| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2013, 18:56
| #1 |
| |  "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." Hallo, ich habe mir einen Redirect-Virus eingefanten... wenn ich im internet surfe kommt manchmal "document has moved, redirecting" und dann bin ich auf einer total anderen seite. Mein System: Windows 8 x64 mein Norton Internet Security findet auch nichts... Das " Sophos Virus Removal Tool " hat auch nichts gefunden ... Anbei findet ihr die Logdateien von Malwarebytes Anti-Malware und OTL Kann mir jemand helfen? =) Hier die OTL.txt, da zu groß für den Anhang: Code:
ATTFilter OTL logfile created on: 20.01.2013 18:47:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,84 Gb Total Physical Memory | 5,01 Gb Available Physical Memory | 63,89% Memory free 15,84 Gb Paging File | 13,17 Gb Available in Paging File | 83,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,42 Gb Total Space | 354,27 Gb Free Space | 76,12% Space Free | Partition Type: NTFS Computer Name: STEFAN-LAPTOP | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.20 18:47:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe PRC - [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.19 13:37:01 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2013.01.19 12:32:55 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.01.19 08:21:48 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.01.19 08:19:27 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2013.01.19 08:06:13 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.19 03:01:34 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2013.01.19 03:01:33 | 001,176,176 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2013.01.19 03:01:32 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2013.01.16 21:09:18 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.04 16:47:30 | 001,167,424 | ---- | M] (Sophos Limited) -- C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe PRC - [2012.11.13 14:08:14 | 003,500,568 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.08.22 15:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.08.22 15:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe PRC - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe PRC - [2012.02.27 20:01:56 | 000,076,960 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe PRC - [2011.12.16 05:38:48 | 000,363,800 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.12.16 05:38:46 | 000,277,784 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.12.16 05:38:24 | 000,161,560 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.01.19 13:37:01 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll MOD - [2013.01.19 12:32:55 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.19 11:29:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll MOD - [2013.01.19 11:29:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.01.19 08:27:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.01.19 08:27:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d69481589eca8074e7ebbcafd108a2ca\System.Windows.Forms.ni.dll MOD - [2013.01.19 08:26:56 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.01.19 08:26:34 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.01.19 08:26:31 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2013.01.19 08:21:53 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll MOD - [2013.01.19 08:21:47 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.01.19 08:21:47 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2013.01.19 08:21:47 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2013.01.19 08:21:47 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2013.01.19 08:21:47 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2013.01.16 21:09:33 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.12.29 11:34:47 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.09.13 23:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.08.23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012.08.22 15:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.08.22 15:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe MOD - [2012.07.06 03:01:04 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.1.0.24\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.06 05:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 05:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.01.19 12:32:56 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.19 08:21:48 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.01.19 08:06:13 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.19 07:20:46 | 000,028,560 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Programme\Elantech\ETDService.exe -- (ETDService) SRV - [2013.01.19 03:01:32 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.10 02:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.08.22 21:36:28 | 000,468,624 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe -- (DeviceFastLaneService) SRV - [2012.08.22 20:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.08.18 18:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe -- (NIS) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.02.27 20:01:56 | 000,076,960 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2011.12.16 05:38:48 | 000,363,800 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.12.16 05:38:46 | 000,277,784 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.16 05:38:24 | 000,161,560 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.12.08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.19 08:27:39 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.01.19 07:20:42 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2013.01.19 02:56:20 | 000,447,352 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2013.01.19 02:48:26 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.12.11 10:22:46 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.11.27 08:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 04:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 04:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.10 02:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.10 18:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.08.07 22:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012.08.06 18:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.07.27 20:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymDS64.sys -- (SymDS) DRV:64bit: - [2012.07.27 20:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid) DRV:64bit: - [2012.07.26 03:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr) DRV:64bit: - [2012.07.26 03:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.22 18:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\symnets.sys -- (SymNetS) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.22 05:02:52 | 000,110,744 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C) DRV:64bit: - [2012.06.20 19:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012.05.24 22:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1401000.018\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.03.29 08:26:12 | 000,342,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2012.02.24 00:56:26 | 003,545,088 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStor.sys -- (iaStor) DRV - [2013.01.19 01:39:24 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\ex64.sys -- (NAVEX15) DRV - [2013.01.19 01:39:24 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\eng64.sys -- (NAVENG) DRV - [2013.01.17 16:30:20 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130118.001\IDSviA64.sys -- (IDSVia64) DRV - [2013.01.11 02:08:40 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2012.08.18 02:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 02:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C F4 31 31 E7 F5 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: tXsGT9QxoKlmxUz0Kj%40mDvNgXhNdd92G6vn.com:11 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn\ [2013.01.19 08:27:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ [2013.01.20 14:05:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 02:08:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 02:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2013.01.20 16:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\jowwxm0x.default\extensions [2013.01.20 16:28:10 | 000,003,702 | ---- | M] () (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\firefox\profiles\jowwxm0x.default\extensions\tXsGT9QxoKlmxUz0Kj@mDvNgXhNdd92G6vn.com.xpi [2013.01.19 02:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA9758BC-4BF6-40EC-A1DC-E1C34659DE06}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFEAAEAB-9D22-4D66-BFC1-829EFD37CC60}: DhcpNameServer = 192.168.2.1 192.168.179.1 O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e3a9b050-61d6-11e2-be65-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3a9b050-61d6-11e2-be65-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\DistinguishOS.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 18:47:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.01.20 18:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.20 18:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.20 18:36:38 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.01.20 18:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.20 18:17:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.01.20 18:17:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2013.01.20 18:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013.01.20 17:03:01 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\NVIDIA [2013.01.20 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2013.01.20 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2013.01.20 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.20 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.20 16:52:02 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.20 16:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.20 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Programs [2013.01.20 10:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1942 [2013.01.20 10:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Need for Speed World [2013.01.20 01:30:42 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Identities [2013.01.19 22:48:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\PunkBuster [2013.01.19 22:48:09 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Battlefield 3 [2013.01.19 22:47:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ESN [2013.01.19 22:47:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.01.19 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2013.01.19 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.01.19 22:38:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3 [2013.01.19 22:38:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller [2013.01.19 13:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games [2013.01.19 13:37:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Origin [2013.01.19 13:37:13 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Origin [2013.01.19 13:36:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013.01.19 13:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.01.19 13:36:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2013.01.19 13:36:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.01.19 13:01:21 