Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser hat immer script akamaihd.net, Google Suche wird umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.02.2013, 16:44   #1
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Hallo Liebes Trojaner-Board Team,

ich habe leider seit einigen Tagen akamaihd.net in meinem Browser (Chrome) und das mittlerweile durch NotScript geblockt. Gestern habe ich den dummen Fehler gemacht ein angebliche APP für Chrome HD runterzuladen, habe einfach nicht nachgedacht und nachdem sich das ganze dann installiert hatte, hatte ich auch den Salat. Die Google suche wurde umgeleitet und ich habe Malewarebytes drüber laufen lassen, der auch etwas gefunden hat. Habe das dann damit gelöscht und gehofft, dass es weg ist. Die Suche wird zwar nicht mehr umgeleitet, aber ich denke, dass ich noch etwas im System habe und da ich sowieso dieses akamaihd.net Problem habe, melde ich mich.

Es wäre sehr nett wenn Ihr mir helfen würdet, aus diesem leider selbstverschuldeten Schlamassel wieder wieder herauszukommen. Vielen Dank schonmal im voraus.

Gruß,
Doderan

Alt 10.02.2013, 18:15   #2
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



hi

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 10.02.2013, 18:55   #3
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



OTLOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.02.2013 18:32:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,31% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,63 Gb Total Space | 20,81 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 180,25 Gb Total Space | 75,66 Gb Free Space | 41,97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 465,76 Gb Total Space | 75,14 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.10 18:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
PRC - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 17:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.06.23 10:41:28 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.22 16:31:31 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.10 11:37:07 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012.07.18 17:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 17:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.06.23 10:41:28 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe -- (WDCS_WNDA3200)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe -- (jswpsapi)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.18 17:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.07.18 17:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.18 17:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.07.08 13:31:00 | 000,035,840 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009.12.21 11:43:00 | 000,078,848 | ---- | M] (CSR, plc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bthav.sys -- (csr_a2dp)
DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.09 16:25:10 | 000,022,568 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2009.02.09 16:25:10 | 000,016,936 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2009.02.09 16:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
DRV:64bit: - [2008.05.15 02:28:50 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 8A 59 8B C1 06 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=749
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=7d6f3dad00000000000000ffdb1beaa7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 11:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.10 11:37:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.28 11:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2013.02.08 20:24:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.08 20:25:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Daniel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Movie2kDownloader = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: NotScripts for Chrome OS = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggelcmlddhfancdnejmjpjifkdohobkd\0.9.6.2_0\
CHR - Extension: Evernote Web = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23291BF4-AED3-4951-9A4C-B7B597AF8317}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED4502F8-C28A-41B2-B55A-A69637EE40E2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.08.26 19:33:30 | 001,851,934 | ---- | M] () - H:\autosave.save_multiplayer -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNDA3200 Smart Wizard.lnk - C:\PROGRA~2\NETGEAR\WNDA3200\WNDA32~1.EXE - (NETGEAR)
MsConfig:64bit - StartUpFolder: C:^Users^Daniel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.10 18:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013.02.09 14:19:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\DStipendium
[2013.02.09 13:39:56 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.09 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2013.02.09 13:37:16 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.09 13:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.09 13:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.09 13:37:04 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs
[2013.02.09 13:31:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.08 20:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.08 20:25:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.08 20:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.08 20:25:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Babylon
[2013.02.08 20:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.08 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie2KDownloader.com
[2013.02.08 20:24:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
[2013.02.08 20:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hdvidcodec.com
[2013.01.28 19:39:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.28 19:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.28 19:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.10 18:30:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe
[2013.02.10 18:10:17 | 000,001,051 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.10 17:49:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job
[2013.02.10 13:58:41 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job
[2013.02.10 13:27:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.10 13:27:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.10 13:27:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.10 13:27:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.10 13:27:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.10 12:31:59 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 12:31:59 | 000,022,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.10 12:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.10 12:15:42 | 3219,976,192 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.09 13:39:56 | 000,002,374 | ---- | M] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2013.02.04 22:47:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.31 14:36:59 | 000,058,708 | ---- | M] () -- C:\Users\Daniel\Desktop\Aktuell_steuer_checkliste.pdf
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.10 18:10:17 | 000,001,051 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.02.09 13:39:56 | 000,002,374 | ---- | C] () -- C:\Users\Daniel\Desktop\Google Chrome.lnk
[2013.02.09 13:39:05 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job
[2013.02.09 13:39:03 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job
[2013.02.04 22:47:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.01.31 14:28:08 | 000,058,708 | ---- | C] () -- C:\Users\Daniel\Desktop\Aktuell_steuer_checkliste.pdf
[2013.01.29 15:49:47 | 735,834,112 | ---- | C] () -- C:\Users\Daniel\Desktop\Wall-E.avi
[2012.08.28 10:40:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.08 20:25:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Babylon
[2013.02.10 18:20:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox
[2012.08.28 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\The Creative Assembly
[2012.08.28 11:10:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird
[2012.12.14 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TS3Client
[2012.09.01 21:16:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tunngle
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.10.27 13:18:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.08.28 11:36:02 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.11 11:45:49 | 000,000,000 | ---D | M] -- C:\cygwin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.09.01 20:32:08 | 000,000,000 | ---D | M] -- C:\IExp0.tmp
[2012.09.01 20:32:15 | 000,000,000 | ---D | M] -- C:\IExp1.tmp
[2012.10.25 17:55:39 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.13 22:09:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.09 13:37:16 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.09 14:05:49 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.08.28 10:46:57 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.10 18:33:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.07 17:04:27 | 000,000,000 | ---D | M] -- C:\temp
[2012.10.27 13:18:02 | 000,000,000 | R--D | M] -- C:\Users
[2012.09.07 17:03:35 | 000,000,000 | ---D | M] -- C:\VMWAD2
[2013.02.09 13:41:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.02.09 13:39:03 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job
[2013.02.09 13:39:05 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.02.10 18:32:29 | 001,572,864 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT
[2013.02.10 18:32:28 | 000,262,144 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG1
[2012.08.28 10:47:12 | 000,000,000 | -HS- | M] () -- C:\Users\Daniel\ntuser.dat.LOG2
[2012.08.28 11:33:32 | 000,065,536 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.08.28 11:33:32 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.08.28 11:33:32 | 000,524,288 | -HS- | M] () -- C:\Users\Daniel\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.08.28 10:47:12 | 000,000,020 | -HS- | M] () -- C:\Users\Daniel\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Extras:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.02.2013 18:32:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Daniel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,97 Gb Available Physical Memory | 74,31% Memory free
8,00 Gb Paging File | 6,77 Gb Available in Paging File | 84,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 52,63 Gb Total Space | 20,81 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 180,25 Gb Total Space | 75,66 Gb Free Space | 41,97% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive H: | 465,76 Gb Total Space | 75,14 Gb Free Space | 16,13% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021AAE48-CE94-43C1-B99D-9902360F91AC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0DFF8EC1-B781-4010-88BA-8E66B0F9F2C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{0F198480-BB10-47F0-94DA-7562619108DA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1343A03A-072D-47A5-8BE4-44E51213BF6E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{283D206D-8135-48E1-822E-18816D412411}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F3BD1EA-53E2-4294-A105-DF7EEEB6387B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31F6FFE5-088F-4BFF-A4AF-75491E392477}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33101252-3108-4DC5-BD91-BDD5111E7DE9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{37E9D4C7-A487-4269-A454-ECDB0A3AFD30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{402C4BB7-44B4-4ECA-8B55-4766FA1EFEF4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7124DD22-0DBF-4E3D-BE68-67BEB7C96162}" = lport=445 | protocol=6 | dir=in | app=system | 
"{72BA1D5A-0158-442F-A45B-7A88B664703D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7C704206-8D7C-4C86-AA71-F759B65D63BC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8EEE84E9-A4E1-4992-A278-24ACE56948CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A2475277-CA00-498C-A51F-6811ACB684FF}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A501F7A7-5F95-4467-B0E6-E6F9C99E0E1E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A60312DD-4095-47E8-86E3-2580449BB3E9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CF39F07B-4B64-4138-91E7-D59EA5981572}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D80FA614-9965-4E51-B420-1B5DFD7F08F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E2937125-86D1-4FE8-AF3A-825A0F84F54C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E2A488F4-F9F2-40B5-8844-827D596A2882}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{E3828FC7-E073-4BAC-AD20-1D24E9033361}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E752D28F-4D5D-4564-B4BF-5AB671C6D959}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0987EBF6-9D52-48EA-879B-A6224649BDBD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0AECF93A-97B5-42EF-B10A-78C65406FBF3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0F12AA4A-7270-4C85-B7DD-12D457F42505}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{125C0B33-592D-4A0F-9053-6710949A16D6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{16094D3F-F58E-48AB-A01B-86818DD713CA}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{1669ACB5-D2B9-427F-87A6-A25515C04A71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{20154B23-7EA2-4562-85D1-2A8B07D4541A}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{24D25C5A-3F73-4AFF-8907-35BED616928A}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"{2B26D8A2-21E2-46D6-A5AA-2FA85BF8658C}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{2B70AAB5-B188-4865-8E48-E9B61993F2CE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{30B8D30B-B424-47BF-876C-B742C897B84A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{36993BA9-84F9-4010-B6A7-4F28AF07687B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{37476ECA-51C1-4CEF-B9F0-3F622531DCCE}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{3AF6BA49-6997-4625-8D19-C567F83409B4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{432A7D8F-4E6C-4FC0-AF9F-76D4CA888B1B}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild ii\guildii.exe | 
