0744 1532  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:20:23.0759 1532  pcmcia - ok
15:20:23.0775 1532  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:20:23.0791 1532  pcw - ok
15:20:23.0822 1532  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:20:23.0884 1532  PEAUTH - ok
15:20:23.0931 1532  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:20:23.0978 1532  PeerDistSvc - ok
15:20:24.0087 1532  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:20:24.0118 1532  PerfHost - ok
15:20:24.0196 1532  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
15:20:24.0290 1532  pla - ok
15:20:24.0368 1532  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:20:24.0430 1532  PlugPlay - ok
15:20:24.0461 1532  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:20:24.0508 1532  PNRPAutoReg - ok
15:20:24.0539 1532  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:20:24.0571 1532  PNRPsvc - ok
15:20:24.0617 1532  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:20:24.0680 1532  PolicyAgent - ok
15:20:24.0727 1532  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
15:20:24.0805 1532  Power - ok
15:20:24.0820 1532  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:20:24.0867 1532  PptpMiniport - ok
15:20:24.0914 1532  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:20:24.0976 1532  Processor - ok
15:20:25.0023 1532  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:20:25.0085 1532  ProfSvc - ok
15:20:25.0101 1532  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:20:25.0117 1532  ProtectedStorage - ok
15:20:25.0163 1532  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:20:25.0226 1532  Psched - ok
15:20:25.0288 1532  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:20:25.0319 1532  ql2300 - ok
15:20:25.0366 1532  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:20:25.0366 1532  ql40xx - ok
15:20:25.0413 1532  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
15:20:25.0444 1532  QWAVE - ok
15:20:25.0475 1532  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:20:25.0538 1532  QWAVEdrv - ok
15:20:25.0553 1532  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:20:25.0616 1532  RasAcd - ok
15:20:25.0663 1532  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:20:25.0709 1532  RasAgileVpn - ok
15:20:25.0725 1532  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
15:20:25.0756 1532  RasAuto - ok
15:20:25.0803 1532  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:20:25.0881 1532  Rasl2tp - ok
15:20:25.0928 1532  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
15:20:26.0037 1532  RasMan - ok
15:20:26.0068 1532  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:20:26.0146 1532  RasPppoe - ok
15:20:26.0177 1532  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:20:26.0255 1532  RasSstp - ok
15:20:26.0302 1532  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:20:26.0349 1532  rdbss - ok
15:20:26.0365 1532  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:20:26.0396 1532  rdpbus - ok
15:20:26.0427 1532  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:20:26.0458 1532  RDPCDD - ok
15:20:26.0489 1532  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:20:26.0536 1532  RDPDR - ok
15:20:26.0552 1532  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:20:26.0630 1532  RDPENCDD - ok
15:20:26.0661 1532  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:20:26.0692 1532  RDPREFMP - ok
15:20:26.0708 1532  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:20:26.0755 1532  RDPWD - ok
15:20:26.0786 1532  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:20:26.0817 1532  rdyboost - ok
15:20:26.0848 1532  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:20:26.0926 1532  RemoteAccess - ok
15:20:26.0973 1532  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:20:27.0036 1532  RemoteRegistry - ok
15:20:27.0082 1532  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:20:27.0098 1532  RFCOMM - ok
15:20:27.0114 1532  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:20:27.0160 1532  RpcEptMapper - ok
15:20:27.0192 1532  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
15:20:27.0207 1532  RpcLocator - ok
15:20:27.0270 1532  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
15:20:27.0332 1532  RpcSs - ok
15:20:27.0348 1532  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:20:27.0394 1532  rspndr - ok
15:20:27.0426 1532  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:20:27.0441 1532  RTL8167 - ok
15:20:27.0488 1532  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:20:27.0535 1532  s3cap - ok
15:20:27.0550 1532  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
15:20:27.0582 1532  SamSs - ok
15:20:27.0597 1532  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:20:27.0613 1532  sbp2port - ok
15:20:27.0644 1532  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:20:27.0691 1532  SCardSvr - ok
15:20:27.0722 1532  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:20:27.0816 1532  scfilter - ok
15:20:27.0894 1532  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
15:20:27.0956 1532  Schedule - ok
15:20:27.0987 1532  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:20:28.0050 1532  SCPolicySvc - ok
15:20:28.0081 1532  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:20:28.0112 1532  SDRSVC - ok
15:20:28.0143 1532  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:20:28.0221 1532  secdrv - ok
15:20:28.0252 1532  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
15:20:28.0315 1532  seclogon - ok
15:20:28.0330 1532  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
15:20:28.0408 1532  SENS - ok
15:20:28.0424 1532  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:20:28.0502 1532  SensrSvc - ok
15:20:28.0518 1532  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:20:28.0549 1532  Serenum - ok
15:20:28.0580 1532  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:20:28.0611 1532  Serial - ok
15:20:28.0658 1532  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:20:28.0689 1532  sermouse - ok
15:20:28.0720 1532  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:20:28.0783 1532  SessionEnv - ok
15:20:28.0814 1532  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:20:28.0861 1532  sffdisk - ok
15:20:28.0876 1532  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:20:28.0939 1532  sffp_mmc - ok
15:20:28.0970 1532  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:20:29.0032 1532  sffp_sd - ok
15:20:29.0079 1532  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:20:29.0110 1532  sfloppy - ok
15:20:29.0157 1532  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:20:29.0235 1532  SharedAccess - ok
15:20:29.0298 1532  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:20:29.0391 1532  ShellHWDetection - ok
15:20:29.0422 1532  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:20:29.0454 1532  SiSRaid2 - ok
15:20:29.0469 1532  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:20:29.0485 1532  SiSRaid4 - ok
15:20:29.0500 1532  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:20:29.0547 1532  Smb - ok