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Criterion Games [2013.01.19 12:57:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.01.19 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.01.19 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2013.01.19 12:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2013.01.19 12:13:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\SystemRequirementsLab [2013.01.19 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.19 12:10:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.19 12:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.19 11:55:48 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Macromedia [2013.01.19 11:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.19 09:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent [2013.01.19 09:48:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\uTorrent [2013.01.19 08:27:39 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.01.19 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2013.01.19 08:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2013.01.19 08:27:35 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnets.sys [2013.01.19 08:27:35 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM.sys [2013.01.19 08:27:34 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.sys [2013.01.19 08:27:34 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.sys [2013.01.19 08:27:34 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.sys [2013.01.19 08:27:34 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Ironx64.sys [2013.01.19 08:27:34 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.sys [2013.01.19 08:27:34 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.sys [2013.01.19 08:27:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64 [2013.01.19 08:27:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1401000.018 [2013.01.19 08:26:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security [2013.01.19 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security [2013.01.19 08:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.01.19 08:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013.01.19 08:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.01.19 08:24:59 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam [2013.01.19 08:19:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.01.19 08:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.01.19 08:10:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.01.19 08:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.19 08:08:06 | 000,000,000 | ---D | C] -- C:\temp [2013.01.19 08:05:57 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\VGA_NVIDIA_9.18.13.0546_W8x64 [2013.01.19 07:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2 [2013.01.19 07:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2 [2013.01.19 07:54:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Documents\Guild Wars 2 [2013.01.19 07:33:32 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2013.01.19 07:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2013.01.19 03:37:02 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Intel Corporation [2013.01.19 03:35:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.19 03:33:24 | 000,056,832 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.19 03:33:24 | 000,056,320 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.19 03:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.19 03:32:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.19 03:32:27 | 000,000,000 | ---D | C] -- C:\Dolby PCEE4 [2013.01.19 03:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby [2013.01.19 03:32:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.19 03:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.19 03:31:54 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.01.19 03:31:54 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.19 03:31:54 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.19 03:31:54 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.19 03:31:54 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.19 03:31:53 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.01.19 03:31:53 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.01.19 03:31:53 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.01.19 03:31:53 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.01.19 03:31:52 | 000,376,936 | ---- | C] (Realtek Semiconductor) -- C:\Windows\SysNative\RtkGuiCompLib.dll [2013.01.19 03:31:52 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.19 03:31:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.19 03:31:52 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.19 03:31:52 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.19 03:31:52 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.19 03:31:52 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.19 03:31:51 | 007,598,456 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll [2013.01.19 03:31:51 | 007,163,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.01.19 03:31:51 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll [2013.01.19 03:31:51 | 001,433,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.01.19 03:31:51 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.19 03:31:51 | 000,433,544 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.01.19 03:31:51 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.01.19 03:31:51 | 000,141,192 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.01.19 03:31:51 | 000,123,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.01.19 03:31:51 | 000,074,632 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.01.19 03:31:50 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.01.19 03:31:50 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.19 03:31:49 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.19 03:31:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.01.19 03:31:49 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.01.19 03:31:49 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.01.19 03:31:49 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.01.19 03:31:49 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.01.19 03:31:49 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.01.19 03:31:49 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.01.19 03:31:49 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.01.19 03:31:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.01.19 03:31:49 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.01.19 03:31:49 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.01.19 03:31:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.01.19 03:31:48 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll [2013.01.19 03:31:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.19 03:31:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.19 03:31:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.19 03:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.19 03:31:10 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.19 03:04:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Macromedia [2013.01.19 03:03:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies [2013.01.19 03:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild [2013.01.19 03:02:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer [2013.01.19 03:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2013.01.19 03:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2013.01.19 03:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager [2013.01.19 03:02:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\lm [2013.01.19 02:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM [2013.01.19 02:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer [2013.01.19 02:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer [2013.01.19 02:56:47 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K [2013.01.19 02:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer [2013.01.19 02:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Acer [2013.01.19 02:48:31 | 003,545,088 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2013.01.19 02:48:31 | 000,063,648 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll [2013.01.19 02:48:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO [2013.01.19 02:48:29 | 000,442,528 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll [2013.01.19 02:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros [2013.01.19 02:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2013.01.19 02:45:38 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.19 02:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.01.19 02:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.01.19 02:44:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.01.19 02:43:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.01.19 02:43:33 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.19 02:43:29 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.01.19 02:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.19 02:43:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\InstallShield [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Searches [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Contacts [2013.01.19 02:29:57 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.19 02:29:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Adobe [2013.01.19 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\VirtualStore [2013.01.19 02:28:53 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Packages [2013.01.19 02:28:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Vorlagen [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Verlauf [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Temporary Internet Files [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Startmenü [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\SendTo [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Recent [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Netzwerkumgebung [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Lokale Einstellungen [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Videos [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Musik [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Eigene Dateien [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\Eigene Bilder [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Druckumgebung [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Cookies [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Anwendungsdaten [2013.01.19 02:28:30 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Anwendungsdaten [2013.01.19 02:28:29 | 000,000,000 | --SD | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Videos [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Saved Games [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Pictures [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Music [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Links [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Favorites [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Downloads [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Documents [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.19 02:28:29 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.01.19 02:28:29 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Temp [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft [2013.01.19 02:28:29 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.19 02:28:28 | 000,000,000 | ---D | C] -- C:\Windows\CSC [2013.01.19 02:28:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.19 02:26:54 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.19 02:24:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.19 02:24:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.19 02:23:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.01.19 02:09:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla [2013.01.19 02:09:08 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Mozilla [2013.01.19 02:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.19 02:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.19 02:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.19 02:03:50 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\CrashDumps [2013.01.19 01:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.20 18:47:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2013.01.20 18:46:50 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2013.01.20 18:46:34 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.01.20 18:36:42 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.20 18:31:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.20 18:17:02 | 000,003,211 | ---- | M] () -- C:\Users\Stefan\Desktop\Sophos Virus Removal Tool.lnk [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.20 17:22:30 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.20 17:22:06 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.20 16:52:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 14:09:05 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.20 14:09:05 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.20 14:09:05 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.20 14:09:05 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.20 14:09:05 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.20 14:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.20 14:02:22 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.01.20 14:02:20 | 2441,379,839 | -HS- | M] () -- C:\hiberfil.sys [2013.01.20 13:56:23 | 530,690,274 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.20 12:30:25 | 000,281,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 10:20:43 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2013.01.20 10:16:04 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed World.lnk [2013.01.20 09:31:28 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.19 22:38:49 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.01.19 13:36:11 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.01.19 12:55:25 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.01.19 11:56:20 | 000,263,186 | ---- | M] () -- C:\Users\Stefan\Desktop\Minecraft.exe [2013.01.19 10:35:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.01.19 09:49:26 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013.01.19 09:48:39 | 000,007,609 | ---- | M] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg [2013.01.19 09:36:24 | 000,016,298 | ---- | M] () -- C:\Windows\SysNative\results.xml [2013.01.19 09:33:04 | 002,087,179 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB [2013.01.19 08:27:39 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS [2013.01.19 08:27:39 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.01.19 08:27:39 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.01.19 08:19:01 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2013.01.19 07:55:07 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.01.19 07:20:42 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Windows\SysNative\drivers\ETD.sys [2013.01.19 03:32:28 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl [2013.01.19 03:02:17 | 000,000,184 | ---- | M] () -- C:\Windows\LMv7.UNI [2013.01.19 03:01:37 | 000,284,240 | ---- | M] (Dritek System Inc.) -- C:\Windows\UNINSTLMv7.EXE [2013.01.19 02:56:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.01.19 02:25:55 | 000,052,435 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.19 02:25:55 | 000,052,435 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.19 02:08:58 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.19 01:39:08 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021 [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.20 18:46:50 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2013.01.20 18:46:34 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe [2013.01.20 18:36:42 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.20 18:36:42 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.01.20 18:17:02 | 000,003,211 | ---- | C] () -- C:\Users\Stefan\Desktop\Sophos Virus Removal Tool.lnk [2013.01.20 16:52:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.20 12:30:02 | 000,281,248 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.20 10:20:43 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 1942.lnk [2013.01.20 10:16:04 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed World.lnk [2013.01.19 22:48:16 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.19 22:38:49 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk [2013.01.19 22:38:34 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.19 22:38:34 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.19 22:38:30 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.19 13:36:11 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.01.19 12:55:25 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Most Wanted.lnk [2013.01.19 11:56:11 | 000,263,186 | ---- | C] () -- C:\Users\Stefan\Desktop\Minecraft.exe [2013.01.19 11:54:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.19 10:35:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.01.19 09:49:26 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013.01.19 09:48:39 | 000,007,609 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg [2013.01.19 09:36:24 | 000,016,298 | ---- | C] () -- C:\Windows\SysNative\results.xml [2013.01.19 08:27:40 | 002,087,179 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Cat.DB [2013.01.19 08:27:39 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT [2013.01.19 08:27:39 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF [2013.01.19 08:27:13 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA.inf [2013.01.19 08:27:13 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS.inf [2013.01.19 08:27:13 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymNet.inf [2013.01.19 08:27:13 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.inf [2013.01.19 08:27:13 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.inf [2013.01.19 08:27:13 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symELAM.inf [2013.01.19 08:27:13 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.inf [2013.01.19 08:27:13 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\Iron.inf [2013.01.19 08:27:02 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymVTcer.dat [2013.01.19 08:27:01 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymELAM64.cat [2013.01.19 08:27:01 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\ccSetx64.cat [2013.01.19 08:27:01 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtspx64.cat [2013.01.19 08:27:01 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymEFA64.cat [2013.01.19 08:27:01 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\symnet64.cat [2013.01.19 08:27:01 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\srtsp64.cat [2013.01.19 08:27:01 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\SymDS64.cat [2013.01.19 08:27:01 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\iron.cat [2013.01.19 08:27:00 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\isolate.ini [2013.01.19 08:19:01 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2013.01.19 08:08:25 | 003,544,134 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.19 07:55:07 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk [2013.01.19 07:35:47 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk [2013.01.19 03:35:06 | 530,690,274 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.19 03:32:28 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2013.01.19 03:32:03 | 000,014,148 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.19 03:31:55 | 000,247,560 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat [2013.01.19 03:31:55 | 000,177,462 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE4.DAT [2013.01.19 03:31:55 | 000,039,672 | ---- | C] () -- C:\Windows\SysNative\drivers\RtPCEE3.DAT [2013.01.19 03:31:55 | 000,001,448 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX3.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX2.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat [2013.01.19 03:31:55 | 000,000,520 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2013.01.19 03:31:55 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ1.dat [2013.01.19 03:31:55 | 000,000,024 | ---- | C] () -- C:\Windows\SysNative\drivers\rtkhdaud.dat [2013.01.19 03:31:52 | 000,326,245 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.19 03:02:17 | 000,000,184 | ---- | C] () -- C:\Windows\LMv7.UNI [2013.01.19 02:56:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2013.01.19 02:44:45 | 000,015,128 | R--- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.01.19 02:29:53 | 000,001,438 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.19 02:26:18 | 2441,379,839 | -HS- | C] () -- C:\hiberfil.sys [2013.01.19 02:24:03 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys [2013.01.19 02:08:58 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.19 02:08:58 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.19 01:43:39 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013.01.19 01:43:39 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.19 01:42:57 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.01.19 01:39:49 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1401000.018\VT20130115.021 [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013.01.19 13:00:11 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.20 17:03:03 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft [2013.01.19 03:36:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\lm [2013.01.20 13:58:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Origin [2013.01.19 13:37:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > |
|
20.01.2013, 19:15
| #2 |
| /// Malware-holic   | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." hi
__________________falls vorhanden, öffne Malwarebytes, Logdateien, poste alle Berichte mit funden. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ |
|
20.01.2013, 22:12
| #3 |
| | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." danke schon einmal für die schnelle Hilfe
__________________ Das Malwarebytes Log habe ich ja bereits im anfangspost eingefügt. TDSSKILLER hat leider nichts gefunden, hier trozdem nochmal die Log: Code:
ATTFilter 22:09:09.0370 5172 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:09:09.0480 5172 ============================================================
22:09:09.0480 5172 Current date / time: 2013/01/20 22:09:09.0480
22:09:09.0480 5172 SystemInfo:
22:09:09.0480 5172
22:09:09.0480 5172 OS Version: 6.2.9200 ServicePack: 0.0
22:09:09.0480 5172 Product type: Workstation
22:09:09.0480 5172 ComputerName: STEFAN-LAPTOP