"{49207771-8250-4355-B025-ED7CEECAFC72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4B34F38A-6191-4F6D-8A16-F85C19659B17}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{4CEE7BCE-1FB4-4FC2-A196-074F0A9E574D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52C1061F-783D-4C83-90A7-C2BE71BEECCE}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{5C1DEF57-4CA5-43A3-994D-53553CC955F3}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild ii\guildii.exe | 
"{5D03C1FC-25E7-492D-BFA1-B0DC58D39F01}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{61E0242B-941B-46E4-B340-0726CB72D3FC}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"{61EFB977-20FC-4618-8AEE-9B4353B28589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{69CBFA8F-DDC5-407A-8B7A-BB5C95CBAFF9}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{6A3AE7B0-BCC7-4F16-92C4-DBEA96D02F40}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{6BB1364F-22E9-499C-9DDD-DC7DCF827477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{704BCB8F-E124-4FA7-B536-826C2686B45E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{75D79E93-7084-48E8-B65A-45B45DBEA9B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{809317C2-4EC9-4A28-B3E9-432ECDD8279D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{85896174-AACE-4DB9-A9CC-B03D3D94AFC8}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{873D3C89-F816-4285-BF65-F4E8860251C1}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{8EABBA7C-CF11-4D86-8989-830E403F3BCF}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe | 
"{94CBEC12-27EE-4027-B4D6-ABDB522DAF4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9604A9AD-7F44-4E29-A50B-94CB5901FF69}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{98068359-1343-4378-8A93-8DC2BDABF542}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{9A7C0114-058F-4EF6-BB89-5B2A8AF90F5D}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{9AB62898-6CB9-4BEE-874A-830CB421ED4D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A182054B-B78E-487B-81E8-17DABD714B7D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A1B6B9C7-C5D9-436A-939F-30C71676A766}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A39C8A3E-2B0A-40AA-804F-CD84389E3AD7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A7B2414D-A455-4199-8466-E61CBE5D3C06}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\the guild ii - pirates of the european seas\guildii.exe | 
"{ABAFEAC6-942F-476D-A777-84B70F58AF2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD217864-709B-4F86-A6EF-35C7E399E006}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{AE76669C-442F-4403-A338-0F8E2FDE4420}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B62CA187-5CBE-4F87-B7B4-40B0BF296429}" = protocol=6 | dir=out | app=system | 
"{C5547689-0711-40B2-BAF4-595BEE3009D7}" = protocol=6 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{C5C9F833-CAEF-44FC-8F4D-762D1959397C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C6BCA721-3C73-47AD-806D-B6C572E28617}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{C852EBBC-FB28-42C0-A91E-2F94D4B1776E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{CC0DF56E-0ABE-49C8-9B94-C53447C0F99E}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{CE144149-993A-4AE3-9256-AD4EEB35D9B9}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{D63C8CDE-86E3-4379-A776-69B5FBF621E9}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{DE3C6543-8178-4BDB-9E25-C6E39FC30BA2}" = protocol=17 | dir=in | app=h:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{E7C45E55-FE38-4EBD-B8FB-634381CA0EA7}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E847C353-45E8-445B-98AC-77D83D312831}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EA280363-3188-495A-95F1-260EFA4F6D97}" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"{EEF87EF8-E4A9-4F0D-867B-6EBF1B9BAC8C}" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"{F0313DC8-6337-4F0E-B161-F2D7E23C3376}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{F6B54350-FC52-48CF-9E72-11F21E6A71C6}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{FBF8535C-9085-4E5C-8879-607335624409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0221207E-7DCF-4CEB-A844-947C15727F77}C:\users\daniel\downloads\gw2.exe" = protocol=6 | dir=in | app=c:\users\daniel\downloads\gw2.exe | 
"TCP Query User{1550E728-4FC7-4FBA-8D57-5487EA8541FE}D:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{381ACF05-C0C5-46CC-BFFC-5C9B7EE52715}H:\spiele\csserver\srcds.exe" = protocol=6 | dir=in | app=h:\spiele\csserver\srcds.exe | 
"TCP Query User{4D1374B7-B62F-4EA8-B035-D2516C4343D2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5133DE32-FA54-4EF6-A833-FCD3D335A1D7}H:\spiele\dungeon siege\dungeonsiege.exe" = protocol=6 | dir=in | app=h:\spiele\dungeon siege\dungeonsiege.exe | 
"TCP Query User{5333C006-14F4-4BC8-9D3F-94FAD4670619}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{597BBDEE-9129-4258-8B15-BCE4B0BD872D}H:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"TCP Query User{71A72B0B-2827-4E7A-AB36-7DB520783D61}F:\steam\steamapps\common\the guild 2 renaissance\guildii.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"TCP Query User{8377901E-83C3-415D-8B05-F3D3364E708D}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"TCP Query User{85C0B961-1A0A-42A8-B584-83C757EB401C}H:\steam\steam.exe" = protocol=6 | dir=in | app=h:\steam\steam.exe | 
"TCP Query User{91D6C390-0D53-428F-8E18-E7BBC280AC25}H:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=h:\guild wars 2\gw2.exe | 
"TCP Query User{97D77C52-E631-4856-A9F7-A469C9F2489D}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"TCP Query User{97F64444-28EF-4641-8A64-F0368C08675E}F:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=f:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{9924CB17-3CD6-4F06-ACD4-FEA161F4F9F2}H:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=6 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"TCP Query User{A63CAF71-F260-4F93-A259-673021F5136E}D:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{BA540D51-574E-43B3-A51C-B20AA7375DAB}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DFF28454-2D69-42D7-9573-17A5F076BAAD}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{00635860-2344-48B5-8924-D4422A558C0A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{030E5357-95C3-4117-A4E1-FD991D2E0C51}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{18693CA1-5971-4B4E-8230-BB344EF54F62}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"UDP Query User{1A767B38-A3BE-4199-BF6E-A450608635F6}F:\steam\steamapps\common\the guild 2 renaissance\guildii.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\the guild 2 renaissance\guildii.exe | 
"UDP Query User{2835BA67-9A40-4B5B-83B0-85D4B3942A18}H:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe | 
"UDP Query User{4D329617-75FC-4334-91DD-09AA2DFCD20C}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{66EB2597-367D-4850-BEA6-3ECE3DDE62E3}H:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe" = protocol=17 | dir=in | app=h:\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"UDP Query User{751D37AE-6CCF-4B3C-AFF6-82E805ECB4B7}D:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\cod4 mit mp\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{758F14AF-326A-4DAC-B707-9E386ACAB03B}C:\users\daniel\downloads\gw2.exe" = protocol=17 | dir=in | app=c:\users\daniel\downloads\gw2.exe | 
"UDP Query User{8346C5F2-330F-4E0B-B069-5B3A2DED1EE1}H:\spiele\csserver\srcds.exe" = protocol=17 | dir=in | app=h:\spiele\csserver\srcds.exe | 
"UDP Query User{ADCA620E-573D-4287-8166-9D31D6D6FCCA}H:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=h:\guild wars 2\gw2.exe | 
"UDP Query User{B44B764D-23A5-4334-8DDB-4DFA12A8F334}F:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=f:\spiele\call of duty\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{D371473C-DE35-42B8-A43B-B0BBFEC962E7}D:\spiele\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\spiele\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{DC947AFC-9A94-42C0-A29F-600274D3A947}H:\steam\steam.exe" = protocol=17 | dir=in | app=h:\steam\steam.exe | 
"UDP Query User{E93A679A-5FCD-4BA4-AC71-ACF3F53A42BA}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | 
"UDP Query User{F89CEDB9-C0D1-4151-9219-05F7A04DD578}H:\spiele\dungeon siege\dungeonsiege.exe" = protocol=17 | dir=in | app=h:\spiele\dungeon siege\dungeonsiege.exe | 
"UDP Query User{FC657A8F-A5A3-4A05-835A-CE70C9CAF273}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{6096E25F-A431-4C1F-9442-E7AA0C1A730B}" = Virgin Media
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{DFF82CF1-E9A1-473C-9288-28F0A472FCA0}" = Virgin Media
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = HDVidCodec
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DungeonSiege 1.0" = Dungeon Siege
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Steam App 8930" = Sid Meier's Civilization V
"Tunngle beta_is1" = Tunngle beta
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Guild Wars" = GUILD WARS
"Zipeg" = Zipeg
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2013 14:26:34 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2013 15:14:08 | Computer Name = Daniel-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 08.02.2013 15:20:40 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 07:53:19 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 08:36:30 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\M9JQC7EJ\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 09.02.2013 08:36:33 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\M9JQC7EJ\SoftonicDownloader_fuer_malwarebytes-anti-malware.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 09.02.2013 09:07:42 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.02.2013 11:00:37 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2013 07:17:32 | Computer Name = Daniel-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.02.2013 07:33:01 | Computer Name = Daniel-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 09.02.2013 18:43:46 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:44:15 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:44:19 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:44:24 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:45:27 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:45:28 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 18:45:45 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 09.02.2013 21:41:02 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.02.2013 07:15:49 | Computer Name = Daniel-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 10.02.2013 07:15:49 | Computer Name = Daniel-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---


Danke,

Doderan
__________________

Alt 10.02.2013, 19:33   #4
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.02.2013, 16:31   #5
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Report:
16:25:01.0626 3896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:25:01.0704 3896 ============================================================
16:25:01.0704 3896 Current date / time: 2013/02/11 16:25:01.0704
16:25:01.0704 3896 SystemInfo:
16:25:01.0704 3896
16:25:01.0704 3896 OS Version: 6.1.7601 ServicePack: 1.0
16:25:01.0704 3896 Product type: Workstation
16:25:01.0704 3896 ComputerName: DANIEL-PC
16:25:01.0704 3896 UserName: Daniel
16:25:01.0704 3896 Windows directory: C:\Windows
16:25:01.0704 3896 System windows directory: C:\Windows
16:25:01.0704 3896 Running under WOW64
16:25:01.0704 3896 Processor architecture: Intel x64
16:25:01.0704 3896 Number of processors: 2
16:25:01.0704 3896 Page size: 0x1000
16:25:01.0704 3896 Boot type: Normal boot
16:25:01.0704 3896 ============================================================
16:25:03.0311 3896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:03.0311 3896 ============================================================
16:25:03.0311 3896 \Device\Harddisk0\DR0:
16:25:03.0311 3896 MBR partitions:
16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6944DD8
16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6944E17, BlocksNum 0x1687F76A
16:25:03.0311 3896 ============================================================
16:25:03.0327 3896 C: <-> \Device\Harddisk0\DR0\Partition1
16:25:03.0405 3896 D: <-> \Device\Harddisk0\DR0\Partition2
16:25:03.0405 3896 ============================================================
16:25:03.0405 3896 Initialize success
16:25:03.0405 3896 ============================================================
16:25:07.0820 1944 ============================================================
16:25:07.0820 1944 Scan started
16:25:07.0820 1944 Mode: Manual; SigCheck; TDLFS;
16:25:07.0820 1944 ============================================================
16:25:09.0380 1944 ================ Scan system memory ========================
16:25:09.0380 1944 System memory - ok
16:25:09.0380 1944 ================ Scan services =============================
16:25:09.0567 1944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:25:09.0660 1944 1394ohci - ok
16:25:09.0692 1944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:25:09.0707 1944 ACPI - ok
16:25:09.0754 1944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:25:09.0848 1944 AcpiPmi - ok
16:25:09.0910 1944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:25:09.0941 1944 adp94xx - ok
16:25:09.0957 1944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:25:09.0988 1944 adpahci - ok
16:25:10.0004 1944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:25:10.0019 1944 adpu320 - ok
16:25:10.0035 1944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:25:10.0206 1944 AeLookupSvc - ok
16:25:10.0269 1944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:25:10.0331 1944 AFD - ok
16:25:10.0378 1944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:25:10.0394 1944 agp440 - ok
16:25:10.0425 1944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:25:10.0487 1944 ALG - ok
16:25:10.0503 1944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:25:10.0518 1944 aliide - ok