15:20:29.0594 1532  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:20:29.0625 1532  SNMPTRAP - ok
15:20:29.0656 1532  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:20:29.0688 1532  spldr - ok
15:20:29.0734 1532  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
15:20:29.0812 1532  Spooler - ok
15:20:29.0937 1532  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
15:20:30.0046 1532  sppsvc - ok
15:20:30.0093 1532  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:20:30.0202 1532  sppuinotify - ok
15:20:30.0249 1532  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:20:30.0343 1532  srv - ok
15:20:30.0374 1532  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:20:30.0405 1532  srv2 - ok
15:20:30.0436 1532  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:20:30.0468 1532  srvnet - ok
15:20:30.0514 1532  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:20:30.0592 1532  SSDPSRV - ok
15:20:30.0624 1532  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:20:30.0655 1532  SstpSvc - ok
15:20:30.0764 1532  [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
15:20:30.0795 1532  StarMoney 8.0 OnlineUpdate - ok
15:20:30.0811 1532  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:20:30.0826 1532  stexstor - ok
15:20:30.0858 1532  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
15:20:30.0889 1532  stisvc - ok
15:20:30.0904 1532  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:20:30.0920 1532  storflt - ok
15:20:30.0951 1532  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
15:20:30.0998 1532  StorSvc - ok
15:20:31.0029 1532  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:20:31.0060 1532  storvsc - ok
15:20:31.0107 1532  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:20:31.0123 1532  swenum - ok
15:20:31.0154 1532  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
15:20:31.0216 1532  swprv - ok
15:20:31.0294 1532  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
15:20:31.0357 1532  SysMain - ok
15:20:31.0388 1532  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:20:31.0404 1532  TabletInputService - ok
15:20:31.0435 1532  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:20:31.0482 1532  TapiSrv - ok
15:20:31.0513 1532  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
15:20:31.0575 1532  TBS - ok
15:20:31.0653 1532  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:20:31.0716 1532  Tcpip - ok
15:20:31.0731 1532  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:20:31.0762 1532  TCPIP6 - ok
15:20:31.0794 1532  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:20:31.0856 1532  tcpipreg - ok
15:20:31.0903 1532  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:20:31.0934 1532  TDPIPE - ok
15:20:31.0965 1532  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:20:32.0012 1532  TDTCP - ok
15:20:32.0059 1532  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:20:32.0121 1532  tdx - ok
15:20:32.0121 1532  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:20:32.0137 1532  TermDD - ok
15:20:32.0184 1532  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
15:20:32.0230 1532  TermService - ok
15:20:32.0262 1532  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
15:20:32.0293 1532  Themes - ok
15:20:32.0324 1532  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
15:20:32.0355 1532  THREADORDER - ok
15:20:32.0371 1532  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
15:20:32.0433 1532  TrkWks - ok
15:20:32.0496 1532  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:20:32.0620 1532  TrustedInstaller - ok
15:20:32.0652 1532  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:20:32.0730 1532  tssecsrv - ok
15:20:32.0761 1532  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:20:32.0792 1532  TsUsbFlt - ok
15:20:32.0839 1532  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:20:32.0886 1532  tunnel - ok
15:20:32.0917 1532  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:20:32.0917 1532  uagp35 - ok
15:20:32.0964 1532  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:20:33.0010 1532  udfs - ok
15:20:33.0057 1532  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:20:33.0088 1532  UI0Detect - ok
15:20:33.0120 1532  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:20:33.0151 1532  uliagpkx - ok
15:20:33.0182 1532  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:20:33.0229 1532  umbus - ok
15:20:33.0260 1532  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:20:33.0276 1532  UmPass - ok
15:20:33.0322 1532  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
15:20:33.0369 1532  UmRdpService - ok
15:20:33.0400 1532  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
15:20:33.0432 1532  upnphost - ok
15:20:33.0463 1532  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:20:33.0541 1532  usbccgp - ok
15:20:33.0556 1532  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:20:33.0603 1532  usbcir - ok
15:20:33.0619 1532  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:20:33.0650 1532  usbehci - ok
15:20:33.0712 1532  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:20:33.0775 1532  usbhub - ok
15:20:33.0806 1532  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:20:33.0853 1532  usbohci - ok
15:20:33.0884 1532  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:20:33.0946 1532  usbprint - ok
15:20:33.0993 1532  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:20:34.0071 1532  USBSTOR - ok
15:20:34.0087 1532  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:20:34.0149 1532  usbuhci - ok
15:20:34.0180 1532  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
15:20:34.0243 1532  UxSms - ok
15:20:34.0243 1532  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
15:20:34.0258 1532  VaultSvc - ok
15:20:34.0290 1532  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:20:34.0336 1532  vdrvroot - ok
15:20:34.0383 1532  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
15:20:34.0477 1532  vds - ok
15:20:34.0524 1532  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:20:34.0539 1532  vga - ok
15:20:34.0555 1532  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:20:34.0617 1532  VgaSave - ok
15:20:34.0648 1532  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:20:34.0664 1532  vhdmp - ok
15:20:34.0695 1532  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:20:34.0695 1532  viaide - ok
15:20:34.0711 1532  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:20:34.0726 1532  vmbus - ok
15:20:34.0742 1532  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:20:34.0789 1532  VMBusHID - ok
15:20:34.0820 1532  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:20:34.0851 1532  volmgr - ok
15:20:34.0914 1532  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:20:34.0929 1532  volmgrx - ok
15:20:34.0976 1532  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:20:34.0992 1532  volsnap - ok
15:20:35.0023 1532  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:20:35.0038 1532  vsmraid - ok
15:20:35.0116 1532  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