22:09:09.0480 5172 UserName: Stefan
22:09:09.0480 5172 Windows directory: C:\Windows
22:09:09.0480 5172 System windows directory: C:\Windows
22:09:09.0481 5172 Running under WOW64
22:09:09.0481 5172 Processor architecture: Intel x64
22:09:09.0481 5172 Number of processors: 4
22:09:09.0481 5172 Page size: 0x1000
22:09:09.0481 5172 Boot type: Normal boot
22:09:09.0481 5172 ============================================================
22:09:10.0123 5172 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:09:10.0130 5172 ============================================================
22:09:10.0130 5172 \Device\Harddisk0\DR0:
22:09:10.0130 5172 MBR partitions:
22:09:10.0131 5172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
22:09:10.0131 5172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x3A2D6000
22:09:10.0131 5172 ============================================================
22:09:10.0156 5172 C: <-> \Device\Harddisk0\DR0\Partition2
22:09:10.0157 5172 ============================================================
22:09:10.0157 5172 Initialize success
22:09:10.0157 5172 ============================================================
22:09:22.0616 5792 ============================================================
22:09:22.0616 5792 Scan started
22:09:22.0616 5792 Mode: Manual; SigCheck; TDLFS;
22:09:22.0616 5792 ============================================================
22:09:23.0048 5792 ================ Scan system memory ========================
22:09:23.0048 5792 System memory - ok
22:09:23.0049 5792 ================ Scan services =============================
22:09:23.0243 5792 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
22:09:23.0343 5792 1394ohci - ok
22:09:23.0377 5792 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
22:09:23.0401 5792 3ware - ok
22:09:23.0441 5792 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:09:23.0475 5792 ACPI - ok
22:09:23.0496 5792 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
22:09:23.0508 5792 acpiex - ok
22:09:23.0524 5792 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
22:09:23.0548 5792 acpipagr - ok
22:09:23.0553 5792 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
22:09:23.0588 5792 AcpiPmi - ok
22:09:23.0606 5792 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
22:09:23.0628 5792 acpitime - ok
22:09:23.0753 5792 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:09:23.0776 5792 AdobeFlashPlayerUpdateSvc - ok
22:09:23.0810 5792 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:09:23.0844 5792 adp94xx - ok
22:09:23.0901 5792 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:09:23.0929 5792 adpahci - ok
22:09:23.0937 5792 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:09:23.0951 5792 adpu320 - ok
22:09:23.0994 5792 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:09:24.0042 5792 AeLookupSvc - ok
22:09:24.0079 5792 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
22:09:24.0142 5792 AFD - ok
22:09:24.0172 5792 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:09:24.0192 5792 agp440 - ok
22:09:24.0214 5792 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
22:09:24.0288 5792 ALG - ok
22:09:24.0318 5792 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
22:09:24.0365 5792 AllUserInstallAgent - ok
22:09:24.0390 5792 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
22:09:24.0436 5792 AmdK8 - ok
22:09:24.0461 5792 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
22:09:24.0489 5792 AmdPPM - ok
22:09:24.0521 5792 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:09:24.0541 5792 amdsata - ok
22:09:24.0567 5792 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:09:24.0596 5792 amdsbs - ok
22:09:24.0620 5792 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:09:24.0640 5792 amdxata - ok
22:09:24.0700 5792 [ 690E9CFCB6EA1E21BE32D88420B44943 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:09:24.0740 5792 ApfiltrService - ok
22:09:24.0773 5792 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
22:09:24.0837 5792 AppID - ok
22:09:24.0863 5792 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:09:24.0904 5792 AppIDSvc - ok
22:09:24.0935 5792 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
22:09:24.0975 5792 Appinfo - ok
22:09:25.0006 5792 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:09:25.0055 5792 AppMgmt - ok
22:09:25.0090 5792 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
22:09:25.0111 5792 arc - ok
22:09:25.0147 5792 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:09:25.0168 5792 arcsas - ok
22:09:25.0194 5792 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:09:25.0227 5792 AsyncMac - ok
22:09:25.0250 5792 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
22:09:25.0270 5792 atapi - ok
22:09:25.0379 5792 [ 4EF8D5C1C0A02A9D1C2C465BA730EE69 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:09:25.0530 5792 athr - ok
22:09:25.0562 5792 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
22:09:25.0617 5792 AudioEndpointBuilder - ok
22:09:25.0661 5792 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:09:25.0725 5792 Audiosrv - ok
22:09:25.0766 5792 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:09:25.0812 5792 AxInstSV - ok
22:09:25.0853 5792 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:09:25.0885 5792 b06bdrv - ok
22:09:25.0919 5792 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
22:09:25.0963 5792 BasicDisplay - ok
22:09:25.0980 5792 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
22:09:26.0005 5792 BasicRender - ok
22:09:26.0051 5792 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
22:09:26.0102 5792 BDESVC - ok
22:09:26.0123 5792 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
22:09:26.0163 5792 Beep - ok
22:09:26.0200 5792 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
22:09:26.0267 5792 BFE - ok
22:09:26.0434 5792 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20130111.001\BHDrvx64.sys
22:09:26.0503 5792 BHDrvx64 - ok
22:09:26.0547 5792 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
22:09:26.0644 5792 BITS - ok
22:09:26.0672 5792 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:09:26.0712 5792 bowser - ok
22:09:26.0752 5792 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
22:09:26.0792 5792 BrokerInfrastructure - ok
22:09:26.0825 5792 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
22:09:26.0874 5792 Browser - ok
22:09:26.0901 5792 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
22:09:26.0953 5792 BthAvrcpTg - ok
22:09:26.0975 5792 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
22:09:27.0096 5792 BthHFEnum - ok
22:09:27.0120 5792 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
22:09:27.0156 5792 bthhfhid - ok
22:09:27.0189 5792 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
22:09:27.0227 5792 BTHMODEM - ok
22:09:27.0272 5792 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
22:09:27.0294 5792 bthserv - ok
22:09:27.0350 5792 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1401000.018\ccSetx64.sys
22:09:27.0369 5792 ccSet_NIS - ok
22:09:27.0395 5792 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:09:27.0446 5792 cdfs - ok
22:09:27.0471 5792 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
22:09:27.0521 5792 cdrom - ok
22:09:27.0543 5792 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
22:09:27.0589 5792 CertPropSvc - ok
22:09:27.0613 5792 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
22:09:27.0664 5792 circlass - ok
22:09:27.0688 5792 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
22:09:27.0717 5792 CLFS - ok
22:09:27.0754 5792 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
22:09:27.0803 5792 CmBatt - ok
22:09:27.0839 5792 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
22:09:27.0878 5792 CNG - ok
22:09:27.0901 5792 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
22:09:27.0950 5792 CompositeBus - ok
22:09:27.0957 5792 COMSysApp - ok
22:09:27.0971 5792 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
22:09:28.0005 5792 condrv - ok
22:09:28.0082 5792 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:09:28.0102 5792 cphs - ok
22:09:28.0155 5792 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:09:28.0189 5792 CryptSvc - ok
22:09:28.0226 5792 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys
22:09:28.0287 5792 CSC - ok
22:09:28.0330 5792 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll
22:09:28.0407 5792 CscService - ok
22:09:28.0439 5792 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
22:09:28.0459 5792 dam - ok
22:09:28.0513 5792 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
22:09:28.0587 5792 DcomLaunch - ok
22:09:28.0621 5792 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:09:28.0708 5792 defragsvc - ok
22:09:28.0729 5792 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
22:09:28.0780 5792 DeviceAssociationService - ok
22:09:28.0856 5792 [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
22:09:28.0886 5792 DeviceFastLaneService - ok
22:09:28.0941 5792 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
22:09:28.0981 5792 DeviceInstall - ok
22:09:29.0017 5792 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
22:09:29.0066 5792 Dfsc - ok
22:09:29.0093 5792 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:09:29.0128 5792 Dhcp - ok
22:09:29.0160 5792 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
22:09:29.0192 5792 discache - ok
22:09:29.0213 5792 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
22:09:29.0234 5792 disk - ok
22:09:29.0259 5792 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
22:09:29.0309 5792 dmvsc - ok
22:09:29.0341 5792 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:09:29.0394 5792 Dnscache - ok
22:09:29.0442 5792 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
22:09:29.0522 5792 dot3svc - ok
22:09:29.0561 5792 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
22:09:29.0606 5792 DPS - ok
22:09:29.0643 5792 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:09:29.0697 5792 drmkaud - ok
22:09:29.0763 5792 [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
22:09:29.0789 5792 DsiWMIService - ok
22:09:29.0816 5792 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
22:09:29.0883 5792 DsmSvc - ok
22:09:29.0931 5792 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:09:30.0016 5792 DXGKrnl - ok
22:09:30.0050 5792 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
22:09:30.0084 5792 Eaphost - ok
22:09:30.0185 5792 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:09:30.0333 5792 ebdrv - ok
22:09:30.0392 5792 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:09:30.0419 5792 eeCtrl - ok
22:09:30.0447 5792 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
22:09:30.0495 5792 EFS - ok
22:09:30.0525 5792 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
22:09:30.0545 5792 EhStorClass - ok
22:09:30.0566 5792 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
22:09:30.0587 5792 EhStorTcgDrv - ok
22:09:30.0645 5792 [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
22:09:30.0692 5792 ePowerSvc - ok
22:09:30.0738 5792 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:09:30.0754 5792 EraserUtilRebootDrv - ok
22:09:30.0774 5792 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
22:09:30.0823 5792 ErrDev - ok
22:09:30.0888 5792 [ 733A4767D59459282B55B6C780239F47 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
22:09:30.0909 5792 ETD - ok
22:09:30.0952 5792 [ 4D9102900BAF1E64596731F18C229C73 ] ETDService C:\Program Files\Elantech\ETDService.exe