16:25:10.0565 1944 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:25:10.0628 1944 AMD External Events Utility - ok
16:25:10.0659 1944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:25:10.0674 1944 amdide - ok
16:25:10.0690 1944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:25:10.0721 1944 AmdK8 - ok
16:25:10.0737 1944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:25:10.0768 1944 AmdPPM - ok
16:25:10.0815 1944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:25:10.0830 1944 amdsata - ok
16:25:10.0862 1944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:25:10.0893 1944 amdsbs - ok
16:25:10.0908 1944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:25:10.0924 1944 amdxata - ok
16:25:10.0986 1944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:25:11.0018 1944 AntiVirSchedulerService - ok
16:25:11.0064 1944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:25:11.0142 1944 AntiVirService - ok
16:25:11.0220 1944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:25:11.0267 1944 AppID - ok
16:25:11.0298 1944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:25:11.0345 1944 AppIDSvc - ok
16:25:11.0392 1944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:25:11.0454 1944 Appinfo - ok
16:25:11.0486 1944 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:25:11.0548 1944 AppMgmt - ok
16:25:11.0548 1944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:25:11.0579 1944 arc - ok
16:25:11.0610 1944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:25:11.0626 1944 arcsas - ok
16:25:11.0657 1944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:11.0704 1944 AsyncMac - ok
16:25:11.0720 1944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:25:11.0735 1944 atapi - ok
16:25:11.0907 1944 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:25:12.0110 1944 atikmdag - ok
16:25:12.0156 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:25:12.0234 1944 AudioEndpointBuilder - ok
16:25:12.0266 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:25:12.0297 1944 AudioSrv - ok
16:25:12.0375 1944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:25:12.0422 1944 avgntflt - ok
16:25:12.0468 1944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:25:12.0484 1944 avipbb - ok
16:25:12.0515 1944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:25:12.0531 1944 avkmgr - ok
16:25:12.0578 1944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:25:12.0656 1944 AxInstSV - ok
16:25:12.0718 1944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:25:12.0765 1944 b06bdrv - ok
16:25:12.0827 1944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:12.0858 1944 b57nd60a - ok
16:25:12.0921 1944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:25:12.0952 1944 BDESVC - ok
16:25:12.0968 1944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:25:13.0014 1944 Beep - ok
16:25:13.0077 1944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:25:13.0155 1944 BFE - ok
16:25:13.0202 1944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:25:13.0295 1944 BITS - ok
16:25:13.0342 1944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:13.0373 1944 blbdrive - ok
16:25:13.0404 1944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:25:13.0436 1944 bowser - ok
16:25:13.0467 1944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:25:13.0498 1944 BrFiltLo - ok
16:25:13.0498 1944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:25:13.0514 1944 BrFiltUp - ok
16:25:13.0576 1944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:25:13.0607 1944 Browser - ok
16:25:13.0638 1944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:25:13.0701 1944 Brserid - ok
16:25:13.0701 1944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:13.0732 1944 BrSerWdm - ok
16:25:13.0732 1944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:13.0763 1944 BrUsbMdm - ok
16:25:13.0763 1944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:13.0779 1944 BrUsbSer - ok
16:25:13.0826 1944 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:25:13.0872 1944 BthEnum - ok
16:25:13.0872 1944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:25:13.0904 1944 BTHMODEM - ok
16:25:13.0919 1944 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:25:13.0950 1944 BthPan - ok
16:25:13.0997 1944 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:25:14.0044 1944 BTHPORT - ok
16:25:14.0075 1944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:25:14.0122 1944 bthserv - ok
16:25:14.0138 1944 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:25:14.0169 1944 BTHUSB - ok
16:25:14.0216 1944 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:25:14.0231 1944 BVRPMPR5a64 - ok
16:25:14.0278 1944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:25:14.0325 1944 cdfs - ok
16:25:14.0387 1944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:25:14.0403 1944 cdrom - ok
16:25:14.0465 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:25:14.0528 1944 CertPropSvc - ok
16:25:14.0543 1944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:25:14.0574 1944 circlass - ok
16:25:14.0606 1944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:25:14.0637 1944 CLFS - ok
16:25:14.0699 1944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:14.0715 1944 clr_optimization_v2.0.50727_32 - ok
16:25:14.0793 1944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:14.0808 1944 clr_optimization_v2.0.50727_64 - ok
16:25:14.0902 1944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:14.0902 1944 clr_optimization_v4.0.30319_32 - ok
16:25:14.0949 1944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:25:14.0949 1944 clr_optimization_v4.0.30319_64 - ok
16:25:14.0996 1944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:15.0027 1944 CmBatt - ok
16:25:15.0027 1944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:25:15.0042 1944 cmdide - ok
16:25:15.0089 1944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:25:15.0136 1944 CNG - ok
16:25:15.0167 1944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:25:15.0183 1944 Compbatt - ok
16:25:15.0198 1944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:15.0230 1944 CompositeBus - ok
16:25:15.0245 1944 COMSysApp - ok
16:25:15.0261 1944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:25:15.0276 1944 crcdisk - ok
16:25:15.0323 1944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:25:15.0354 1944 CryptSvc - ok
16:25:15.0370 1944 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:25:15.0448 1944 CSC - ok
16:25:15.0479 1944 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:25:15.0542 1944 CscService - ok
16:25:15.0588 1944 [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp C:\Windows\system32\drivers\bthav.sys
16:25:15.0635 1944 csr_a2dp - ok
16:25:15.0682 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:25:15.0713 1944 DcomLaunch - ok
16:25:15.0744 1944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:25:15.0807 1944 defragsvc - ok
16:25:15.0838 1944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:25:15.0885 1944 DfsC - ok
16:25:15.0932 1944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:25:15.0978 1944 Dhcp - ok
16:25:15.0994 1944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:25:16.0025 1944 discache - ok
16:25:16.0088 1944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:25:16.0103 1944 Disk - ok
16:25:16.0134 1944 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:25:16.0166 1944 dmvsc - ok
16:25:16.0212 1944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:25:16.0244 1944 Dnscache - ok
16:25:16.0275 1944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:25:16.0322 1944 dot3svc - ok
16:25:16.0353 1944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:25:16.0384 1944 DPS - ok
16:25:16.0431 1944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:25:16.0446 1944 drmkaud - ok
16:25:16.0493 1944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:25:16.0524 1944 DXGKrnl - ok
16:25:16.0571 1944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:25:16.0618 1944 EapHost - ok
16:25:16.0712 1944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:25:16.0852 1944 ebdrv - ok
16:25:16.0883 1944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:25:16.0930 1944 EFS - ok
16:25:16.0977 1944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:25:17.0055 1944 ehRecvr - ok
16:25:17.0070 1944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:25:17.0102 1944 ehSched - ok
16:25:17.0164 1944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:25:17.0195 1944 elxstor - ok
16:25:17.0211 1944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:25:17.0226 1944 ErrDev - ok
16:25:17.0273 1944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:25:17.0336 1944 EventSystem - ok
16:25:17.0382 1944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:25:17.0445 1944 exfat - ok
16:25:17.0492 1944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:25:17.0538 1944 fastfat - ok
16:25:17.0601 1944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:25:17.0648 1944 Fax - ok
16:25:17.0648 1944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:25:17.0663 1944 fdc - ok
16:25:17.0710 1944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:25:17.0741 1944 fdPHost - ok
16:25:17.0741 1944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:25:17.0788 1944 FDResPub - ok
16:25:17.0835 1944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:25:17.0850 1944 FileInfo - ok
16:25:17.0850 1944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:25:17.0897 1944 Filetrace - ok
16:25:17.0913 1944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:25:17.0928 1944 flpydisk - ok
16:25:17.0944 1944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:25:17.0975 1944 FltMgr - ok
16:25:18.0038 1944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:25:18.0100 1944 FontCache - ok
16:25:18.0162 1944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:18.0178 1944 FontCache3.0.0.0 - ok
16:25:18.0209 1944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:25:18.0225 1944 FsDepends - ok
16:25:18.0256 1944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:25:18.0272 1944 Fs_Rec - ok
16:25:18.0287 1944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:25:18.0303 1944 fvevol - ok
16:25:18.0334 1944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:25:18.0350 1944 gagp30kx - ok
16:25:18.0396 1944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:25:18.0443 1944 gpsvc - ok
16:25:18.0459 1944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:25:18.0506 1944 hcw85cir - ok
16:25:18.0552 1944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:18.0615 1944 HdAudAddService - ok
16:25:18.0646 1944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:18.0662 1944 HDAudBus - ok
16:25:18.0677 1944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:25:18.0693 1944 HidBatt - ok
16:25:18.0708 1944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:25:18.0724 1944 HidBth - ok
16:25:18.0755 1944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:25:18.0771 1944 HidIr - ok
16:25:18.0802 1944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:25:18.0833 1944 hidserv - ok
16:25:18.0880 1944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:25:18.0896 1944 HidUsb - ok
16:25:18.0911 1944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:25:18.0958 1944 hkmsvc - ok
16:25:18.0989 1944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:25:19.0020 1944 HomeGroupListener - ok
16:25:19.0036 1944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:25:19.0067 1944 HomeGroupProvider - ok
16:25:19.0098 1944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:25:19.0114 1944 HpSAMD - ok
16:25:19.0161 1944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:25:19.0223 1944 HTTP - ok
16:25:19.0254 1944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:25:19.0270 1944 hwpolicy - ok
16:25:19.0270 1944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:19.0286 1944 i8042prt - ok
16:25:19.0317 1944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:25:19.0364 1944 iaStorV - ok
16:25:19.0410 1944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:19.0473 1944 idsvc - ok
16:25:19.0488 1944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:25:19.0504 1944 iirsp - ok
16:25:19.0535 1944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:25:19.0613 1944 IKEEXT - ok
16:25:19.0754 1944 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:25:19.0816 1944 IntcAzAudAddService - ok
16:25:19.0832 1944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:25:19.0847 1944 intelide - ok
16:25:19.0878 1944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:25:19.0894 1944 intelppm - ok
16:25:19.0910 1944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:25:19.0956 1944 IPBusEnum - ok
16:25:19.0972 1944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:20.0003 1944 IpFilterDriver - ok
16:25:20.0050 1944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:25:20.0097 1944 iphlpsvc - ok
16:25:20.0112 1944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:25:20.0128 1944 IPMIDRV - ok
16:25:20.0144 1944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:25:20.0190 1944 IPNAT - ok
16:25:20.0206 1944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:25:20.0237 1944 IRENUM - ok
16:25:20.0253 1944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:25:20.0268 1944 isapnp - ok
16:25:20.0284 1944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:25:20.0300 1944 iScsiPrt - ok
16:25:20.0393 1944 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe
16:25:20.0456 1944 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
16:25:20.0456 1944 jswpsapi - detected UnsignedFile.Multi.Generic (1)
16:25:20.0487 1944 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
16:25:20.0534 1944 JSWPSLWF - ok
16:25:20.0549 1944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:20.0565 1944 kbdclass - ok
16:25:20.0612 1944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:20.0643 1944 kbdhid - ok
16:25:20.0658 1944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:25:20.0674 1944 KeyIso - ok
16:25:20.0736 1944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:25:20.0752 1944 KSecDD - ok