15:20:35.0194 1532  VSS - ok
15:20:35.0226 1532  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:20:35.0272 1532  vwifibus - ok
15:20:35.0304 1532  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:20:35.0366 1532  vwififlt - ok
15:20:35.0413 1532  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
15:20:35.0460 1532  W32Time - ok
15:20:35.0491 1532  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:20:35.0538 1532  WacomPen - ok
15:20:35.0584 1532  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:20:35.0662 1532  WANARP - ok
15:20:35.0662 1532  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:20:35.0694 1532  Wanarpv6 - ok
15:20:35.0772 1532  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
15:20:35.0834 1532  wbengine - ok
15:20:35.0896 1532  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:20:35.0959 1532  WbioSrvc - ok
15:20:35.0990 1532  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:20:36.0068 1532  wcncsvc - ok
15:20:36.0099 1532  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:20:36.0130 1532  WcsPlugInService - ok
15:20:36.0146 1532  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:20:36.0162 1532  Wd - ok
15:20:36.0208 1532  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:20:36.0240 1532  Wdf01000 - ok
15:20:36.0255 1532  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:20:36.0271 1532  WdiServiceHost - ok
15:20:36.0271 1532  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:20:36.0302 1532  WdiSystemHost - ok
15:20:36.0364 1532  [ 9DA588E16A697CFA993A2A18B2F249FB ] Web Assistant   C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
15:20:36.0396 1532  Web Assistant - ok
15:20:36.0427 1532  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
15:20:36.0489 1532  WebClient - ok
15:20:36.0536 1532  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:20:36.0598 1532  Wecsvc - ok
15:20:36.0630 1532  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:20:36.0692 1532  wercplsupport - ok
15:20:36.0692 1532  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:20:36.0754 1532  WerSvc - ok
15:20:36.0786 1532  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:20:36.0817 1532  WfpLwf - ok
15:20:36.0832 1532  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:20:36.0848 1532  WIMMount - ok
15:20:36.0848 1532  WinDefend - ok
15:20:36.0864 1532  WinHttpAutoProxySvc - ok
15:20:36.0910 1532  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:20:36.0973 1532  Winmgmt - ok
15:20:37.0066 1532  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
15:20:37.0129 1532  WinRM - ok
15:20:37.0191 1532  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:20:37.0254 1532  Wlansvc - ok
15:20:37.0300 1532  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:20:37.0363 1532  WmiAcpi - ok
15:20:37.0410 1532  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:20:37.0472 1532  wmiApSrv - ok
15:20:37.0503 1532  WMPNetworkSvc - ok
15:20:37.0597 1532  [ 495284CF894336E9512ED7C9ACB3548E ] WOTUpdater      C:\Users\janosch\AppData\LocalLow\WOT\IE\WOTUpdater.exe
15:20:37.0628 1532  WOTUpdater ( UnsignedFile.Multi.Generic ) - warning
15:20:37.0628 1532  WOTUpdater - detected UnsignedFile.Multi.Generic (1)
15:20:37.0675 1532  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:20:37.0690 1532  WPCSvc - ok
15:20:37.0737 1532  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:20:37.0753 1532  WPDBusEnum - ok
15:20:37.0784 1532  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:20:37.0846 1532  ws2ifsl - ok
15:20:37.0862 1532  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
15:20:37.0909 1532  wscsvc - ok
15:20:37.0940 1532  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:20:38.0002 1532  WSDPrintDevice - ok
15:20:38.0018 1532  WSearch - ok
15:20:38.0112 1532  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:20:38.0158 1532  wuauserv - ok
15:20:38.0205 1532  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:20:38.0252 1532  WudfPf - ok
15:20:38.0299 1532  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:20:38.0330 1532  WUDFRd - ok
15:20:38.0361 1532  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:20:38.0424 1532  wudfsvc - ok
15:20:38.0470 1532  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:20:38.0548 1532  WwanSvc - ok
15:20:38.0580 1532  ================ Scan global ===============================
15:20:38.0626 1532  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:20:38.0673 1532  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:20:38.0689 1532  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
15:20:38.0720 1532  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:20:38.0736 1532  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:20:38.0736 1532  [Global] - ok
15:20:38.0736 1532  ================ Scan MBR ==================================
15:20:38.0751 1532  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:20:39.0219 1532  \Device\Harddisk0\DR0 - ok
15:20:39.0235 1532  [ 205060F860AA1EC25B607A1B5B40A40C ] \Device\Harddisk2\DR2
15:20:39.0328 1532  \Device\Harddisk2\DR2 - ok
15:20:39.0328 1532  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
15:20:41.0216 1532  \Device\Harddisk3\DR3 - ok
15:20:41.0216 1532  ================ Scan VBR ==================================
15:20:41.0232 1532  [ 589FCE2AD11B1BFE5BE0FCD277CDAA75 ] \Device\Harddisk0\DR0\Partition1
15:20:41.0232 1532  \Device\Harddisk0\DR0\Partition1 - ok
15:20:41.0247 1532  [ 5EC0611D883BE39261B40A48A1E8015E ] \Device\Harddisk0\DR0\Partition2
15:20:41.0247 1532  \Device\Harddisk0\DR0\Partition2 - ok
15:20:41.0247 1532  [ 83D07824525A7A1F6964124319A6599C ] \Device\Harddisk2\DR2\Partition1
15:20:41.0247 1532  \Device\Harddisk2\DR2\Partition1 - ok
15:20:41.0263 1532  [ D9814F1B8FE9AACC6DF09348C84FDC52 ] \Device\Harddisk3\DR3\Partition1
15:20:41.0263 1532  \Device\Harddisk3\DR3\Partition1 - ok
15:20:41.0263 1532  ============================================================
15:20:41.0263 1532  Scan finished
15:20:41.0263 1532  ============================================================
15:20:41.0263 3660  Detected object count: 3
15:20:41.0263 3660  Actual detected object count: 3
15:20:53.0540 3660  AtherosSvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:53.0540 3660  AtherosSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:53.0540 3660  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:53.0540 3660  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:20:53.0540 3660  WOTUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
15:20:53.0540 3660  WOTUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:21:01.0480 3708  Deinitialize success
         


Alt 12.06.2013, 14:30   #6
markusg
/// Malware-holic
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php

Alt 12.06.2013, 14:51   #7
CeejayCC
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Combofix-LOG
Code:
ATTFilter
ComboFix 13-06-08.02 - janosch 12.06.2013  15:39:16.1.3 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3838.2276 [GMT 2:00]
ausgeführt von:: c:\users\janosch\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\win.ini