22:09:30.0965 5792 ETDService - ok
22:09:31.0017 5792 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
22:09:31.0081 5792 EventSystem - ok
22:09:31.0117 5792 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
22:09:31.0157 5792 exfat - ok
22:09:31.0191 5792 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:09:31.0215 5792 fastfat - ok
22:09:31.0263 5792 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
22:09:31.0321 5792 Fax - ok
22:09:31.0344 5792 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
22:09:31.0382 5792 fdc - ok
22:09:31.0411 5792 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
22:09:31.0458 5792 fdPHost - ok
22:09:31.0465 5792 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
22:09:31.0517 5792 FDResPub - ok
22:09:31.0559 5792 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
22:09:31.0595 5792 fhsvc - ok
22:09:31.0627 5792 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:09:31.0649 5792 FileInfo - ok
22:09:31.0668 5792 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:09:31.0718 5792 Filetrace - ok
22:09:31.0740 5792 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
22:09:31.0779 5792 flpydisk - ok
22:09:31.0812 5792 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:09:31.0842 5792 FltMgr - ok
22:09:31.0893 5792 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
22:09:31.0979 5792 FontCache - ok
22:09:32.0071 5792 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:09:32.0089 5792 FontCache3.0.0.0 - ok
22:09:32.0106 5792 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:09:32.0127 5792 FsDepends - ok
22:09:32.0144 5792 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:09:32.0163 5792 Fs_Rec - ok
22:09:32.0184 5792 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:09:32.0217 5792 fvevol - ok
22:09:32.0239 5792 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
22:09:32.0270 5792 FxPPM - ok
22:09:32.0296 5792 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:09:32.0316 5792 gagp30kx - ok
22:09:32.0335 5792 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
22:09:32.0367 5792 gencounter - ok
22:09:32.0404 5792 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
22:09:32.0426 5792 GPIOClx0101 - ok
22:09:32.0481 5792 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
22:09:32.0548 5792 gpsvc - ok
22:09:32.0573 5792 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:09:32.0616 5792 HdAudAddService - ok
22:09:32.0652 5792 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
22:09:32.0700 5792 HDAudBus - ok
22:09:32.0739 5792 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
22:09:32.0774 5792 HidBatt - ok
22:09:32.0796 5792 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
22:09:32.0837 5792 HidBth - ok
22:09:32.0872 5792 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
22:09:32.0916 5792 hidi2c - ok
22:09:32.0929 5792 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
22:09:32.0977 5792 HidIr - ok
22:09:33.0003 5792 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
22:09:33.0034 5792 hidserv - ok
22:09:33.0065 5792 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
22:09:33.0103 5792 HidUsb - ok
22:09:33.0128 5792 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:09:33.0167 5792 hkmsvc - ok
22:09:33.0205 5792 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:09:33.0264 5792 HomeGroupListener - ok
22:09:33.0300 5792 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:09:33.0333 5792 HomeGroupProvider - ok
22:09:33.0368 5792 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:09:33.0389 5792 HpSAMD - ok
22:09:33.0437 5792 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:09:33.0495 5792 HTTP - ok
22:09:33.0517 5792 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:09:33.0535 5792 hwpolicy - ok
22:09:33.0553 5792 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
22:09:33.0580 5792 hyperkbd - ok
22:09:33.0600 5792 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
22:09:33.0634 5792 HyperVideo - ok
22:09:33.0663 5792 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
22:09:33.0697 5792 i8042prt - ok
22:09:33.0754 5792 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:09:33.0782 5792 iaStor - ok
22:09:33.0842 5792 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:09:33.0874 5792 iaStorV - ok
22:09:34.0029 5792 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20130118.001\IDSvia64.sys
22:09:34.0057 5792 IDSVia64 - ok
22:09:34.0223 5792 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:09:34.0419 5792 igfx - ok
22:09:34.0434 5792 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:09:34.0453 5792 iirsp - ok
22:09:34.0494 5792 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
22:09:34.0542 5792 IKEEXT - ok
22:09:34.0669 5792 [ DDC860724AEF8F8E42AC61E6585769C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:09:34.0832 5792 IntcAzAudAddService - ok
22:09:34.0884 5792 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:09:34.0934 5792 IntcDAud - ok
22:09:35.0000 5792 [ 2D66067C7A8A0112156BCD1C0BAA7042 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:09:35.0033 5792 Intel(R) Capability Licensing Service Interface - ok
22:09:35.0059 5792 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
22:09:35.0075 5792 intelide - ok
22:09:35.0101 5792 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
22:09:35.0129 5792 intelppm - ok
22:09:35.0151 5792 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:09:35.0171 5792 IpFilterDriver - ok
22:09:35.0208 5792 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:09:35.0249 5792 iphlpsvc - ok
22:09:35.0263 5792 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
22:09:35.0294 5792 IPMIDRV - ok
22:09:35.0323 5792 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:09:35.0346 5792 IPNAT - ok
22:09:35.0361 5792 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:09:35.0408 5792 IRENUM - ok
22:09:35.0421 5792 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:09:35.0439 5792 isapnp - ok
22:09:35.0468 5792 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
22:09:35.0494 5792 iScsiPrt - ok
22:09:35.0546 5792 [ 12DADA7E8BE1AED392F049CD6258C351 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:09:35.0565 5792 jhi_service - ok
22:09:35.0596 5792 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
22:09:35.0618 5792 kbdclass - ok
22:09:35.0634 5792 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
22:09:35.0669 5792 kbdhid - ok
22:09:35.0688 5792 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
22:09:35.0728 5792 kdnic - ok
22:09:35.0751 5792 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
22:09:35.0778 5792 KeyIso - ok
22:09:35.0816 5792 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:09:35.0839 5792 KSecDD - ok
22:09:35.0877 5792 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:09:35.0899 5792 KSecPkg - ok
22:09:35.0924 5792 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:09:35.0953 5792 ksthunk - ok
22:09:35.0986 5792 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
22:09:36.0026 5792 KtmRm - ok
22:09:36.0061 5792 [ E8394F7CA5107A61A60729CEA7A21FF6 ] L1C C:\Windows\system32\DRIVERS\L1C63x64.sys
22:09:36.0074 5792 L1C - ok
22:09:36.0110 5792 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
22:09:36.0148 5792 LanmanServer - ok
22:09:36.0191 5792 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:09:36.0211 5792 LanmanWorkstation - ok
22:09:36.0233 5792 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:09:36.0252 5792 lltdio - ok
22:09:36.0309 5792 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:09:36.0350 5792 lltdsvc - ok
22:09:36.0373 5792 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:09:36.0407 5792 lmhosts - ok
22:09:36.0433 5792 [ 8D82CBBF5A8532D9A21A64BBCB774EE7 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:09:36.0454 5792 LMS - ok
22:09:36.0503 5792 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:09:36.0524 5792 LSI_SAS - ok
22:09:36.0558 5792 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:09:36.0578 5792 LSI_SAS2 - ok
22:09:36.0595 5792 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:09:36.0616 5792 LSI_SCSI - ok
22:09:36.0657 5792 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
22:09:36.0678 5792 LSI_SSS - ok
22:09:36.0738 5792 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\Windows\System32\lsm.dll
22:09:36.0778 5792 LSM - ok
22:09:36.0807 5792 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
22:09:36.0853 5792 luafv - ok
22:09:36.0874 5792 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
22:09:36.0893 5792 megasas - ok
22:09:36.0917 5792 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:09:36.0946 5792 MegaSR - ok
22:09:36.0977 5792 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
22:09:36.0991 5792 MEIx64 - ok
22:09:37.0023 5792 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
22:09:37.0059 5792 MMCSS - ok
22:09:37.0079 5792 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
22:09:37.0119 5792 Modem - ok
22:09:37.0146 5792 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:09:37.0179 5792 monitor - ok
22:09:37.0186 5792 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
22:09:37.0205 5792 mouclass - ok
22:09:37.0230 5792 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
22:09:37.0266 5792 mouhid - ok
22:09:37.0284 5792 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:09:37.0305 5792 mountmgr - ok
22:09:37.0358 5792 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:09:37.0375 5792 MozillaMaintenance - ok
22:09:37.0403 5792 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:09:37.0443 5792 mpsdrv - ok
22:09:37.0486 5792 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:09:37.0545 5792 MpsSvc - ok
22:09:37.0583 5792 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:09:37.0620 5792 MRxDAV - ok
22:09:37.0652 5792 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:09:37.0697 5792 mrxsmb - ok
22:09:37.0731 5792 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:09:37.0762 5792 mrxsmb10 - ok
22:09:37.0793 5792 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:09:37.0831 5792 mrxsmb20 - ok
22:09:37.0899 5792 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
22:09:37.0934 5792 MsBridge - ok
22:09:37.0961 5792 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
22:09:37.0996 5792 MSDTC - ok
22:09:38.0018 5792 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:09:38.0056 5792 Msfs - ok
22:09:38.0082 5792 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
22:09:38.0101 5792 msgpiowin32 - ok
22:09:38.0117 5792 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:09:38.0152 5792 mshidkmdf - ok
22:09:38.0171 5792 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
22:09:38.0201 5792 mshidumdf - ok
22:09:38.0222 5792 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:09:38.0241 5792 msisadrv - ok
22:09:38.0269 5792 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:09:38.0312 5792 MSiSCSI - ok
22:09:38.0319 5792 msiserver - ok
22:09:38.0332 5792 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:09:38.0370 5792 MSKSSRV - ok
22:09:38.0395 5792 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
22:09:38.0426 5792 MsLldp - ok
22:09:38.0445 5792 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:09:38.0466 5792 MSPCLOCK - ok
22:09:38.0489 5792 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:09:38.0509 5792 MSPQM - ok