16:25:20.0768 1944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:25:20.0799 1944 KSecPkg - ok
16:25:20.0799 1944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:25:20.0861 1944 ksthunk - ok
16:25:20.0892 1944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:25:20.0924 1944 KtmRm - ok
16:25:20.0970 1944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:25:21.0017 1944 LanmanServer - ok
16:25:21.0064 1944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:21.0111 1944 LanmanWorkstation - ok
16:25:21.0142 1944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:25:21.0189 1944 lltdio - ok
16:25:21.0236 1944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:25:21.0298 1944 lltdsvc - ok
16:25:21.0360 1944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:25:21.0407 1944 lmhosts - ok
16:25:21.0423 1944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:25:21.0438 1944 LSI_FC - ok
16:25:21.0485 1944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:25:21.0501 1944 LSI_SAS - ok
16:25:21.0516 1944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:25:21.0532 1944 LSI_SAS2 - ok
16:25:21.0548 1944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:25:21.0563 1944 LSI_SCSI - ok
16:25:21.0579 1944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:25:21.0626 1944 luafv - ok
16:25:21.0657 1944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:25:21.0719 1944 Mcx2Svc - ok
16:25:21.0735 1944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:25:21.0750 1944 megasas - ok
16:25:21.0797 1944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:25:21.0828 1944 MegaSR - ok
16:25:21.0844 1944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:25:21.0891 1944 MMCSS - ok
16:25:21.0891 1944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:25:21.0938 1944 Modem - ok
16:25:21.0953 1944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:25:21.0984 1944 monitor - ok
16:25:22.0016 1944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:25:22.0031 1944 mouclass - ok
16:25:22.0078 1944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:25:22.0109 1944 mouhid - ok
16:25:22.0125 1944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:25:22.0140 1944 mountmgr - ok
16:25:22.0218 1944 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:22.0234 1944 MozillaMaintenance - ok
16:25:22.0250 1944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:25:22.0265 1944 mpio - ok
16:25:22.0281 1944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:25:22.0328 1944 mpsdrv - ok
16:25:22.0359 1944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:25:22.0421 1944 MpsSvc - ok
16:25:22.0452 1944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:25:22.0484 1944 MRxDAV - ok
16:25:22.0515 1944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:22.0546 1944 mrxsmb - ok
16:25:22.0577 1944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:22.0593 1944 mrxsmb10 - ok
16:25:22.0624 1944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:22.0640 1944 mrxsmb20 - ok
16:25:22.0671 1944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:25:22.0686 1944 msahci - ok
16:25:22.0718 1944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:25:22.0733 1944 msdsm - ok
16:25:22.0796 1944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:25:22.0827 1944 MSDTC - ok
16:25:22.0889 1944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:25:22.0936 1944 Msfs - ok
16:25:22.0952 1944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:25:22.0998 1944 mshidkmdf - ok
16:25:23.0014 1944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:25:23.0030 1944 msisadrv - ok
16:25:23.0061 1944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:25:23.0092 1944 MSiSCSI - ok
16:25:23.0108 1944 msiserver - ok
16:25:23.0123 1944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:25:23.0186 1944 MSKSSRV - ok
16:25:23.0217 1944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:23.0264 1944 MSPCLOCK - ok
16:25:23.0279 1944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:25:23.0326 1944 MSPQM - ok
16:25:23.0342 1944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:25:23.0373 1944 MsRPC - ok
16:25:23.0388 1944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:23.0404 1944 mssmbios - ok
16:25:23.0435 1944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:25:23.0498 1944 MSTEE - ok
16:25:23.0513 1944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:25:23.0544 1944 MTConfig - ok
16:25:23.0560 1944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:25:23.0576 1944 Mup - ok
16:25:23.0591 1944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:25:23.0669 1944 napagent - ok
16:25:23.0700 1944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:25:23.0732 1944 NativeWifiP - ok
16:25:23.0778 1944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:25:23.0825 1944 NDIS - ok
16:25:23.0841 1944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:23.0872 1944 NdisCap - ok
16:25:23.0903 1944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:23.0934 1944 NdisTapi - ok
16:25:23.0950 1944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:23.0997 1944 Ndisuio - ok
16:25:24.0028 1944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:24.0075 1944 NdisWan - ok
16:25:24.0090 1944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:25:24.0122 1944 NDProxy - ok
16:25:24.0137 1944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:25:24.0184 1944 NetBIOS - ok
16:25:24.0215 1944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:25:24.0246 1944 NetBT - ok
16:25:24.0262 1944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:25:24.0278 1944 Netlogon - ok
16:25:24.0324 1944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:25:24.0371 1944 Netman - ok
16:25:24.0387 1944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:25:24.0434 1944 netprofm - ok
16:25:24.0465 1944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:24.0480 1944 NetTcpPortSharing - ok
16:25:24.0652 1944 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:25:24.0855 1944 netw5v64 - ok
16:25:24.0902 1944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:25:24.0917 1944 nfrd960 - ok
16:25:24.0995 1944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:25:25.0026 1944 NlaSvc - ok
16:25:25.0042 1944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:25:25.0073 1944 Npfs - ok
16:25:25.0089 1944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:25:25.0120 1944 nsi - ok
16:25:25.0120 1944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:25:25.0167 1944 nsiproxy - ok
16:25:25.0229 1944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:25:25.0354 1944 Ntfs - ok
16:25:25.0370 1944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:25:25.0416 1944 Null - ok
16:25:25.0463 1944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:25:25.0479 1944 nvraid - ok
16:25:25.0494 1944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:25:25.0510 1944 nvstor - ok
16:25:25.0526 1944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:25:25.0541 1944 nv_agp - ok
16:25:25.0744 1944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:25:25.0775 1944 odserv - ok
16:25:25.0806 1944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:25:25.0838 1944 ohci1394 - ok
16:25:25.0900 1944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:25.0916 1944 ose - ok
16:25:25.0947 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:25:26.0009 1944 p2pimsvc - ok
16:25:26.0025 1944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:25:26.0072 1944 p2psvc - ok
16:25:26.0103 1944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:25:26.0118 1944 Parport - ok
16:25:26.0150 1944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:25:26.0165 1944 partmgr - ok
16:25:26.0196 1944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:25:26.0259 1944 PcaSvc - ok
16:25:26.0274 1944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:25:26.0290 1944 pci - ok
16:25:26.0306 1944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:25:26.0321 1944 pciide - ok
16:25:26.0337 1944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:25:26.0352 1944 pcmcia - ok
16:25:26.0368 1944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:25:26.0384 1944 pcw - ok
16:25:26.0415 1944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:25:26.0493 1944 PEAUTH - ok
16:25:26.0618 1944 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:25:26.0696 1944 PeerDistSvc - ok
16:25:26.0774 1944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:25:26.0805 1944 PerfHost - ok
16:25:26.0867 1944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:25:26.0961 1944 pla - ok
16:25:27.0023 1944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:25:27.0101 1944 PlugPlay - ok
16:25:27.0117 1944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:25:27.0148 1944 PNRPAutoReg - ok
16:25:27.0164 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:25:27.0179 1944 PNRPsvc - ok
16:25:27.0226 1944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:25:27.0288 1944 PolicyAgent - ok
16:25:27.0304 1944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:25:27.0382 1944 Power - ok
16:25:27.0413 1944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:25:27.0444 1944 PptpMiniport - ok
16:25:27.0460 1944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:25:27.0491 1944 Processor - ok
16:25:27.0538 1944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:25:27.0569 1944 ProfSvc - ok
16:25:27.0569 1944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:27.0585 1944 ProtectedStorage - ok
16:25:27.0616 1944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:25:27.0678 1944 Psched - ok
16:25:27.0741 1944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:25:27.0819 1944 ql2300 - ok
16:25:27.0866 1944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:25:27.0881 1944 ql40xx - ok
16:25:27.0944 1944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:25:27.0975 1944 QWAVE - ok
16:25:28.0006 1944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:25:28.0037 1944 QWAVEdrv - ok
16:25:28.0053 1944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:25:28.0084 1944 RasAcd - ok
16:25:28.0115 1944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:28.0146 1944 RasAgileVpn - ok
16:25:28.0162 1944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:25:28.0209 1944 RasAuto - ok
16:25:28.0224 1944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:28.0271 1944 Rasl2tp - ok
16:25:28.0287 1944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:25:28.0334 1944 RasMan - ok
16:25:28.0349 1944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:28.0412 1944 RasPppoe - ok
16:25:28.0427 1944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:25:28.0474 1944 RasSstp - ok
16:25:28.0490 1944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:25:28.0552 1944 rdbss - ok
16:25:28.0568 1944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:28.0630 1944 rdpbus - ok
16:25:28.0646 1944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:28.0677 1944 RDPCDD - ok
16:25:28.0724 1944 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:25:28.0739 1944 RDPDR - ok
16:25:28.0755 1944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:25:28.0817 1944 RDPENCDD - ok
16:25:28.0833 1944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:25:28.0880 1944 RDPREFMP - ok
16:25:28.0926 1944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:25:28.0958 1944 RDPWD - ok
16:25:29.0004 1944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:25:29.0020 1944 rdyboost - ok
16:25:29.0051 1944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:25:29.0129 1944 RemoteAccess - ok
16:25:29.0145 1944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:25:29.0192 1944 RemoteRegistry - ok
16:25:29.0238 1944 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:29.0270 1944 RFCOMM - ok
16:25:29.0301 1944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:25:29.0348 1944 RpcEptMapper - ok
16:25:29.0363 1944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:25:29.0410 1944 RpcLocator - ok
16:25:29.0441 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:25:29.0472 1944 RpcSs - ok
16:25:29.0550 1944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:25:29.0582 1944 rspndr - ok
16:25:29.0628 1944 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:25:29.0644 1944 RTL8167 - ok
16:25:29.0738 1944 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:25:29.0784 1944 s3cap - ok
16:25:29.0800 1944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:25:29.0816 1944 SamSs - ok
16:25:29.0847 1944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:25:29.0862 1944 sbp2port - ok
16:25:29.0894 1944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:25:29.0940 1944 SCardSvr - ok
16:25:29.0956 1944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:25:30.0018 1944 scfilter - ok
16:25:30.0065 1944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:25:30.0128 1944 Schedule - ok
16:25:30.0159 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:25:30.0190 1944 SCPolicySvc - ok
16:25:30.0268 1944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:25:30.0362 1944 SDRSVC - ok
16:25:30.0377 1944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:25:30.0424 1944 secdrv - ok
16:25:30.0440 1944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:25:30.0471 1944 seclogon - ok
16:25:30.0486 1944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:25:30.0533 1944 SENS - ok
16:25:30.0549 1944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:25:30.0611 1944 SensrSvc - ok
16:25:30.0627 1944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:25:30.0658 1944 Serenum - ok
16:25:30.0705 1944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:25:30.0736 1944 Serial - ok
16:25:30.0752 1944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:25:30.0767 1944 sermouse - ok
16:25:30.0798 1944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:25:30.0845 1944 SessionEnv - ok
16:25:30.0845 1944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:25:30.0861 1944 sffdisk - ok
16:25:30.0876 1944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:25:30.0908 1944 sffp_mmc - ok