c:\windows\Windows7
c:\windows\Windows7\AsusSetup.exe
c:\windows\Windows7\AsusSetup.ini
c:\windows\Windows7\Driver\AsusSetup.exe
c:\windows\Windows7\Driver\AsusSetup.ini
c:\windows\Windows7\Driver\AsusSetup_32.ini
c:\windows\Windows7\Driver\AsusSetup_64.ini
c:\windows\Windows7\Driver\Bin\atidcmxx.sys
c:\windows\Windows7\Driver\Bin\ATILog.dll
c:\windows\Windows7\Driver\Bin\ATIManifestDLMExt.dll
c:\windows\Windows7\Driver\Bin\ATISetup.exe
c:\windows\Windows7\Driver\Bin\CompressionDLMExt.dll
c:\windows\Windows7\Driver\Bin\ControlCenterActions.dll
c:\windows\Windows7\Driver\Bin\CRCVerDLMExt.dll
c:\windows\Windows7\Driver\Bin\DetectionManager.dll
c:\windows\Windows7\Driver\Bin\difxapi.dll
c:\windows\Windows7\Driver\Bin\DLMCom.dll
c:\windows\Windows7\Driver\Bin\EncryptionDLMExt.dll
c:\windows\Windows7\Driver\Bin\InstallManager.dll
c:\windows\Windows7\Driver\Bin\InstallManagerApp.exe
c:\windows\Windows7\Driver\Bin\InstallManagerApp.exe.manifest
c:\windows\Windows7\Driver\Bin\LanguageMgr.dll
c:\windows\Windows7\Driver\Bin\mfc80u.dll
c:\windows\Windows7\Driver\Bin\Microsoft.VC80.ATL.manifest
c:\windows\Windows7\Driver\Bin\Microsoft.VC80.CRT.manifest
c:\windows\Windows7\Driver\Bin\Microsoft.VC80.MFC.manifest
c:\windows\Windows7\Driver\Bin\Microsoft.VC80.MFCLOC.manifest
c:\windows\Windows7\Driver\Bin\Microsoft.VC80.OpenMP.manifest
c:\windows\Windows7\Driver\Bin\msvcp80.dll
c:\windows\Windows7\Driver\Bin\msvcr80.dll
c:\windows\Windows7\Driver\Bin\PackageManager.dll
c:\windows\Windows7\Driver\Bin\Setup.exe
c:\windows\Windows7\Driver\Bin\Setup.exe.manifest
c:\windows\Windows7\Driver\Bin\xerces-c_2_6.dll
c:\windows\Windows7\Driver\Bin\zlibwapi.dll
c:\windows\Windows7\Driver\Bin64\atdcm64a.sys
c:\windows\Windows7\Driver\Bin64\ATILog.dll
c:\windows\Windows7\Driver\Bin64\ATIManifestDLMExt.dll
c:\windows\Windows7\Driver\Bin64\ATISetup.exe
c:\windows\Windows7\Driver\Bin64\CompressionDLMExt.dll
c:\windows\Windows7\Driver\Bin64\ControlCenterActions.dll
c:\windows\Windows7\Driver\Bin64\CRCVerDLMExt.dll
c:\windows\Windows7\Driver\Bin64\DetectionManager.dll
c:\windows\Windows7\Driver\Bin64\difxapi.dll
c:\windows\Windows7\Driver\Bin64\DLMCom.dll
c:\windows\Windows7\Driver\Bin64\EncryptionDLMExt.dll
c:\windows\Windows7\Driver\Bin64\InstallManager.dll
c:\windows\Windows7\Driver\Bin64\InstallManagerApp.exe
c:\windows\Windows7\Driver\Bin64\InstallManagerApp.exe.manifest
c:\windows\Windows7\Driver\Bin64\LanguageMgr.dll
c:\windows\Windows7\Driver\Bin64\mfc80u.dll
c:\windows\Windows7\Driver\Bin64\Microsoft.VC80.ATL.manifest
c:\windows\Windows7\Driver\Bin64\Microsoft.VC80.CRT.manifest
c:\windows\Windows7\Driver\Bin64\Microsoft.VC80.MFC.manifest
c:\windows\Windows7\Driver\Bin64\Microsoft.VC80.MFCLOC.manifest
c:\windows\Windows7\Driver\Bin64\Microsoft.VC80.OpenMP.manifest
c:\windows\Windows7\Driver\Bin64\msvcp80.dll
c:\windows\Windows7\Driver\Bin64\msvcr80.dll
c:\windows\Windows7\Driver\Bin64\PackageManager.dll
c:\windows\Windows7\Driver\Bin64\Setup.exe
c:\windows\Windows7\Driver\Bin64\Setup.exe.manifest
c:\windows\Windows7\Driver\Bin64\xerces-c_2_6.dll
c:\windows\Windows7\Driver\Bin64\zlibwapi.dll
c:\windows\Windows7\Driver\Config\atiicdxx.msi
c:\windows\Windows7\Driver\Config\chipset.MSI
c:\windows\Windows7\Driver\Config\DLMServer.cfg
c:\windows\Windows7\Driver\Config\eulaCHS.txt
c:\windows\Windows7\Driver\Config\eulaCHT.txt
c:\windows\Windows7\Driver\Config\eulaCSY.txt
c:\windows\Windows7\Driver\Config\eulaDAN.txt
c:\windows\Windows7\Driver\Config\eulaDEU.txt
c:\windows\Windows7\Driver\Config\eulaENU.txt
c:\windows\Windows7\Driver\Config\eulaESP.txt
c:\windows\Windows7\Driver\Config\eulaFIN.txt
c:\windows\Windows7\Driver\Config\eulaFRA.txt
c:\windows\Windows7\Driver\Config\eulaGRK.txt
c:\windows\Windows7\Driver\Config\eulaHNG.txt
c:\windows\Windows7\Driver\Config\eulaITA.txt
c:\windows\Windows7\Driver\Config\eulaJPN.txt
c:\windows\Windows7\Driver\Config\eulaKOR.txt
c:\windows\Windows7\Driver\Config\eulaNLD.txt
c:\windows\Windows7\Driver\Config\eulaNOR.txt
c:\windows\Windows7\Driver\Config\eulaPLK.txt
c:\windows\Windows7\Driver\Config\eulaPTB.txt
c:\windows\Windows7\Driver\Config\eulaRSA.txt
c:\windows\Windows7\Driver\Config\eulaSVE.txt
c:\windows\Windows7\Driver\Config\eulaTHA.txt
c:\windows\Windows7\Driver\Config\eulaTRK.txt
c:\windows\Windows7\Driver\Config\InstallManager.cfg
c:\windows\Windows7\Driver\Config\Language.Dat
c:\windows\Windows7\Driver\Config\licenseCHS.txt
c:\windows\Windows7\Driver\Config\licenseCHT.txt
c:\windows\Windows7\Driver\Config\licenseCSY.txt
c:\windows\Windows7\Driver\Config\licenseDAN.txt
c:\windows\Windows7\Driver\Config\licenseDEU.txt
c:\windows\Windows7\Driver\Config\licenseENU.txt
c:\windows\Windows7\Driver\Config\licenseESP.txt
c:\windows\Windows7\Driver\Config\licenseFIN.txt
c:\windows\Windows7\Driver\Config\licenseFRA.txt
c:\windows\Windows7\Driver\Config\licenseGRK.txt
c:\windows\Windows7\Driver\Config\licenseHNG.txt
c:\windows\Windows7\Driver\Config\licenseITA.txt
c:\windows\Windows7\Driver\Config\licenseJPN.txt
c:\windows\Windows7\Driver\Config\licenseKOR.txt
c:\windows\Windows7\Driver\Config\licenseNLD.txt
c:\windows\Windows7\Driver\Config\licenseNOR.txt
c:\windows\Windows7\Driver\Config\licensePLK.txt
c:\windows\Windows7\Driver\Config\licensePTB.txt
c:\windows\Windows7\Driver\Config\licenseSVE.txt
c:\windows\Windows7\Driver\Config\licenseTHA.txt
c:\windows\Windows7\Driver\Config\licenseTRK.txt
c:\windows\Windows7\Driver\Config\MMTableRev0.MSI
c:\windows\Windows7\Driver\Config\MMTableRev1.MSI
c:\windows\Windows7\Driver\Config\MMTableRev2.MSI
c:\windows\Windows7\Driver\Config\Monet.ini
c:\windows\Windows7\Driver\Config\MonetCHS.xml
c:\windows\Windows7\Driver\Config\MonetCHT.xml
c:\windows\Windows7\Driver\Config\MonetCSY.xml
c:\windows\Windows7\Driver\Config\MonetDAN.xml
c:\windows\Windows7\Driver\Config\MonetDEU.xml
c:\windows\Windows7\Driver\Config\MonetENU.xml
c:\windows\Windows7\Driver\Config\MonetESP.xml
c:\windows\Windows7\Driver\Config\MonetFIN.xml
c:\windows\Windows7\Driver\Config\MonetFRA.xml
c:\windows\Windows7\Driver\Config\MonetGRK.xml
c:\windows\Windows7\Driver\Config\MonetHNG.xml
c:\windows\Windows7\Driver\Config\MonetITA.xml
c:\windows\Windows7\Driver\Config\MonetJPN.xml
c:\windows\Windows7\Driver\Config\MonetKOR.xml
c:\windows\Windows7\Driver\Config\MonetNLD.xml
c:\windows\Windows7\Driver\Config\MonetNOR.xml
c:\windows\Windows7\Driver\Config\MonetPLK.xml
c:\windows\Windows7\Driver\Config\MonetPTB.xml
c:\windows\Windows7\Driver\Config\MonetRSA.xml
c:\windows\Windows7\Driver\Config\MonetSVE.xml
c:\windows\Windows7\Driver\Config\MonetTHA.xml
c:\windows\Windows7\Driver\Config\MonetTRK.xml
c:\windows\Windows7\Driver\Config\OEM.Dat
c:\windows\Windows7\Driver\Config\OS.Dat
c:\windows\Windows7\Driver\Config\OSMajorMinor.Dat
c:\windows\Windows7\Driver\Config\OSServicePacks.Dat
c:\windows\Windows7\Driver\Config\PackageSubType.Dat
c:\windows\Windows7\Driver\Config\PackageType.Dat
c:\windows\Windows7\Driver\Config\Security.Dat
c:\windows\Windows7\Driver\Config\Splash.bmp
c:\windows\Windows7\Driver\Config\tvtablerev1.MSI
c:\windows\Windows7\Driver\Config\TVW_USB_ID.MSI