22:09:38.0535 5792 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:09:38.0566 5792 MsRPC - ok
22:09:38.0575 5792 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
22:09:38.0587 5792 mssmbios - ok
22:09:38.0598 5792 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:09:38.0618 5792 MSTEE - ok
22:09:38.0647 5792 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
22:09:38.0659 5792 MTConfig - ok
22:09:38.0677 5792 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
22:09:38.0691 5792 Mup - ok
22:09:38.0717 5792 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
22:09:38.0737 5792 mvumis - ok
22:09:38.0781 5792 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
22:09:38.0815 5792 napagent - ok
22:09:38.0836 5792 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:09:38.0865 5792 NativeWifiP - ok
22:09:38.0958 5792 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\ENG64.SYS
22:09:38.0975 5792 NAVENG - ok
22:09:39.0032 5792 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20130119.024\EX64.SYS
22:09:39.0131 5792 NAVEX15 - ok
22:09:39.0166 5792 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
22:09:39.0192 5792 NcaSvc - ok
22:09:39.0213 5792 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
22:09:39.0245 5792 NcdAutoSetup - ok
22:09:39.0300 5792 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:09:39.0356 5792 NDIS - ok
22:09:39.0380 5792 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:09:39.0405 5792 NdisCap - ok
22:09:39.0427 5792 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
22:09:39.0447 5792 NdisImPlatform - ok
22:09:39.0478 5792 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:09:39.0508 5792 NdisTapi - ok
22:09:39.0525 5792 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:09:39.0545 5792 Ndisuio - ok
22:09:39.0552 5792 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:09:39.0572 5792 NdisWan - ok
22:09:39.0577 5792 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
22:09:39.0593 5792 NDISWANLEGACY - ok
22:09:39.0625 5792 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:09:39.0637 5792 NDProxy - ok
22:09:39.0642 5792 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
22:09:39.0656 5792 Ndu - ok
22:09:39.0666 5792 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:09:39.0682 5792 NetBIOS - ok
22:09:39.0703 5792 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:09:39.0742 5792 NetBT - ok
22:09:39.0756 5792 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
22:09:39.0769 5792 Netlogon - ok
22:09:39.0806 5792 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
22:09:39.0840 5792 Netman - ok
22:09:39.0864 5792 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\Windows\System32\netprofmsvc.dll
22:09:39.0903 5792 netprofm - ok
22:09:39.0956 5792 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:09:39.0977 5792 NetTcpPortSharing - ok
22:09:40.0010 5792 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:09:40.0029 5792 nfrd960 - ok
22:09:40.0080 5792 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.1.0.24\ccSvcHst.exe
22:09:40.0096 5792 NIS - ok
22:09:40.0129 5792 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:09:40.0190 5792 NlaSvc - ok
22:09:40.0209 5792 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:09:40.0230 5792 Npfs - ok
22:09:40.0241 5792 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
22:09:40.0282 5792 npsvctrig - ok
22:09:40.0304 5792 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
22:09:40.0341 5792 nsi - ok
22:09:40.0347 5792 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:09:40.0382 5792 nsiproxy - ok
22:09:40.0460 5792 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:09:40.0548 5792 Ntfs - ok
22:09:40.0557 5792 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
22:09:40.0568 5792 Null - ok
22:09:40.0861 5792 [ 076C32433B06AAAD72742774E56FB854 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:09:41.0203 5792 nvlddmkm - ok
22:09:41.0223 5792 [ 0AFB4857ADD1D11012E6B38C9F4B625B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
22:09:41.0229 5792 nvpciflt - ok
22:09:41.0242 5792 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:09:41.0264 5792 nvraid - ok
22:09:41.0280 5792 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:09:41.0304 5792 nvstor - ok
22:09:41.0339 5792 [ A9495A3AAAB5E470F2460F85849A5F66 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:09:41.0376 5792 nvsvc - ok
22:09:41.0442 5792 [ 249357999355A998AA94A3673C3367EB ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:09:41.0509 5792 nvUpdatusService - ok
22:09:41.0532 5792 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:09:41.0554 5792 nv_agp - ok
22:09:41.0609 5792 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:09:41.0668 5792 p2pimsvc - ok
22:09:41.0705 5792 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
22:09:41.0746 5792 p2psvc - ok
22:09:41.0769 5792 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
22:09:41.0800 5792 Parport - ok
22:09:41.0817 5792 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:09:41.0837 5792 partmgr - ok
22:09:41.0871 5792 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:09:41.0924 5792 PcaSvc - ok
22:09:41.0936 5792 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
22:09:41.0961 5792 pci - ok
22:09:41.0983 5792 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
22:09:42.0001 5792 pciide - ok
22:09:42.0023 5792 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:09:42.0048 5792 pcmcia - ok
22:09:42.0079 5792 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
22:09:42.0098 5792 pcw - ok
22:09:42.0129 5792 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
22:09:42.0149 5792 pdc - ok
22:09:42.0182 5792 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:09:42.0221 5792 PEAUTH - ok
22:09:42.0316 5792 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:09:42.0448 5792 PeerDistSvc - ok
22:09:42.0539 5792 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:09:42.0575 5792 PerfHost - ok
22:09:42.0637 5792 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
22:09:42.0710 5792 pla - ok
22:09:42.0740 5792 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:09:42.0755 5792 PlugPlay - ok
22:09:42.0774 5792 PnkBstrA - ok
22:09:42.0792 5792 PnkBstrB - ok
22:09:42.0803 5792 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:09:42.0830 5792 PNRPAutoReg - ok
22:09:42.0851 5792 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:09:42.0867 5792 PNRPsvc - ok
22:09:42.0906 5792 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:09:42.0941 5792 PolicyAgent - ok
22:09:42.0974 5792 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
22:09:43.0013 5792 Power - ok
22:09:43.0041 5792 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:09:43.0080 5792 PptpMiniport - ok
22:09:43.0193 5792 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
22:09:43.0329 5792 PrintNotify - ok
22:09:43.0361 5792 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
22:09:43.0389 5792 Processor - ok
22:09:43.0417 5792 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
22:09:43.0455 5792 ProfSvc - ok
22:09:43.0482 5792 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:09:43.0528 5792 Psched - ok
22:09:43.0559 5792 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
22:09:43.0597 5792 QWAVE - ok
22:09:43.0604 5792 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:09:43.0625 5792 QWAVEdrv - ok
22:09:43.0647 5792 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:09:43.0684 5792 RasAcd - ok
22:09:43.0716 5792 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:09:43.0751 5792 RasAgileVpn - ok
22:09:43.0785 5792 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
22:09:43.0832 5792 RasAuto - ok
22:09:43.0854 5792 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:09:43.0900 5792 Rasl2tp - ok
22:09:43.0964 5792 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
22:09:44.0006 5792 RasMan - ok
22:09:44.0041 5792 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:09:44.0067 5792 RasPppoe - ok
22:09:44.0102 5792 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:09:44.0128 5792 RasSstp - ok
22:09:44.0152 5792 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:09:44.0180 5792 rdbss - ok
22:09:44.0196 5792 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
22:09:44.0231 5792 rdpbus - ok
22:09:44.0241 5792 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:09:44.0290 5792 RDPDR - ok
22:09:44.0322 5792 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:09:44.0341 5792 RdpVideoMiniport - ok
22:09:44.0358 5792 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:09:44.0381 5792 RDPWD - ok
22:09:44.0407 5792 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:09:44.0433 5792 rdyboost - ok
22:09:44.0467 5792 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:09:44.0507 5792 RemoteAccess - ok
22:09:44.0537 5792 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:09:44.0584 5792 RemoteRegistry - ok
22:09:44.0617 5792 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:09:44.0640 5792 RpcEptMapper - ok
22:09:44.0666 5792 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
22:09:44.0689 5792 RpcLocator - ok
22:09:44.0724 5792 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
22:09:44.0755 5792 RpcSs - ok
22:09:44.0788 5792 [ E909662BF3CED6B79F2239DDA75BC6A4 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
22:09:44.0801 5792 RSPCIESTOR - ok
22:09:44.0821 5792 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:09:44.0852 5792 rspndr - ok
22:09:44.0872 5792 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
22:09:44.0885 5792 s3cap - ok
22:09:44.0907 5792 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
22:09:44.0921 5792 SamSs - ok
22:09:44.0936 5792 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:09:44.0951 5792 sbp2port - ok
22:09:44.0966 5792 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:09:44.0987 5792 SCardSvr - ok
22:09:45.0006 5792 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:09:45.0035 5792 scfilter - ok
22:09:45.0088 5792 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
22:09:45.0164 5792 Schedule - ok
22:09:45.0193 5792 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:09:45.0211 5792 SCPolicySvc - ok
22:09:45.0243 5792 [ 66E29CADF9FF6C8325C356BDD617F7EA ] sdbus C:\Windows\System32\drivers\sdbus.sys
22:09:45.0259 5792 sdbus - ok
22:09:45.0291 5792 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:09:45.0321 5792 SDRSVC - ok
22:09:45.0434 5792 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:09:45.0490 5792 SDScannerService - ok
22:09:45.0530 5792 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
22:09:45.0551 5792 sdstor - ok
22:09:45.0620 5792 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:09:45.0684 5792 SDUpdateService - ok
22:09:45.0703 5792 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:09:45.0713 5792 SDWSCService - ok
22:09:45.0731 5792 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:09:45.0743 5792 secdrv - ok
22:09:45.0756 5792 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
22:09:45.0785 5792 seclogon - ok
22:09:45.0807 5792 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
22:09:45.0840 5792 SENS - ok
22:09:45.0875 5792 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:09:45.0894 5792 SensrSvc - ok
22:09:45.0919 5792 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
22:09:45.0931 5792 SerCx - ok
22:09:45.0945 5792 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