16:25:30.0908 1944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:25:30.0923 1944 sffp_sd - ok
16:25:30.0923 1944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:25:30.0954 1944 sfloppy - ok
16:25:30.0986 1944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:25:31.0064 1944 SharedAccess - ok
16:25:31.0110 1944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:31.0157 1944 ShellHWDetection - ok
16:25:31.0204 1944 [ 1B731AE02FC0C1CCDC4B7D32FCC95660 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
16:25:31.0220 1944 Si3531 - ok
16:25:31.0235 1944 [ 8574809375C8147CC9B6A62822018FD6 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
16:25:31.0235 1944 SiFilter - ok
16:25:31.0251 1944 [ E7B586131C8C417691E303C511C3563B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
16:25:31.0266 1944 SiRemFil - ok
16:25:31.0282 1944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:25:31.0298 1944 SiSRaid2 - ok
16:25:31.0329 1944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:25:31.0344 1944 SiSRaid4 - ok
16:25:31.0391 1944 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:31.0438 1944 SkypeUpdate - ok
16:25:31.0469 1944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:25:31.0516 1944 Smb - ok
16:25:31.0578 1944 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\Windows\system32\DRIVERS\SmSerl64.sys
16:25:31.0641 1944 smserial - ok
16:25:31.0656 1944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:25:31.0688 1944 SNMPTRAP - ok
16:25:31.0719 1944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:25:31.0734 1944 spldr - ok
16:25:31.0766 1944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:25:31.0812 1944 Spooler - ok
16:25:31.0890 1944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:25:32.0046 1944 sppsvc - ok
16:25:32.0062 1944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:25:32.0093 1944 sppuinotify - ok
16:25:32.0140 1944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:25:32.0187 1944 srv - ok
16:25:32.0218 1944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:25:32.0280 1944 srv2 - ok
16:25:32.0327 1944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:25:32.0405 1944 srvnet - ok
16:25:32.0452 1944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:25:32.0483 1944 SSDPSRV - ok
16:25:32.0514 1944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:25:32.0546 1944 SstpSvc - ok
16:25:32.0592 1944 Steam Client Service - ok
16:25:32.0608 1944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:25:32.0624 1944 stexstor - ok
16:25:32.0686 1944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:25:32.0748 1944 stisvc - ok
16:25:32.0764 1944 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:25:32.0780 1944 storflt - ok
16:25:32.0795 1944 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:25:32.0842 1944 StorSvc - ok
16:25:32.0858 1944 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:25:32.0873 1944 storvsc - ok
16:25:32.0889 1944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:25:32.0904 1944 swenum - ok
16:25:32.0951 1944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:25:32.0998 1944 swprv - ok
16:25:33.0092 1944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:25:33.0170 1944 SysMain - ok
16:25:33.0185 1944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:33.0216 1944 TabletInputService - ok
16:25:33.0279 1944 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
16:25:33.0326 1944 tap0901t ( UnsignedFile.Multi.Generic ) - warning
16:25:33.0326 1944 tap0901t - detected UnsignedFile.Multi.Generic (1)
16:25:33.0357 1944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:25:33.0419 1944 TapiSrv - ok
16:25:33.0435 1944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:25:33.0466 1944 TBS - ok
16:25:33.0528 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:25:33.0669 1944 Tcpip - ok
16:25:33.0731 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:25:33.0762 1944 TCPIP6 - ok
16:25:33.0794 1944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:25:33.0809 1944 tcpipreg - ok
16:25:33.0825 1944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:25:33.0856 1944 TDPIPE - ok
16:25:33.0872 1944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:25:33.0903 1944 TDTCP - ok
16:25:33.0934 1944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:25:33.0981 1944 tdx - ok
16:25:33.0996 1944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:25:34.0012 1944 TermDD - ok
16:25:34.0059 1944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:25:34.0152 1944 TermService - ok
16:25:34.0168 1944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:25:34.0199 1944 Themes - ok
16:25:34.0215 1944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:25:34.0246 1944 THREADORDER - ok
16:25:34.0293 1944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:25:34.0340 1944 TrkWks - ok
16:25:34.0371 1944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:34.0402 1944 TrustedInstaller - ok
16:25:34.0449 1944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:34.0511 1944 tssecsrv - ok
16:25:34.0558 1944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:25:34.0589 1944 TsUsbFlt - ok
16:25:34.0605 1944 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:25:34.0636 1944 TsUsbGD - ok
16:25:34.0667 1944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:25:34.0730 1944 tunnel - ok
16:25:34.0808 1944 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
16:25:34.0917 1944 TunngleService ( UnsignedFile.Multi.Generic ) - warning
16:25:34.0917 1944 TunngleService - detected UnsignedFile.Multi.Generic (1)
16:25:34.0948 1944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:25:34.0964 1944 uagp35 - ok
16:25:34.0979 1944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:25:35.0042 1944 udfs - ok
16:25:35.0104 1944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:25:35.0120 1944 UI0Detect - ok
16:25:35.0151 1944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:25:35.0166 1944 uliagpkx - ok
16:25:35.0182 1944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:25:35.0213 1944 umbus - ok
16:25:35.0229 1944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:25:35.0260 1944 UmPass - ok
16:25:35.0276 1944 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:25:35.0322 1944 UmRdpService - ok
16:25:35.0369 1944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:25:35.0416 1944 upnphost - ok
16:25:35.0478 1944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:25:35.0510 1944 usbaudio - ok
16:25:35.0556 1944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:35.0603 1944 usbccgp - ok
16:25:35.0666 1944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:25:35.0681 1944 usbcir - ok
16:25:35.0712 1944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:25:35.0728 1944 usbehci - ok
16:25:35.0759 1944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:25:35.0790 1944 usbhub - ok
16:25:35.0790 1944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:25:35.0822 1944 usbohci - ok
16:25:35.0853 1944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:25:35.0868 1944 usbprint - ok
16:25:35.0900 1944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:35.0962 1944 USBSTOR - ok
16:25:35.0978 1944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:35.0993 1944 usbuhci - ok
16:25:36.0024 1944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:25:36.0071 1944 usbvideo - ok
16:25:36.0102 1944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:25:36.0149 1944 UxSms - ok
16:25:36.0180 1944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:25:36.0180 1944 VaultSvc - ok
16:25:36.0243 1944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:25:36.0258 1944 vdrvroot - ok
16:25:36.0290 1944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:25:36.0368 1944 vds - ok
16:25:36.0399 1944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:36.0414 1944 vga - ok
16:25:36.0430 1944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:25:36.0477 1944 VgaSave - ok
16:25:36.0477 1944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:25:36.0524 1944 vhdmp - ok
16:25:36.0539 1944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:25:36.0555 1944 viaide - ok
16:25:36.0570 1944 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:25:36.0602 1944 vmbus - ok
16:25:36.0617 1944 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:25:36.0633 1944 VMBusHID - ok
16:25:36.0648 1944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:25:36.0680 1944 volmgr - ok
16:25:36.0680 1944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:25:36.0695 1944 volmgrx - ok
16:25:36.0726 1944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:25:36.0758 1944 volsnap - ok
16:25:36.0789 1944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:25:36.0804 1944 vsmraid - ok
16:25:36.0882 1944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:25:37.0023 1944 VSS - ok
16:25:37.0038 1944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:25:37.0070 1944 vwifibus - ok
16:25:37.0085 1944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:25:37.0148 1944 W32Time - ok
16:25:37.0179 1944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:25:37.0194 1944 WacomPen - ok
16:25:37.0241 1944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:25:37.0288 1944 WANARP - ok
16:25:37.0304 1944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:25:37.0335 1944 Wanarpv6 - ok
16:25:37.0413 1944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:25:37.0491 1944 WatAdminSvc - ok
16:25:37.0538 1944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:25:37.0694 1944 wbengine - ok
16:25:37.0709 1944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:25:37.0740 1944 WbioSrvc - ok
16:25:37.0772 1944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:25:37.0803 1944 wcncsvc - ok
16:25:37.0834 1944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:25:37.0865 1944 WcsPlugInService - ok
16:25:37.0881 1944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:25:37.0896 1944 Wd - ok
16:25:37.0959 1944 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
16:25:38.0006 1944 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning
16:25:38.0006 1944 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1)
16:25:38.0052 1944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:25:38.0115 1944 Wdf01000 - ok
16:25:38.0130 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:25:38.0240 1944 WdiServiceHost - ok
16:25:38.0240 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:25:38.0271 1944 WdiSystemHost - ok
16:25:38.0286 1944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:25:38.0333 1944 WebClient - ok
16:25:38.0349 1944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:25:38.0411 1944 Wecsvc - ok
16:25:38.0427 1944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:25:38.0458 1944 wercplsupport - ok
16:25:38.0505 1944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:25:38.0536 1944 WerSvc - ok
16:25:38.0567 1944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:38.0598 1944 WfpLwf - ok
16:25:38.0614 1944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:25:38.0630 1944 WIMMount - ok
16:25:38.0645 1944 WinDefend - ok
16:25:38.0645 1944 WinHttpAutoProxySvc - ok
16:25:38.0708 1944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:25:38.0739 1944 Winmgmt - ok
16:25:38.0817 1944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:25:38.0957 1944 WinRM - ok
16:25:39.0004 1944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:25:39.0035 1944 WinUsb - ok
16:25:39.0082 1944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:25:39.0129 1944 Wlansvc - ok
16:25:39.0144 1944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:39.0160 1944 WmiAcpi - ok
16:25:39.0207 1944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:25:39.0222 1944 wmiApSrv - ok
16:25:39.0269 1944 WMPNetworkSvc - ok
16:25:39.0285 1944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:25:39.0300 1944 WPCSvc - ok
16:25:39.0316 1944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:25:39.0332 1944 WPDBusEnum - ok
16:25:39.0347 1944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:25:39.0378 1944 ws2ifsl - ok
16:25:39.0410 1944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:25:39.0456 1944 wscsvc - ok
16:25:39.0456 1944 WSearch - ok
16:25:39.0534 1944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:25:39.0612 1944 wuauserv - ok
16:25:39.0644 1944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:25:39.0690 1944 WudfPf - ok
16:25:39.0737 1944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:39.0768 1944 WUDFRd - ok
16:25:39.0784 1944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:25:39.0815 1944 wudfsvc - ok
16:25:39.0909 1944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:25:39.0924 1944 WwanSvc - ok
16:25:39.0971 1944 ================ Scan global ===============================
16:25:39.0987 1944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:25:40.0034 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:25:40.0080 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:25:40.0096 1944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:25:40.0127 1944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:25:40.0158 1944 [Global] - ok
16:25:40.0158 1944 ================ Scan MBR ==================================
16:25:40.0174 1944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:40.0626 1944 \Device\Harddisk0\DR0 - ok
16:25:40.0626 1944 ================ Scan VBR ==================================
16:25:40.0626 1944 [ 9A41F03AA6B58A12EBB379785219C37A ] \Device\Harddisk0\DR0\Partition1
16:25:40.0642 1944 \Device\Harddisk0\DR0\Partition1 - ok
16:25:40.0658 1944 [ 50DAAD8F7B8CEA706BBFDFA2B6097FBB ] \Device\Harddisk0\DR0\Partition2
16:25:40.0658 1944 \Device\Harddisk0\DR0\Partition2 - ok
16:25:40.0658 1944 ============================================================
16:25:40.0658 1944 Scan finished
16:25:40.0658 1944 ============================================================
16:25:40.0658 1220 Detected object count: 4
16:25:40.0658 1220 Actual detected object count: 4
16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Log im nächsten post, da zu viele Zeichen.