c:\windows\Windows7\Driver\English.ini
c:\windows\Windows7\Driver\French.ini
c:\windows\Windows7\Driver\German.ini
c:\windows\Windows7\Driver\Images\a.jpg
c:\windows\Windows7\Driver\Images\b.jpg
c:\windows\Windows7\Driver\Images\c.jpg
c:\windows\Windows7\Driver\Images\d.jpg
c:\windows\Windows7\Driver\Images\e.jpg
c:\windows\Windows7\Driver\Images\f.jpg
c:\windows\Windows7\Driver\Japanese.ini
c:\windows\Windows7\Driver\mfc80u.dll
c:\windows\Windows7\Driver\Microsoft.VC80.ATL.manifest
c:\windows\Windows7\Driver\Microsoft.VC80.CRT.manifest
c:\windows\Windows7\Driver\Microsoft.VC80.MFC.manifest
c:\windows\Windows7\Driver\Microsoft.VC80.MFCLOC.manifest
c:\windows\Windows7\Driver\Microsoft.VC80.OpenMP.manifest
c:\windows\Windows7\Driver\msvcp80.dll
c:\windows\Windows7\Driver\msvcr80.dll
c:\windows\Windows7\Driver\Packages\Apps\AVIVO\AVIVO.msi
c:\windows\Windows7\Driver\Packages\Apps\AVIVO64\AVIVO64.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Branding\Branding.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Implementation\ccc-core-implementation.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-PreInstall\ccc-core-preinstall.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1028.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1029.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1030.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1031.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1032.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1033.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1034.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1035.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1036.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1038.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1040.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1041.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1042.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1043.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1044.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1045.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1046.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1049.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1053.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1054.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\1055.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\2052.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\2070.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\3084.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Core-Static\ccc-core-static.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Graphics-Full-Existing\ccc-graphics-full-existing.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Graphics-Full-New\ccc-graphics-full-new.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Graphics-Light\ccc-graphics-Light.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Graphics-Previews-Common\ccc-graphics-previews-common.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Graphics-Previews-Vista\ccc-graphics-previews-vista.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\cs\1029.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\cs\1033.mst
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\cs\ccc-help-cs.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\da\ccc-help-da.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\de\ccc-help-de.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\el\ccc-help-el.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\en-us\ccc-help-en-US.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\es\ccc-help-es.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\fi\ccc-help-fi.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\fr\ccc-help-fr.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\hu\ccc-help-hu.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\it\ccc-help-it.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\ja\ccc-help-ja.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\ko\ccc-help-ko.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\nl\ccc-help-nl.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\no\ccc-help-no.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\pl\ccc-help-pl.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\pt-BR\ccc-help-pt-BR.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\ru\ccc-help-ru.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\sv\ccc-help-sv.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\th\ccc-help-th.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\tr\ccc-help-tr.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\zh-CHS\ccc-help-chs.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Help\zh-CHT\ccc-help-cht.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\HydraVision-Full\ccc-hv-full.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Localization\All\ccc-all.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\MOM-InstallProxy\ccc-mom-installproxy.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Skins\ccc-skins.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Utility\ccc-utility.msi
c:\windows\Windows7\Driver\Packages\Apps\CCC\Utility64\ccc-utility64.msi
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1028.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1029.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1030.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1031.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1032.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1033.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1034.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1035.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1036.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1040.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1041.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1042.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1043.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1044.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1046.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1049.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1053.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1054.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\1055.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\2052.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win32\ATICatalystInstallManager.msi
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1028.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1029.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1030.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1031.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1032.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1033.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1034.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1035.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1036.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1040.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1041.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1042.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1043.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1044.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1046.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1049.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1053.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1054.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\1055.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\2052.mst