22:09:45.0974 5792 Serenum - ok
22:09:45.0979 5792 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
22:09:46.0004 5792 Serial - ok
22:09:46.0009 5792 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
22:09:46.0027 5792 sermouse - ok
22:09:46.0070 5792 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
22:09:46.0088 5792 SessionEnv - ok
22:09:46.0093 5792 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
22:09:46.0118 5792 sfloppy - ok
22:09:46.0152 5792 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:09:46.0201 5792 SharedAccess - ok
22:09:46.0256 5792 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:09:46.0374 5792 ShellHWDetection - ok
22:09:46.0389 5792 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:09:46.0409 5792 SiSRaid2 - ok
22:09:46.0422 5792 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:09:46.0444 5792 SiSRaid4 - ok
22:09:46.0467 5792 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:09:46.0510 5792 SNMPTRAP - ok
22:09:46.0540 5792 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
22:09:46.0566 5792 spaceport - ok
22:09:46.0575 5792 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
22:09:46.0606 5792 SpbCx - ok
22:09:46.0651 5792 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
22:09:46.0696 5792 Spooler - ok
22:09:46.0820 5792 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
22:09:46.0890 5792 sppsvc - ok
22:09:46.0940 5792 [ B2FE88C5E621C8345CC9BAC5CFD366B0 ] SRTSP C:\Windows\system32\drivers\NISx64\1401000.018\SRTSP64.SYS
22:09:46.0973 5792 SRTSP - ok
22:09:46.0990 5792 [ 1B884D876E87EABF5A3356BBD7321412 ] SRTSPX C:\Windows\system32\drivers\NISx64\1401000.018\SRTSPX64.SYS
22:09:46.0998 5792 SRTSPX - ok
22:09:47.0022 5792 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:09:47.0050 5792 srv - ok
22:09:47.0084 5792 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:09:47.0139 5792 srv2 - ok
22:09:47.0170 5792 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:09:47.0194 5792 srvnet - ok
22:09:47.0218 5792 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:09:47.0253 5792 SSDPSRV - ok
22:09:47.0296 5792 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:09:47.0323 5792 SstpSvc - ok
22:09:47.0347 5792 Steam Client Service - ok
22:09:47.0361 5792 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:09:47.0380 5792 stexstor - ok
22:09:47.0430 5792 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
22:09:47.0472 5792 stisvc - ok
22:09:47.0508 5792 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
22:09:47.0528 5792 storahci - ok
22:09:47.0539 5792 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:09:47.0558 5792 storflt - ok
22:09:47.0581 5792 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
22:09:47.0611 5792 StorSvc - ok
22:09:47.0627 5792 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:09:47.0645 5792 storvsc - ok
22:09:47.0662 5792 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys
22:09:47.0690 5792 storvsp - ok
22:09:47.0724 5792 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
22:09:47.0756 5792 svsvc - ok
22:09:47.0780 5792 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
22:09:47.0798 5792 swenum - ok
22:09:47.0823 5792 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
22:09:47.0874 5792 swprv - ok
22:09:47.0917 5792 [ 688BBE78970E639BC1D66AE733394DCF ] SymDS C:\Windows\system32\drivers\NISx64\1401000.018\SYMDS64.SYS
22:09:47.0948 5792 SymDS - ok
22:09:47.0998 5792 [ A17EE0D0D762CC9B56FB9218D7089AFB ] SymEFA C:\Windows\system32\drivers\NISx64\1401000.018\SYMEFA64.SYS
22:09:48.0060 5792 SymEFA - ok
22:09:48.0082 5792 [ 42947647F71E9EF2167B42B372F1DDB7 ] SymELAM C:\Windows\system32\drivers\NISx64\1401000.018\SymELAM.sys
22:09:48.0102 5792 SymELAM - ok
22:09:48.0151 5792 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:09:48.0166 5792 SymEvent - ok
22:09:48.0192 5792 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1401000.018\Ironx64.SYS
22:09:48.0212 5792 SymIRON - ok
22:09:48.0227 5792 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\system32\drivers\NISx64\1401000.018\SYMNETS.SYS
22:09:48.0252 5792 SymNetS - ok
22:09:48.0387 5792 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
22:09:48.0458 5792 SysMain - ok
22:09:48.0494 5792 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
22:09:48.0537 5792 SystemEventsBroker - ok
22:09:48.0565 5792 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
22:09:48.0602 5792 TabletInputService - ok
22:09:48.0621 5792 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:09:48.0666 5792 TapiSrv - ok
22:09:48.0733 5792 [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:09:48.0827 5792 Tcpip - ok
22:09:48.0887 5792 [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:09:48.0952 5792 TCPIP6 - ok
22:09:48.0970 5792 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:09:48.0982 5792 tcpipreg - ok
22:09:48.0994 5792 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:09:49.0031 5792 tdx - ok
22:09:49.0050 5792 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
22:09:49.0070 5792 terminpt - ok
22:09:49.0111 5792 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
22:09:49.0156 5792 TermService - ok
22:09:49.0176 5792 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
22:09:49.0221 5792 Themes - ok
22:09:49.0250 5792 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
22:09:49.0271 5792 THREADORDER - ok
22:09:49.0307 5792 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
22:09:49.0346 5792 TimeBroker - ok
22:09:49.0377 5792 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
22:09:49.0407 5792 TPM - ok
22:09:49.0437 5792 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
22:09:49.0473 5792 TrkWks - ok
22:09:49.0521 5792 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:09:49.0572 5792 TrustedInstaller - ok
22:09:49.0597 5792 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:09:49.0627 5792 TsUsbFlt - ok
22:09:49.0647 5792 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
22:09:49.0674 5792 TsUsbGD - ok
22:09:49.0700 5792 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:09:49.0727 5792 tunnel - ok
22:09:49.0732 5792 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:09:49.0746 5792 uagp35 - ok
22:09:49.0764 5792 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
22:09:49.0778 5792 UASPStor - ok
22:09:49.0800 5792 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
22:09:49.0824 5792 UCX01000 - ok
22:09:49.0853 5792 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:09:49.0889 5792 udfs - ok
22:09:49.0927 5792 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:09:49.0973 5792 UI0Detect - ok
22:09:49.0990 5792 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:09:50.0010 5792 uliagpkx - ok
22:09:50.0027 5792 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
22:09:50.0056 5792 umbus - ok
22:09:50.0073 5792 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
22:09:50.0102 5792 UmPass - ok
22:09:50.0138 5792 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
22:09:50.0180 5792 UmRdpService - ok
22:09:50.0244 5792 [ 875A3B86D821151C84A4DFD40309C72D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:09:50.0268 5792 UNS - ok
22:09:50.0311 5792 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
22:09:50.0347 5792 upnphost - ok
22:09:50.0375 5792 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
22:09:50.0408 5792 usbccgp - ok
22:09:50.0431 5792 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
22:09:50.0486 5792 usbcir - ok
22:09:50.0511 5792 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
22:09:50.0532 5792 usbehci - ok
22:09:50.0570 5792 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
22:09:50.0604 5792 usbhub - ok
22:09:50.0637 5792 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
22:09:50.0656 5792 USBHUB3 - ok
22:09:50.0684 5792 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
22:09:50.0713 5792 usbohci - ok
22:09:50.0739 5792 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
22:09:50.0789 5792 usbprint - ok
22:09:50.0812 5792 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
22:09:50.0835 5792 USBSTOR - ok
22:09:50.0864 5792 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
22:09:50.0896 5792 usbuhci - ok
22:09:50.0926 5792 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:09:50.0965 5792 usbvideo - ok
22:09:51.0005 5792 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
22:09:51.0034 5792 USBXHCI - ok
22:09:51.0047 5792 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
22:09:51.0070 5792 VaultSvc - ok
22:09:51.0090 5792 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:09:51.0110 5792 vdrvroot - ok
22:09:51.0147 5792 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
22:09:51.0192 5792 vds - ok
22:09:51.0212 5792 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
22:09:51.0234 5792 VerifierExt - ok
22:09:51.0260 5792 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
22:09:51.0291 5792 vhdmp - ok
22:09:51.0300 5792 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
22:09:51.0311 5792 viaide - ok
22:09:51.0327 5792 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys
22:09:51.0351 5792 Vid - ok
22:09:51.0372 5792 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:09:51.0386 5792 vmbus - ok
22:09:51.0393 5792 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
22:09:51.0406 5792 VMBusHID - ok
22:09:51.0411 5792 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
22:09:51.0424 5792 vmbusr - ok
22:09:51.0450 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
22:09:51.0478 5792 vmicheartbeat - ok
22:09:51.0494 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
22:09:51.0510 5792 vmickvpexchange - ok
22:09:51.0527 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
22:09:51.0543 5792 vmicrdv - ok
22:09:51.0560 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
22:09:51.0576 5792 vmicshutdown - ok
22:09:51.0594 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
22:09:51.0620 5792 vmictimesync - ok
22:09:51.0638 5792 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
22:09:51.0665 5792 vmicvss - ok
22:09:51.0686 5792 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:09:51.0707 5792 volmgr - ok
22:09:51.0726 5792 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:09:51.0745 5792 volmgrx - ok
22:09:51.0758 5792 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:09:51.0777 5792 volsnap - ok
22:09:51.0790 5792 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
22:09:51.0803 5792 vpci - ok
22:09:51.0809 5792 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
22:09:51.0834 5792 vpcivsp - ok
22:09:51.0852 5792 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:09:51.0866 5792 vsmraid - ok
22:09:51.0906 5792 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
22:09:51.0959 5792 VSS - ok
22:09:51.0985 5792 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
22:09:52.0020 5792 VSTXRAID - ok
22:09:52.0042 5792 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:09:52.0077 5792 vwifibus - ok
22:09:52.0099 5792 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:09:52.0121 5792 vwififlt - ok
22:09:52.0136 5792 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:09:52.0157 5792 vwifimp - ok
22:09:52.0190 5792 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
22:09:52.0240 5792 W32Time - ok
22:09:52.0275 5792 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
22:09:52.0309 5792 WacomPen - ok