Danke,

Daniel


Alt 11.02.2013, 16:31   #6
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Log:
16:25:01.0626 3896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:25:01.0704 3896 ============================================================
16:25:01.0704 3896 Current date / time: 2013/02/11 16:25:01.0704
16:25:01.0704 3896 SystemInfo:
16:25:01.0704 3896
16:25:01.0704 3896 OS Version: 6.1.7601 ServicePack: 1.0
16:25:01.0704 3896 Product type: Workstation
16:25:01.0704 3896 ComputerName: DANIEL-PC
16:25:01.0704 3896 UserName: Daniel
16:25:01.0704 3896 Windows directory: C:\Windows
16:25:01.0704 3896 System windows directory: C:\Windows
16:25:01.0704 3896 Running under WOW64
16:25:01.0704 3896 Processor architecture: Intel x64
16:25:01.0704 3896 Number of processors: 2
16:25:01.0704 3896 Page size: 0x1000
16:25:01.0704 3896 Boot type: Normal boot
16:25:01.0704 3896 ============================================================
16:25:03.0311 3896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:03.0311 3896 ============================================================
16:25:03.0311 3896 \Device\Harddisk0\DR0:
16:25:03.0311 3896 MBR partitions:
16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6944DD8
16:25:03.0311 3896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6944E17, BlocksNum 0x1687F76A
16:25:03.0311 3896 ============================================================
16:25:03.0327 3896 C: <-> \Device\Harddisk0\DR0\Partition1
16:25:03.0405 3896 D: <-> \Device\Harddisk0\DR0\Partition2
16:25:03.0405 3896 ============================================================
16:25:03.0405 3896 Initialize success
16:25:03.0405 3896 ============================================================
16:25:07.0820 1944 ============================================================
16:25:07.0820 1944 Scan started
16:25:07.0820 1944 Mode: Manual; SigCheck; TDLFS;
16:25:07.0820 1944 ============================================================
16:25:09.0380 1944 ================ Scan system memory ========================
16:25:09.0380 1944 System memory - ok
16:25:09.0380 1944 ================ Scan services =============================
16:25:09.0567 1944 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:25:09.0660 1944 1394ohci - ok
16:25:09.0692 1944 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:25:09.0707 1944 ACPI - ok
16:25:09.0754 1944 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:25:09.0848 1944 AcpiPmi - ok
16:25:09.0910 1944 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:25:09.0941 1944 adp94xx - ok
16:25:09.0957 1944 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:25:09.0988 1944 adpahci - ok
16:25:10.0004 1944 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:25:10.0019 1944 adpu320 - ok
16:25:10.0035 1944 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:25:10.0206 1944 AeLookupSvc - ok
16:25:10.0269 1944 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:25:10.0331 1944 AFD - ok
16:25:10.0378 1944 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:25:10.0394 1944 agp440 - ok
16:25:10.0425 1944 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
16:25:10.0487 1944 ALG - ok
16:25:10.0503 1944 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:25:10.0518 1944 aliide - ok
16:25:10.0565 1944 [ D696F317BD465A602566F8E1DCCE15F7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:25:10.0628 1944 AMD External Events Utility - ok
16:25:10.0659 1944 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
16:25:10.0674 1944 amdide - ok
16:25:10.0690 1944 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:25:10.0721 1944 AmdK8 - ok
16:25:10.0737 1944 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:25:10.0768 1944 AmdPPM - ok
16:25:10.0815 1944 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:25:10.0830 1944 amdsata - ok
16:25:10.0862 1944 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:25:10.0893 1944 amdsbs - ok
16:25:10.0908 1944 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:25:10.0924 1944 amdxata - ok
16:25:10.0986 1944 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:25:11.0018 1944 AntiVirSchedulerService - ok
16:25:11.0064 1944 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:25:11.0142 1944 AntiVirService - ok
16:25:11.0220 1944 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
16:25:11.0267 1944 AppID - ok
16:25:11.0298 1944 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:25:11.0345 1944 AppIDSvc - ok
16:25:11.0392 1944 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:25:11.0454 1944 Appinfo - ok
16:25:11.0486 1944 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:25:11.0548 1944 AppMgmt - ok
16:25:11.0548 1944 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
16:25:11.0579 1944 arc - ok
16:25:11.0610 1944 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:25:11.0626 1944 arcsas - ok
16:25:11.0657 1944 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:11.0704 1944 AsyncMac - ok
16:25:11.0720 1944 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
16:25:11.0735 1944 atapi - ok
16:25:11.0907 1944 [ 52BD95CAA9CAE8977FE043E9AD6D2D0E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:25:12.0110 1944 atikmdag - ok
16:25:12.0156 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:25:12.0234 1944 AudioEndpointBuilder - ok
16:25:12.0266 1944 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:25:12.0297 1944 AudioSrv - ok
16:25:12.0375 1944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:25:12.0422 1944 avgntflt - ok
16:25:12.0468 1944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:25:12.0484 1944 avipbb - ok
16:25:12.0515 1944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:25:12.0531 1944 avkmgr - ok
16:25:12.0578 1944 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:25:12.0656 1944 AxInstSV - ok
16:25:12.0718 1944 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:25:12.0765 1944 b06bdrv - ok
16:25:12.0827 1944 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:12.0858 1944 b57nd60a - ok
16:25:12.0921 1944 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:25:12.0952 1944 BDESVC - ok
16:25:12.0968 1944 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:25:13.0014 1944 Beep - ok
16:25:13.0077 1944 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
16:25:13.0155 1944 BFE - ok
16:25:13.0202 1944 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
16:25:13.0295 1944 BITS - ok
16:25:13.0342 1944 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:13.0373 1944 blbdrive - ok
16:25:13.0404 1944 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:25:13.0436 1944 bowser - ok
16:25:13.0467 1944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:25:13.0498 1944 BrFiltLo - ok
16:25:13.0498 1944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:25:13.0514 1944 BrFiltUp - ok
16:25:13.0576 1944 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
16:25:13.0607 1944 Browser - ok
16:25:13.0638 1944 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:25:13.0701 1944 Brserid - ok
16:25:13.0701 1944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:13.0732 1944 BrSerWdm - ok
16:25:13.0732 1944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:13.0763 1944 BrUsbMdm - ok
16:25:13.0763 1944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:13.0779 1944 BrUsbSer - ok
16:25:13.0826 1944 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
16:25:13.0872 1944 BthEnum - ok
16:25:13.0872 1944 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:25:13.0904 1944 BTHMODEM - ok
16:25:13.0919 1944 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:25:13.0950 1944 BthPan - ok
16:25:13.0997 1944 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
16:25:14.0044 1944 BTHPORT - ok
16:25:14.0075 1944 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
16:25:14.0122 1944 bthserv - ok
16:25:14.0138 1944 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
16:25:14.0169 1944 BTHUSB - ok
16:25:14.0216 1944 [ 9887CA12F407D7FBC7F48F3678F5F0B6 ] BVRPMPR5a64 C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:25:14.0231 1944 BVRPMPR5a64 - ok
16:25:14.0278 1944 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:25:14.0325 1944 cdfs - ok
16:25:14.0387 1944 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:25:14.0403 1944 cdrom - ok
16:25:14.0465 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
16:25:14.0528 1944 CertPropSvc - ok
16:25:14.0543 1944 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
16:25:14.0574 1944 circlass - ok
16:25:14.0606 1944 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
16:25:14.0637 1944 CLFS - ok
16:25:14.0699 1944 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:14.0715 1944 clr_optimization_v2.0.50727_32 - ok
16:25:14.0793 1944 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:14.0808 1944 clr_optimization_v2.0.50727_64 - ok
16:25:14.0902 1944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:14.0902 1944 clr_optimization_v4.0.30319_32 - ok
16:25:14.0949 1944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:25:14.0949 1944 clr_optimization_v4.0.30319_64 - ok
16:25:14.0996 1944 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:15.0027 1944 CmBatt - ok
16:25:15.0027 1944 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:25:15.0042 1944 cmdide - ok
16:25:15.0089 1944 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
16:25:15.0136 1944 CNG - ok
16:25:15.0167 1944 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:25:15.0183 1944 Compbatt - ok
16:25:15.0198 1944 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:15.0230 1944 CompositeBus - ok
16:25:15.0245 1944 COMSysApp - ok
16:25:15.0261 1944 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:25:15.0276 1944 crcdisk - ok
16:25:15.0323 1944 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:25:15.0354 1944 CryptSvc - ok
16:25:15.0370 1944 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
16:25:15.0448 1944 CSC - ok
16:25:15.0479 1944 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
16:25:15.0542 1944 CscService - ok
16:25:15.0588 1944 [ DF07C6D98BA7F81D0571E366B1CD6672 ] csr_a2dp C:\Windows\system32\drivers\bthav.sys
16:25:15.0635 1944 csr_a2dp - ok
16:25:15.0682 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:25:15.0713 1944 DcomLaunch - ok
16:25:15.0744 1944 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
16:25:15.0807 1944 defragsvc - ok
16:25:15.0838 1944 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:25:15.0885 1944 DfsC - ok
16:25:15.0932 1944 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
16:25:15.0978 1944 Dhcp - ok
16:25:15.0994 1944 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
16:25:16.0025 1944 discache - ok
16:25:16.0088 1944 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
16:25:16.0103 1944 Disk - ok
16:25:16.0134 1944 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:25:16.0166 1944 dmvsc - ok
16:25:16.0212 1944 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:25:16.0244 1944 Dnscache - ok
16:25:16.0275 1944 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:25:16.0322 1944 dot3svc - ok
16:25:16.0353 1944 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
16:25:16.0384 1944 DPS - ok
16:25:16.0431 1944 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:25:16.0446 1944 drmkaud - ok
16:25:16.0493 1944 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:25:16.0524 1944 DXGKrnl - ok
16:25:16.0571 1944 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:25:16.0618 1944 EapHost - ok
16:25:16.0712 1944 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:25:16.0852 1944 ebdrv - ok
16:25:16.0883 1944 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
16:25:16.0930 1944 EFS - ok
16:25:16.0977 1944 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:25:17.0055 1944 ehRecvr - ok
16:25:17.0070 1944 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
16:25:17.0102 1944 ehSched - ok
16:25:17.0164 1944 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:25:17.0195 1944 elxstor - ok
16:25:17.0211 1944 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:25:17.0226 1944 ErrDev - ok
16:25:17.0273 1944 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
16:25:17.0336 1944 EventSystem - ok
16:25:17.0382 1944 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
16:25:17.0445 1944 exfat - ok
16:25:17.0492 1944 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:25:17.0538 1944 fastfat - ok
16:25:17.0601 1944 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
16:25:17.0648 1944 Fax - ok
16:25:17.0648 1944 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
16:25:17.0663 1944 fdc - ok
16:25:17.0710 1944 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:25:17.0741 1944 fdPHost - ok
16:25:17.0741 1944 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:25:17.0788 1944 FDResPub - ok
16:25:17.0835 1944 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:25:17.0850 1944 FileInfo - ok
16:25:17.0850 1944 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:25:17.0897 1944 Filetrace - ok
16:25:17.0913 1944 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:25:17.0928 1944 flpydisk - ok
16:25:17.0944 1944 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:25:17.0975 1944 FltMgr - ok
16:25:18.0038 1944 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
16:25:18.0100 1944 FontCache - ok
16:25:18.0162 1944 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:18.0178 1944 FontCache3.0.0.0 - ok
16:25:18.0209 1944 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:25:18.0225 1944 FsDepends - ok
16:25:18.0256 1944 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:25:18.0272 1944 Fs_Rec - ok
16:25:18.0287 1944 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:25:18.0303 1944 fvevol - ok
16:25:18.0334 1944 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:25:18.0350 1944 gagp30kx - ok
16:25:18.0396 1944 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
16:25:18.0443 1944 gpsvc - ok
16:25:18.0459 1944 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:25:18.0506 1944 hcw85cir - ok
16:25:18.0552 1944 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:25:18.0615 1944 HdAudAddService - ok
16:25:18.0646 1944 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:18.0662 1944 HDAudBus - ok
16:25:18.0677 1944 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:25:18.0693 1944 HidBatt - ok
16:25:18.0708 1944 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:25:18.0724 1944 HidBth - ok
16:25:18.0755 1944 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:25:18.0771 1944 HidIr - ok
16:25:18.0802 1944 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
16:25:18.0833 1944 hidserv - ok
16:25:18.0880 1944 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:25:18.0896 1944 HidUsb - ok
16:25:18.0911 1944 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:25:18.0958 1944 hkmsvc - ok
16:25:18.0989 1944 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:25:19.0020 1944 HomeGroupListener - ok
16:25:19.0036 1944 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:25:19.0067 1944 HomeGroupProvider - ok
16:25:19.0098 1944 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:25:19.0114 1944 HpSAMD - ok
16:25:19.0161 1944 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:25:19.0223 1944 HTTP - ok