c:\windows\Windows7\Driver\Packages\Apps\CIM\Win64\ATICatalystInstallManager.msi
c:\windows\Windows7\Driver\Packages\Apps\EnableAero\EnableAero.msi
c:\windows\Windows7\Driver\Packages\Apps\HydraVision\HydraVision.msi
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vc864.msi
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.ATL.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.CRT.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.DebugCRT.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.DebugMFC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.DebugOpenMP.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.MFC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.MFCLOC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\Microsoft.VC80.OpenMP.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.ATL.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.CRT.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.DebugCRT.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.DebugMFC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.DebugOpenMP.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.MFC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.MFCLOC.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\policy.8.00.Microsoft.VC80.OpenMP.cat
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\vcredis1.cab
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx64\vcredist_x64\vcredist.msi
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx86\vc832.msi
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx86\vcredist_x86\vcredis1.cab
c:\windows\Windows7\Driver\Packages\Apps\VC8RTx86\vcredist_x86\vcredist.msi
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\atiiseag.ini
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\ati2edxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\ati2erec.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiadlxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atibtmon.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\aticalcl.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\aticaldd.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\aticalrt.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atidemgx.dll
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atidxx32.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atieclxx.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiesrxx.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiicdxx.da_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atikmdag.sy_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atimpc32.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atimuixx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiodcli.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiode.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiogl.xml
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atioglxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atipdlxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atitmmxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiumdag.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiumdva.ca_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\atiumdva.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\B_83386\oemdspif.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\CW_83675.cat
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\CW_83675.inf
c:\windows\Windows7\Driver\Packages\Drivers\Display\W7_INF\CW_83675.msi
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\atiiseag.ini
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\ati2edxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\ati2erec.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiadlxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiadlxy.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atibtmon.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticalcl.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticalcl64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticaldd.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticaldd64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticalrt.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\aticalrt64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atidemgx.dll
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atidxx32.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atidxx64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atieclxx.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiedu64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiesrxx.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiicdxx.da_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atikmdag.sy_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atimpc32.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atimpc64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atimuixx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atio6axx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiodcli.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiode.ex_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiogl.xml
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atioglxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atipdl64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atipdlxx.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atitmm64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumd64.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumd6a.ca_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumd6a.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumdag.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumdva.ca_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\atiumdva.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\B_83386\oemdspif.dl_
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\C7_83675.cat
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\C7_83675.inf
c:\windows\Windows7\Driver\Packages\Drivers\Display\W76A_INF\C7_83675.msi
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH\atipcie.cat
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH\ATiPCIE.inf
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH\AtiPcie.sys
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH64A\atipcie.cat
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH64A\ATiPCIE.inf
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB-SB\LH64A\AtiPcie.sys
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W7\atipcie.cat