22:09:52.0340 5792 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:09:52.0360 5792 Wanarp - ok
22:09:52.0372 5792 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:09:52.0385 5792 Wanarpv6 - ok
22:09:52.0453 5792 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
22:09:52.0523 5792 wbengine - ok
22:09:52.0537 5792 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:09:52.0568 5792 WbioSrvc - ok
22:09:52.0588 5792 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
22:09:52.0605 5792 Wcmsvc - ok
22:09:52.0637 5792 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:09:52.0684 5792 wcncsvc - ok
22:09:52.0715 5792 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:09:52.0753 5792 WcsPlugInService - ok
22:09:52.0777 5792 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
22:09:52.0796 5792 Wd - ok
22:09:52.0813 5792 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
22:09:52.0833 5792 WdBoot - ok
22:09:52.0859 5792 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:09:52.0911 5792 Wdf01000 - ok
22:09:52.0951 5792 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
22:09:52.0978 5792 WdFilter - ok
22:09:53.0015 5792 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:09:53.0058 5792 WdiServiceHost - ok
22:09:53.0079 5792 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:09:53.0100 5792 WdiSystemHost - ok
22:09:53.0116 5792 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
22:09:53.0148 5792 WebClient - ok
22:09:53.0156 5792 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:09:53.0210 5792 Wecsvc - ok
22:09:53.0224 5792 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:09:53.0317 5792 wercplsupport - ok
22:09:53.0342 5792 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
22:09:53.0384 5792 WerSvc - ok
22:09:53.0423 5792 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
22:09:53.0444 5792 WFPLWFS - ok
22:09:53.0470 5792 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
22:09:53.0495 5792 WiaRpc - ok
22:09:53.0522 5792 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:09:53.0541 5792 WIMMount - ok
22:09:53.0559 5792 WinDefend - ok
22:09:53.0613 5792 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
22:09:53.0655 5792 WinHttpAutoProxySvc - ok
22:09:53.0713 5792 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:09:53.0755 5792 Winmgmt - ok
22:09:53.0857 5792 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
22:09:53.0968 5792 WinRM - ok
22:09:54.0025 5792 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
22:09:54.0087 5792 WlanSvc - ok
22:09:54.0150 5792 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
22:09:54.0246 5792 wlidsvc - ok
22:09:54.0271 5792 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
22:09:54.0290 5792 WmiAcpi - ok
22:09:54.0323 5792 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:09:54.0368 5792 wmiApSrv - ok
22:09:54.0395 5792 WMPNetworkSvc - ok
22:09:54.0417 5792 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
22:09:54.0444 5792 wpcfltr - ok
22:09:54.0461 5792 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:09:54.0494 5792 WPCSvc - ok
22:09:54.0517 5792 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:09:54.0542 5792 WPDBusEnum - ok
22:09:54.0553 5792 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
22:09:54.0586 5792 WpdUpFltr - ok
22:09:54.0618 5792 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:09:54.0637 5792 ws2ifsl - ok
22:09:54.0669 5792 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
22:09:54.0708 5792 wscsvc - ok
22:09:54.0715 5792 WSearch - ok
22:09:54.0789 5792 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
22:09:54.0944 5792 WSService - ok
22:09:55.0050 5792 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
22:09:55.0179 5792 wuauserv - ok
22:09:55.0209 5792 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:09:55.0237 5792 WudfPf - ok
22:09:55.0252 5792 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
22:09:55.0276 5792 WUDFRd - ok
22:09:55.0302 5792 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:09:55.0332 5792 wudfsvc - ok
22:09:55.0341 5792 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
22:09:55.0368 5792 WUDFWpdFs - ok
22:09:55.0423 5792 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:09:55.0462 5792 WwanSvc - ok
22:09:55.0487 5792 [ 342A8A4B8C85AD532451A5F1401D24CC ] ZAtheros Wlan Agent C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
22:09:55.0498 5792 ZAtheros Wlan Agent - ok
22:09:55.0523 5792 ================ Scan global ===============================
22:09:55.0566 5792 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
22:09:55.0596 5792 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
22:09:55.0626 5792 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
22:09:55.0659 5792 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
22:09:55.0666 5792 [Global] - ok
22:09:55.0667 5792 ================ Scan MBR ==================================
22:09:55.0676 5792 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:09:56.0122 5792 \Device\Harddisk0\DR0 - ok
22:09:56.0123 5792 ================ Scan VBR ==================================
22:09:56.0126 5792 [ 3368573F61837625E8BBD24CB927A17B ] \Device\Harddisk0\DR0\Partition1
22:09:56.0129 5792 \Device\Harddisk0\DR0\Partition1 - ok
22:09:56.0169 5792 [ 40D8BECA3CFEE53516F5C26074A35E0D ] \Device\Harddisk0\DR0\Partition2
22:09:56.0172 5792 \Device\Harddisk0\DR0\Partition2 - ok
22:09:56.0174 5792 ============================================================
22:09:56.0174 5792 Scan finished
22:09:56.0174 5792 ============================================================
22:09:56.0192 2028 Detected object count: 0
22:09:56.0192 2028 Actual detected object count: 0
|
|
21.01.2013, 14:27
| #4 |
| /// Malware-holic | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." hi, lade hitmanpro: HitmanPro - Download - Filepony doppelklick, lizenz, testlizenz scan, nichts löschen, auf weiter klicken, log als xml exportieren, anhängen, evtl. packen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 20:27
| #5 |
| | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." Sooo, dazu gekommen Hitman durchlaufen zu lassen, anbei die Log, wieder nichs gefunden  |
|
21.01.2013, 20:29
| #6 |
| /// Malware-holic | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." hi, die kookies kannst du erst mal löschen. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." |
|
21.01.2013, 20:42
| #7 |
| | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." Okay, hier die Programme, bin echt kurz davor einfach windows neu aufzusetzen -.- viel ist ja nich aufm rechner, aber die programme neu runterladen dauert immer so lange... |
|
21.01.2013, 21:54
| #8 |
| /// Malware-holic | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." hi na neu aufsetzen können wir auch, und sichern ihn dann richtig ab, mit backup etc. 1. Datenrettung:
ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
21.01.2013, 22:16
| #9 |
| | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." bin grade schon alles am sichern, treiber am runterladen und direkt das antiviren programm aufm stick am packen. System ist ein Acer V3-771g - original ausgeliefert mit linux, also stinknormale Windows 8 Pro Installation, ist ja kein Problem aber vielen dank für die Hilfe |
|
22.01.2013, 13:04
| #10 |
| /// Malware-holic | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." ok dann pc absichern: wir haben keine Anleitung für win8 direkt, aber das Meiste sollte passen. als antimalware programm würde ich emsisoft empfehlen. diese haben für mich den besten schutz kostet aber etwas. Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP testversion: Meine Antivirus-Empfehlung: Emsisoft Anti-Malware insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren. vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen. kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen. http://www.trojaner-board.de/110895-...antivirus.html sag mir welches du nutzt, dann gebe ich konfigurationshinweise. bitte dein bisheriges av deinstalieren die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch! http://www.trojaner-board.de/96344-a...-rechners.html Starte bitte mit der Passage, Windows Vista und Windows 7 Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist. aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen. als browser rate ich dir zu chrome: Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe anleitung lesen bitte falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen. Sandboxie Die devinition einer Sandbox ist hier nachzulesen: Sandbox Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen. Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen. Download Link: Sandboxie - Download - Filepony anleitung: http://www.trojaner-board.de/71542-a...sandboxie.html ausführliche anleitung als pdf, auch abarbeiten: Sandbox Einstellungen | bitte folgende zusatz konfiguration machen: sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen. dort klicke auf sandbox einstellungen. beschrenkungen, bei programm start und internet zugriff schreibe: chrome.exe dann gehe auf anwendungen, webbrowser, chrome. dort aktiviere alles außer gesammten profil ordner freigeben. Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen. Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate. Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten. Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten. Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar. Weiter mit: Maßnahmen für ALLE Windows-Versionen alles komplett durcharbeiten anmerkung zu file hippo. in den settings zusätzlich auswählen: hide beta updates. Run updateChecker when Windows starts Backup Programm: in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an: http://www.trojaner-board.de/82962-w...en-backup.html Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar. Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist. Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern bitte auch lesen, wie mache ich programme für alle sichtbar: Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox. wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird Sandboxie immer gestartet wenn du nen browser aufrufst. wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser passwort sicherheit: jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort bei der passwort verwaltung und erstellung hilft roboform Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager anleitung: RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
23.01.2013, 13:23
| #11 |
| | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." Hallo noch einmal, Danke für die umfangreiche Antwort, Mein antivirenprogramm ist Norton Interbet Security in der aktuellen Version, ist das nicht eigentlich auch gut? Backups werde ich wohl ab jetzt in angriff nehmen und naja passwort manager hört sich aich ganz gut an. |
|
23.01.2013, 13:26
| #12 |
| /// Malware-holic | "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." hi dann behalt norton, setze aber den Rest um.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu "Redirect-Virus" unter Windows 8 / "document has moved redirecting..." |
| adobe, adobe flash player, autorun, bho, down, explorer, firefox, flash player, focus, format, home, installation, internet, launch, logfile, mozilla, nvidia, nvidia update, nvpciflt.sys, origin, plug-in, programme, realtek, registry, safer networking, scan, security, software, symantec, system, windows, windows xp |
Linear-Darstellung