16:25:19.0254 1944 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:25:19.0270 1944 hwpolicy - ok
16:25:19.0270 1944 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:19.0286 1944 i8042prt - ok
16:25:19.0317 1944 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:25:19.0364 1944 iaStorV - ok
16:25:19.0410 1944 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:19.0473 1944 idsvc - ok
16:25:19.0488 1944 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:25:19.0504 1944 iirsp - ok
16:25:19.0535 1944 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
16:25:19.0613 1944 IKEEXT - ok
16:25:19.0754 1944 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:25:19.0816 1944 IntcAzAudAddService - ok
16:25:19.0832 1944 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
16:25:19.0847 1944 intelide - ok
16:25:19.0878 1944 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:25:19.0894 1944 intelppm - ok
16:25:19.0910 1944 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:25:19.0956 1944 IPBusEnum - ok
16:25:19.0972 1944 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:20.0003 1944 IpFilterDriver - ok
16:25:20.0050 1944 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:25:20.0097 1944 iphlpsvc - ok
16:25:20.0112 1944 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:25:20.0128 1944 IPMIDRV - ok
16:25:20.0144 1944 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:25:20.0190 1944 IPNAT - ok
16:25:20.0206 1944 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:25:20.0237 1944 IRENUM - ok
16:25:20.0253 1944 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:25:20.0268 1944 isapnp - ok
16:25:20.0284 1944 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:25:20.0300 1944 iScsiPrt - ok
16:25:20.0393 1944 [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe
16:25:20.0456 1944 jswpsapi ( UnsignedFile.Multi.Generic ) - warning
16:25:20.0456 1944 jswpsapi - detected UnsignedFile.Multi.Generic (1)
16:25:20.0487 1944 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
16:25:20.0534 1944 JSWPSLWF - ok
16:25:20.0549 1944 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:20.0565 1944 kbdclass - ok
16:25:20.0612 1944 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:20.0643 1944 kbdhid - ok
16:25:20.0658 1944 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
16:25:20.0674 1944 KeyIso - ok
16:25:20.0736 1944 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:25:20.0752 1944 KSecDD - ok
16:25:20.0768 1944 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:25:20.0799 1944 KSecPkg - ok
16:25:20.0799 1944 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:25:20.0861 1944 ksthunk - ok
16:25:20.0892 1944 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
16:25:20.0924 1944 KtmRm - ok
16:25:20.0970 1944 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:25:21.0017 1944 LanmanServer - ok
16:25:21.0064 1944 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:25:21.0111 1944 LanmanWorkstation - ok
16:25:21.0142 1944 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:25:21.0189 1944 lltdio - ok
16:25:21.0236 1944 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:25:21.0298 1944 lltdsvc - ok
16:25:21.0360 1944 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:25:21.0407 1944 lmhosts - ok
16:25:21.0423 1944 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:25:21.0438 1944 LSI_FC - ok
16:25:21.0485 1944 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:25:21.0501 1944 LSI_SAS - ok
16:25:21.0516 1944 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:25:21.0532 1944 LSI_SAS2 - ok
16:25:21.0548 1944 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:25:21.0563 1944 LSI_SCSI - ok
16:25:21.0579 1944 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
16:25:21.0626 1944 luafv - ok
16:25:21.0657 1944 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:25:21.0719 1944 Mcx2Svc - ok
16:25:21.0735 1944 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:25:21.0750 1944 megasas - ok
16:25:21.0797 1944 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:25:21.0828 1944 MegaSR - ok
16:25:21.0844 1944 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
16:25:21.0891 1944 MMCSS - ok
16:25:21.0891 1944 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:25:21.0938 1944 Modem - ok
16:25:21.0953 1944 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:25:21.0984 1944 monitor - ok
16:25:22.0016 1944 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:25:22.0031 1944 mouclass - ok
16:25:22.0078 1944 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:25:22.0109 1944 mouhid - ok
16:25:22.0125 1944 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:25:22.0140 1944 mountmgr - ok
16:25:22.0218 1944 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:22.0234 1944 MozillaMaintenance - ok
16:25:22.0250 1944 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:25:22.0265 1944 mpio - ok
16:25:22.0281 1944 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:25:22.0328 1944 mpsdrv - ok
16:25:22.0359 1944 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:25:22.0421 1944 MpsSvc - ok
16:25:22.0452 1944 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:25:22.0484 1944 MRxDAV - ok
16:25:22.0515 1944 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:22.0546 1944 mrxsmb - ok
16:25:22.0577 1944 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:22.0593 1944 mrxsmb10 - ok
16:25:22.0624 1944 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:22.0640 1944 mrxsmb20 - ok
16:25:22.0671 1944 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:25:22.0686 1944 msahci - ok
16:25:22.0718 1944 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:25:22.0733 1944 msdsm - ok
16:25:22.0796 1944 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
16:25:22.0827 1944 MSDTC - ok
16:25:22.0889 1944 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:25:22.0936 1944 Msfs - ok
16:25:22.0952 1944 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:25:22.0998 1944 mshidkmdf - ok
16:25:23.0014 1944 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:25:23.0030 1944 msisadrv - ok
16:25:23.0061 1944 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:25:23.0092 1944 MSiSCSI - ok
16:25:23.0108 1944 msiserver - ok
16:25:23.0123 1944 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:25:23.0186 1944 MSKSSRV - ok
16:25:23.0217 1944 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:23.0264 1944 MSPCLOCK - ok
16:25:23.0279 1944 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:25:23.0326 1944 MSPQM - ok
16:25:23.0342 1944 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:25:23.0373 1944 MsRPC - ok
16:25:23.0388 1944 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:23.0404 1944 mssmbios - ok
16:25:23.0435 1944 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:25:23.0498 1944 MSTEE - ok
16:25:23.0513 1944 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:25:23.0544 1944 MTConfig - ok
16:25:23.0560 1944 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:25:23.0576 1944 Mup - ok
16:25:23.0591 1944 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
16:25:23.0669 1944 napagent - ok
16:25:23.0700 1944 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:25:23.0732 1944 NativeWifiP - ok
16:25:23.0778 1944 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:25:23.0825 1944 NDIS - ok
16:25:23.0841 1944 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:23.0872 1944 NdisCap - ok
16:25:23.0903 1944 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:23.0934 1944 NdisTapi - ok
16:25:23.0950 1944 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:23.0997 1944 Ndisuio - ok
16:25:24.0028 1944 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:24.0075 1944 NdisWan - ok
16:25:24.0090 1944 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:25:24.0122 1944 NDProxy - ok
16:25:24.0137 1944 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:25:24.0184 1944 NetBIOS - ok
16:25:24.0215 1944 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:25:24.0246 1944 NetBT - ok
16:25:24.0262 1944 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
16:25:24.0278 1944 Netlogon - ok
16:25:24.0324 1944 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
16:25:24.0371 1944 Netman - ok
16:25:24.0387 1944 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
16:25:24.0434 1944 netprofm - ok
16:25:24.0465 1944 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:24.0480 1944 NetTcpPortSharing - ok
16:25:24.0652 1944 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
16:25:24.0855 1944 netw5v64 - ok
16:25:24.0902 1944 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:25:24.0917 1944 nfrd960 - ok
16:25:24.0995 1944 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:25:25.0026 1944 NlaSvc - ok
16:25:25.0042 1944 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:25:25.0073 1944 Npfs - ok
16:25:25.0089 1944 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:25:25.0120 1944 nsi - ok
16:25:25.0120 1944 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:25:25.0167 1944 nsiproxy - ok
16:25:25.0229 1944 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:25:25.0354 1944 Ntfs - ok
16:25:25.0370 1944 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
16:25:25.0416 1944 Null - ok
16:25:25.0463 1944 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:25:25.0479 1944 nvraid - ok
16:25:25.0494 1944 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:25:25.0510 1944 nvstor - ok
16:25:25.0526 1944 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:25:25.0541 1944 nv_agp - ok
16:25:25.0744 1944 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:25:25.0775 1944 odserv - ok
16:25:25.0806 1944 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:25:25.0838 1944 ohci1394 - ok
16:25:25.0900 1944 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:25:25.0916 1944 ose - ok
16:25:25.0947 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:25:26.0009 1944 p2pimsvc - ok
16:25:26.0025 1944 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:25:26.0072 1944 p2psvc - ok
16:25:26.0103 1944 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:25:26.0118 1944 Parport - ok
16:25:26.0150 1944 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:25:26.0165 1944 partmgr - ok
16:25:26.0196 1944 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:25:26.0259 1944 PcaSvc - ok
16:25:26.0274 1944 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
16:25:26.0290 1944 pci - ok
16:25:26.0306 1944 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
16:25:26.0321 1944 pciide - ok
16:25:26.0337 1944 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:25:26.0352 1944 pcmcia - ok
16:25:26.0368 1944 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:25:26.0384 1944 pcw - ok
16:25:26.0415 1944 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:25:26.0493 1944 PEAUTH - ok
16:25:26.0618 1944 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:25:26.0696 1944 PeerDistSvc - ok
16:25:26.0774 1944 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:25:26.0805 1944 PerfHost - ok
16:25:26.0867 1944 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
16:25:26.0961 1944 pla - ok
16:25:27.0023 1944 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:25:27.0101 1944 PlugPlay - ok
16:25:27.0117 1944 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:25:27.0148 1944 PNRPAutoReg - ok
16:25:27.0164 1944 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:25:27.0179 1944 PNRPsvc - ok
16:25:27.0226 1944 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:25:27.0288 1944 PolicyAgent - ok
16:25:27.0304 1944 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
16:25:27.0382 1944 Power - ok
16:25:27.0413 1944 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:25:27.0444 1944 PptpMiniport - ok
16:25:27.0460 1944 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
16:25:27.0491 1944 Processor - ok
16:25:27.0538 1944 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:25:27.0569 1944 ProfSvc - ok
16:25:27.0569 1944 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:25:27.0585 1944 ProtectedStorage - ok
16:25:27.0616 1944 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:25:27.0678 1944 Psched - ok
16:25:27.0741 1944 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:25:27.0819 1944 ql2300 - ok
16:25:27.0866 1944 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:25:27.0881 1944 ql40xx - ok
16:25:27.0944 1944 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
16:25:27.0975 1944 QWAVE - ok
16:25:28.0006 1944 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:25:28.0037 1944 QWAVEdrv - ok
16:25:28.0053 1944 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:25:28.0084 1944 RasAcd - ok
16:25:28.0115 1944 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:28.0146 1944 RasAgileVpn - ok
16:25:28.0162 1944 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
16:25:28.0209 1944 RasAuto - ok
16:25:28.0224 1944 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:28.0271 1944 Rasl2tp - ok
16:25:28.0287 1944 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
16:25:28.0334 1944 RasMan - ok
16:25:28.0349 1944 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:28.0412 1944 RasPppoe - ok
16:25:28.0427 1944 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:25:28.0474 1944 RasSstp - ok
16:25:28.0490 1944 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:25:28.0552 1944 rdbss - ok
16:25:28.0568 1944 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:28.0630 1944 rdpbus - ok
16:25:28.0646 1944 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:28.0677 1944 RDPCDD - ok
16:25:28.0724 1944 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:25:28.0739 1944 RDPDR - ok
16:25:28.0755 1944 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:25:28.0817 1944 RDPENCDD - ok
16:25:28.0833 1944 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:25:28.0880 1944 RDPREFMP - ok
16:25:28.0926 1944 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:25:28.0958 1944 RDPWD - ok
16:25:29.0004 1944 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:25:29.0020 1944 rdyboost - ok
16:25:29.0051 1944 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:25:29.0129 1944 RemoteAccess - ok
16:25:29.0145 1944 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:25:29.0192 1944 RemoteRegistry - ok
16:25:29.0238 1944 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:25:29.0270 1944 RFCOMM - ok
16:25:29.0301 1944 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:25:29.0348 1944 RpcEptMapper - ok
16:25:29.0363 1944 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
16:25:29.0410 1944 RpcLocator - ok
16:25:29.0441 1944 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
16:25:29.0472 1944 RpcSs - ok
16:25:29.0550 1944 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:25:29.0582 1944 rspndr - ok
16:25:29.0628 1944 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:25:29.0644 1944 RTL8167 - ok
16:25:29.0738 1944 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:25:29.0784 1944 s3cap - ok
16:25:29.0800 1944 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
16:25:29.0816 1944 SamSs - ok
16:25:29.0847 1944 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:25:29.0862 1944 sbp2port - ok