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W7\ATiPCIE.inf
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W7\ATiPCIE.msi
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W7\AtiPcie.sys
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W764A\atipcie.cat
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W764A\ATiPCIE.inf
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W764A\ATiPCIE.msi
c:\windows\Windows7\Driver\Packages\Drivers\SBDrv\Filter\NB\W764A\AtiPcie.sys
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W7\atihdaud.cat
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W7\AtiHDAud.inf
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W7\AtiHDAud.msi
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W7\AtiHdmi.SY_
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W764a\atihdaud.cat
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W764a\AtiHDAud.inf
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W764a\AtiHDAud.msi
c:\windows\Windows7\Driver\Packages\Drivers\WDM\HDMI\W764a\AtiHdmi.SY_
c:\windows\Windows7\Driver\SChinese.ini
c:\windows\Windows7\Driver\Setup.exe
c:\windows\Windows7\Driver\Setup.exe.manifest
c:\windows\Windows7\Driver\TChinese.ini
c:\windows\Windows7\wait\AsusSetup.exe
c:\windows\Windows7\wait\AsusSetup.ini
c:\windows\Windows7\wait\sleep.exe
c:\windows\Windows7\wait\wait.bat
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-12 bis 2013-06-12  ))))))))))))))))))))))))))))))
.
.
2013-06-12 13:45 . 2013-06-12 13:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-12 09:13 . 2013-06-12 09:13	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8323E0-E5F0-4E32-9F7C-4D11B7F37181}\offreg.dll
2013-06-11 06:06 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8323E0-E5F0-4E32-9F7C-4D11B7F37181}\mpengine.dll
2013-06-03 06:49 . 2013-06-03 06:50	--------	d-----w-	c:\users\janosch\AppData\Local\Google
2013-06-03 06:49 . 2013-06-03 06:50	--------	d-----w-	c:\program files (x86)\Google
2013-05-22 12:09 . 2013-05-22 12:09	--------	d-----w-	c:\windows\Sun
2013-05-22 12:09 . 2013-05-22 12:09	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-05-22 12:08 . 2013-04-04 03:35	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-21 07:25 . 2013-05-21 07:25	--------	d-----w-	c:\users\janosch\AppData\Local\Microsoft_Corporation
2013-05-15 06:39 . 2013-05-16 05:59	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:28 . 2012-07-05 05:58	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 09:28 . 2012-03-06 11:45	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 10:27 . 2012-04-13 08:02	253952	------w-	c:\windows\Setup1.exe
2013-06-11 10:27 . 2012-04-13 08:02	74752	----a-w-	c:\windows\ST6UNST.EXE
2013-05-15 14:09 . 2012-03-05 12:26	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-09 08:59 . 2013-03-25 06:52	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-03-25 06:52	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-03-06 11:09	378432	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-03-06 11:09	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-03-06 11:09	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-03-06 11:09	1025808	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-03-06 11:09	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-03-06 11:09	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-03-06 11:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-03-06 11:09	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-02 00:06 . 2012-03-06 06:53	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-15 06:04	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 06:04	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 06:04	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 06:04	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 06:04	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 06:04	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 06:02	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-07 08:54 . 2013-02-27 12:39	1455408	----a-w-	c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2013-02-27 12:39	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-03-27 06:56 . 2012-04-02 07:17	151552	----a-w-	c:\windows\KMSEmulator.exe
2013-03-26 07:18 . 2013-03-26 07:18	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-26 07:18 . 2013-03-26 07:18	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-26 07:18 . 2013-03-26 07:18	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-26 07:18 . 2013-03-26 07:18	188320	----a-w-	c:\windows\system32\java.exe
2013-03-26 07:18 . 2012-06-12 08:19	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-26 07:18 . 2012-06-12 08:19	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-25 07:22 . 2013-03-25 07:22	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-25 07:22 . 2013-03-25 07:22	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 13:15	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 13:15	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 13:15	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 13:15	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 13:15	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 13:15	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-31 12:27	170840	----a-w-	c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9E571C81-21E7-496B-9E6B-127E60263022}]
2012-01-12 10:23	269312	----a-w-	c:\users\janosch\AppData\LocalLow\WOT\IE\WOT.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 06:58	222808	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 06:58	222808	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 06:58	222808	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"usersrdef"="c:\users\janosch\AppData\Roaming\usersrdef.exe" [1655-05-26 194560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\janosch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Thunderbird.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-5-15 389016]
winter - Verknüpfung.lnk - e:\winter\winter.exe [2004-1-7 1323008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 WOTUpdater;WOT Updater;c:\users\janosch\AppData\LocalLow\WOT\IE\WOTUpdater.exe;c:\users\janosch\AppData\LocalLow\WOT\IE\WOTUpdater.exe [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 HSETUApplicationService;HSETU Application Service;c:\program files (x86)\HSETU\ApplicationService\ApplicationService.exe;c:\program files (x86)\HSETU\ApplicationService\ApplicationService.exe [x]
S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe;c:\windows\SYSNATIVE\dmwu.exe [x]
S2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe;c:\program files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [x]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\DRIVERS\AVMCOWAN.sys;c:\windows\SYSNATIVE\DRIVERS\AVMCOWAN.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\DRIVERS\fpcibase.sys;c:\windows\SYSNATIVE\DRIVERS\fpcibase.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 74993334
*Deregistered* - 74993334
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 06:54	1165776	----a-w-	c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 09:28]
.
2013-03-27 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-04-02 07:17]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-03 06:49]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-03 06:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 06:58	261704	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 06:58	261704	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 06:58	261704	----a-w-	c:\users\janosch\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-09-27 613024]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-09-27 379040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-07 166936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-07 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-07 416792]
"SmartSoft PDF Printer Agent"="c:\program files\Smart PDF Converter Pro\SmartSoft PDF Printer Agent.exe" [2012-11-20 52992]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredibar.com/mb161?a=6PQzx3nvBx&i=26
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.168.1
FF - ProfilePath - c:\users\janosch\AppData\Roaming\Mozilla\Firefox\Profiles\9z0796gx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQzx3nvBx&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 404c4be8000000000000c860000968ed
FF - user.js: extensions.incredibar_i.instlDay - 15496
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.149:59
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6PQzx3nvBx
FF - user.js: extensions.incredibar_i.upn2n - 92543006912494763
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{7e111a5c-3d11-4f56-9463-5310c3c69025} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
WebBrowser-{7E111A5C-3D11-4F56-9463-5310C3C69025} - (no file)
AddRemove-Hardlock Device Driver - c:\windows\System32\UNWISE.EXE
AddRemove-XFEMily - c:\windows\system32\DIEUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12  15:48:09
ComboFix-quarantined-files.txt  2013-06-12 13:48
.
Vor Suchlauf: 34 Verzeichnis(se), 250.172.329.984 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 250.863.882.240 Bytes frei
.
- - End Of File - - 53F73815A839A4C7FCC7F6E8CDB52645
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 12.06.2013, 15:25   #8
markusg
/// Malware-holic
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.06.2013, 08:58   #9
CeejayCC
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



Hi,
mein Vater hat es jetzt doch mit der ganz großen Angst zu tun bekommen (Onlinebanking und co.) und sich dafür entschieden den Rechner neu aufzusetzen. Ich konnte Ihn da leider nicht vom Gegenteil überzeugen. Trotzdem einen ganz ganz fettes Dankeschön für euren tollen Support !!! Habt ihr irgendwelche Spendenmöglichkeiten ?

Gruß Cee

Alt 13.06.2013, 12:03   #10
markusg
/// Malware-holic
 
SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Standard

SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php



wieso leider, es ist im prinzip das vernünftigste.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php
anhang, appdata, avast, dateiname, dienste, e-mail, email, folge, free, gelöscht, guten, ide, ihre rechnung, kunde, meldet, meldung, netzwerk, problem, rechner, rechnung, roaming, server, spam, trojaner, virenschutzprogramm, virus, webseite



Ähnliche Themen: SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php


  1. DHL Spam Mail -> Trojaner/Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2015 (21)
  2. Aus Spam-Mail Link Trojaner Mal/DrodZp-A gefangen?
    Log-Analyse und Auswertung - 08.03.2015 (7)
  3. Spam-Mail als Teil einer abgeschlossenen E-Mail-Konversation!
    Überwachung, Datenschutz und Spam - 23.01.2015 (1)
  4. Android: ELSTER-Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (3)
  5. ELSTER Spam-Mail geöffnet (angebliche Mail v. Finanzamt)
    Smartphone, Tablet & Handy Security - 23.09.2014 (5)
  6. Aol-Mail Account verschickt Spam - Trojaner?
    Log-Analyse und Auswertung - 27.02.2014 (1)
  7. E-mail Account verschickt Spam Mail mit Viren Anhang an alle Kontakte
    Log-Analyse und Auswertung - 29.10.2013 (16)
  8. Spam-Mail, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (23)
  9. Verdacht auf Trojaner durch Spam Mail
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (3)
  10. Ominöse Mail (mit Trojaner) in meinem GMX-Spam-Mail-Ordner
    Überwachung, Datenschutz und Spam - 07.04.2013 (3)
  11. Mail delivery failed-SPAM Mails. E-Mail-Acc kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (1)
  12. Trojaner? Yahoo-Mail versendet automatisch Spam Mails
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (11)
  13. Trojaner mit Zahlungsaufforderung, Computer-Sperrung und Spam-Mail
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (11)
  14. Yahoo Mail verschickt Spam an eigenes Adressbuch.. Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2012 (1)
  15. Spam-Mail von meiner web.de-E-Mail-Adresse an alle Kontakte gesendet
    Log-Analyse und Auswertung - 22.02.2012 (27)
  16. Windows Live Mail verschickt an irgendwelche Adressen haufenweise Spam über meine Mail-Addy
    Plagegeister aller Art und deren Bekämpfung - 28.12.2011 (18)
  17. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)

Zum Thema SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php - Guten Tag, ich habe ein Problem mit einem Trojaner. Folgendes hat sich ereignet: Mein Vater bekam folgende E-Mail die ich eindeutig als SPAM identifizieren würde und gelöscht hätte. Sehr geehrte - SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php...
Archiv
Du betrachtest: SPAM-Mail - Trojaner kontakiert http://jetaqua.com/f44/myse.php auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.