16:25:29.0894 1944 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:25:29.0940 1944 SCardSvr - ok
16:25:29.0956 1944 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:25:30.0018 1944 scfilter - ok
16:25:30.0065 1944 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
16:25:30.0128 1944 Schedule - ok
16:25:30.0159 1944 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:25:30.0190 1944 SCPolicySvc - ok
16:25:30.0268 1944 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:25:30.0362 1944 SDRSVC - ok
16:25:30.0377 1944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:25:30.0424 1944 secdrv - ok
16:25:30.0440 1944 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
16:25:30.0471 1944 seclogon - ok
16:25:30.0486 1944 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
16:25:30.0533 1944 SENS - ok
16:25:30.0549 1944 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:25:30.0611 1944 SensrSvc - ok
16:25:30.0627 1944 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
16:25:30.0658 1944 Serenum - ok
16:25:30.0705 1944 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
16:25:30.0736 1944 Serial - ok
16:25:30.0752 1944 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:25:30.0767 1944 sermouse - ok
16:25:30.0798 1944 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:25:30.0845 1944 SessionEnv - ok
16:25:30.0845 1944 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:25:30.0861 1944 sffdisk - ok
16:25:30.0876 1944 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:25:30.0908 1944 sffp_mmc - ok
16:25:30.0908 1944 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:25:30.0923 1944 sffp_sd - ok
16:25:30.0923 1944 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:25:30.0954 1944 sfloppy - ok
16:25:30.0986 1944 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:25:31.0064 1944 SharedAccess - ok
16:25:31.0110 1944 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:25:31.0157 1944 ShellHWDetection - ok
16:25:31.0204 1944 [ 1B731AE02FC0C1CCDC4B7D32FCC95660 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
16:25:31.0220 1944 Si3531 - ok
16:25:31.0235 1944 [ 8574809375C8147CC9B6A62822018FD6 ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
16:25:31.0235 1944 SiFilter - ok
16:25:31.0251 1944 [ E7B586131C8C417691E303C511C3563B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
16:25:31.0266 1944 SiRemFil - ok
16:25:31.0282 1944 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:25:31.0298 1944 SiSRaid2 - ok
16:25:31.0329 1944 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:25:31.0344 1944 SiSRaid4 - ok
16:25:31.0391 1944 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
16:25:31.0438 1944 SkypeUpdate - ok
16:25:31.0469 1944 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:25:31.0516 1944 Smb - ok
16:25:31.0578 1944 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\Windows\system32\DRIVERS\SmSerl64.sys
16:25:31.0641 1944 smserial - ok
16:25:31.0656 1944 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:25:31.0688 1944 SNMPTRAP - ok
16:25:31.0719 1944 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:25:31.0734 1944 spldr - ok
16:25:31.0766 1944 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
16:25:31.0812 1944 Spooler - ok
16:25:31.0890 1944 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
16:25:32.0046 1944 sppsvc - ok
16:25:32.0062 1944 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:25:32.0093 1944 sppuinotify - ok
16:25:32.0140 1944 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
16:25:32.0187 1944 srv - ok
16:25:32.0218 1944 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:25:32.0280 1944 srv2 - ok
16:25:32.0327 1944 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:25:32.0405 1944 srvnet - ok
16:25:32.0452 1944 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:25:32.0483 1944 SSDPSRV - ok
16:25:32.0514 1944 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:25:32.0546 1944 SstpSvc - ok
16:25:32.0592 1944 Steam Client Service - ok
16:25:32.0608 1944 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:25:32.0624 1944 stexstor - ok
16:25:32.0686 1944 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
16:25:32.0748 1944 stisvc - ok
16:25:32.0764 1944 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:25:32.0780 1944 storflt - ok
16:25:32.0795 1944 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
16:25:32.0842 1944 StorSvc - ok
16:25:32.0858 1944 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:25:32.0873 1944 storvsc - ok
16:25:32.0889 1944 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:25:32.0904 1944 swenum - ok
16:25:32.0951 1944 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
16:25:32.0998 1944 swprv - ok
16:25:33.0092 1944 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
16:25:33.0170 1944 SysMain - ok
16:25:33.0185 1944 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:25:33.0216 1944 TabletInputService - ok
16:25:33.0279 1944 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
16:25:33.0326 1944 tap0901t ( UnsignedFile.Multi.Generic ) - warning
16:25:33.0326 1944 tap0901t - detected UnsignedFile.Multi.Generic (1)
16:25:33.0357 1944 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:25:33.0419 1944 TapiSrv - ok
16:25:33.0435 1944 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
16:25:33.0466 1944 TBS - ok
16:25:33.0528 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:25:33.0669 1944 Tcpip - ok
16:25:33.0731 1944 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:25:33.0762 1944 TCPIP6 - ok
16:25:33.0794 1944 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:25:33.0809 1944 tcpipreg - ok
16:25:33.0825 1944 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:25:33.0856 1944 TDPIPE - ok
16:25:33.0872 1944 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:25:33.0903 1944 TDTCP - ok
16:25:33.0934 1944 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:25:33.0981 1944 tdx - ok
16:25:33.0996 1944 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:25:34.0012 1944 TermDD - ok
16:25:34.0059 1944 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
16:25:34.0152 1944 TermService - ok
16:25:34.0168 1944 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
16:25:34.0199 1944 Themes - ok
16:25:34.0215 1944 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
16:25:34.0246 1944 THREADORDER - ok
16:25:34.0293 1944 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
16:25:34.0340 1944 TrkWks - ok
16:25:34.0371 1944 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:25:34.0402 1944 TrustedInstaller - ok
16:25:34.0449 1944 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:34.0511 1944 tssecsrv - ok
16:25:34.0558 1944 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:25:34.0589 1944 TsUsbFlt - ok
16:25:34.0605 1944 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:25:34.0636 1944 TsUsbGD - ok
16:25:34.0667 1944 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:25:34.0730 1944 tunnel - ok
16:25:34.0808 1944 [ 3DB1CE045A552161EF7252988752C65F ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
16:25:34.0917 1944 TunngleService ( UnsignedFile.Multi.Generic ) - warning
16:25:34.0917 1944 TunngleService - detected UnsignedFile.Multi.Generic (1)
16:25:34.0948 1944 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:25:34.0964 1944 uagp35 - ok
16:25:34.0979 1944 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:25:35.0042 1944 udfs - ok
16:25:35.0104 1944 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:25:35.0120 1944 UI0Detect - ok
16:25:35.0151 1944 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:25:35.0166 1944 uliagpkx - ok
16:25:35.0182 1944 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:25:35.0213 1944 umbus - ok
16:25:35.0229 1944 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:25:35.0260 1944 UmPass - ok
16:25:35.0276 1944 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
16:25:35.0322 1944 UmRdpService - ok
16:25:35.0369 1944 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
16:25:35.0416 1944 upnphost - ok
16:25:35.0478 1944 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:25:35.0510 1944 usbaudio - ok
16:25:35.0556 1944 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:35.0603 1944 usbccgp - ok
16:25:35.0666 1944 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:25:35.0681 1944 usbcir - ok
16:25:35.0712 1944 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:25:35.0728 1944 usbehci - ok
16:25:35.0759 1944 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:25:35.0790 1944 usbhub - ok
16:25:35.0790 1944 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:25:35.0822 1944 usbohci - ok
16:25:35.0853 1944 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:25:35.0868 1944 usbprint - ok
16:25:35.0900 1944 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:35.0962 1944 USBSTOR - ok
16:25:35.0978 1944 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:35.0993 1944 usbuhci - ok
16:25:36.0024 1944 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:25:36.0071 1944 usbvideo - ok
16:25:36.0102 1944 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
16:25:36.0149 1944 UxSms - ok
16:25:36.0180 1944 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
16:25:36.0180 1944 VaultSvc - ok
16:25:36.0243 1944 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:25:36.0258 1944 vdrvroot - ok
16:25:36.0290 1944 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
16:25:36.0368 1944 vds - ok
16:25:36.0399 1944 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:36.0414 1944 vga - ok
16:25:36.0430 1944 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
16:25:36.0477 1944 VgaSave - ok
16:25:36.0477 1944 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:25:36.0524 1944 vhdmp - ok
16:25:36.0539 1944 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:25:36.0555 1944 viaide - ok
16:25:36.0570 1944 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:25:36.0602 1944 vmbus - ok
16:25:36.0617 1944 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:25:36.0633 1944 VMBusHID - ok
16:25:36.0648 1944 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:25:36.0680 1944 volmgr - ok
16:25:36.0680 1944 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:25:36.0695 1944 volmgrx - ok
16:25:36.0726 1944 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:25:36.0758 1944 volsnap - ok
16:25:36.0789 1944 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:25:36.0804 1944 vsmraid - ok
16:25:36.0882 1944 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
16:25:37.0023 1944 VSS - ok
16:25:37.0038 1944 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:25:37.0070 1944 vwifibus - ok
16:25:37.0085 1944 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
16:25:37.0148 1944 W32Time - ok
16:25:37.0179 1944 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:25:37.0194 1944 WacomPen - ok
16:25:37.0241 1944 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:25:37.0288 1944 WANARP - ok
16:25:37.0304 1944 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:25:37.0335 1944 Wanarpv6 - ok
16:25:37.0413 1944 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:25:37.0491 1944 WatAdminSvc - ok
16:25:37.0538 1944 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
16:25:37.0694 1944 wbengine - ok
16:25:37.0709 1944 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:25:37.0740 1944 WbioSrvc - ok
16:25:37.0772 1944 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:25:37.0803 1944 wcncsvc - ok
16:25:37.0834 1944 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:25:37.0865 1944 WcsPlugInService - ok
16:25:37.0881 1944 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
16:25:37.0896 1944 Wd - ok
16:25:37.0959 1944 [ 49B50BE4C6E61DC378057A09130E0629 ] WDCS_WNDA3200 C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
16:25:38.0006 1944 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - warning
16:25:38.0006 1944 WDCS_WNDA3200 - detected UnsignedFile.Multi.Generic (1)
16:25:38.0052 1944 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:25:38.0115 1944 Wdf01000 - ok
16:25:38.0130 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:25:38.0240 1944 WdiServiceHost - ok
16:25:38.0240 1944 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:25:38.0271 1944 WdiSystemHost - ok
16:25:38.0286 1944 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:25:38.0333 1944 WebClient - ok
16:25:38.0349 1944 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:25:38.0411 1944 Wecsvc - ok
16:25:38.0427 1944 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:25:38.0458 1944 wercplsupport - ok
16:25:38.0505 1944 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:25:38.0536 1944 WerSvc - ok
16:25:38.0567 1944 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:38.0598 1944 WfpLwf - ok
16:25:38.0614 1944 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:25:38.0630 1944 WIMMount - ok
16:25:38.0645 1944 WinDefend - ok
16:25:38.0645 1944 WinHttpAutoProxySvc - ok
16:25:38.0708 1944 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:25:38.0739 1944 Winmgmt - ok
16:25:38.0817 1944 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
16:25:38.0957 1944 WinRM - ok
16:25:39.0004 1944 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:25:39.0035 1944 WinUsb - ok
16:25:39.0082 1944 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
16:25:39.0129 1944 Wlansvc - ok
16:25:39.0144 1944 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:39.0160 1944 WmiAcpi - ok
16:25:39.0207 1944 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:25:39.0222 1944 wmiApSrv - ok
16:25:39.0269 1944 WMPNetworkSvc - ok
16:25:39.0285 1944 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:25:39.0300 1944 WPCSvc - ok
16:25:39.0316 1944 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:25:39.0332 1944 WPDBusEnum - ok
16:25:39.0347 1944 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:25:39.0378 1944 ws2ifsl - ok
16:25:39.0410 1944 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
16:25:39.0456 1944 wscsvc - ok
16:25:39.0456 1944 WSearch - ok
16:25:39.0534 1944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:25:39.0612 1944 wuauserv - ok
16:25:39.0644 1944 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:25:39.0690 1944 WudfPf - ok
16:25:39.0737 1944 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:39.0768 1944 WUDFRd - ok
16:25:39.0784 1944 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:25:39.0815 1944 wudfsvc - ok
16:25:39.0909 1944 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
16:25:39.0924 1944 WwanSvc - ok
16:25:39.0971 1944 ================ Scan global ===============================
16:25:39.0987 1944 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:25:40.0034 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:25:40.0080 1944 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
16:25:40.0096 1944 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:25:40.0127 1944 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:25:40.0158 1944 [Global] - ok
16:25:40.0158 1944 ================ Scan MBR ==================================
16:25:40.0174 1944 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:25:40.0626 1944 \Device\Harddisk0\DR0 - ok
16:25:40.0626 1944 ================ Scan VBR ==================================
16:25:40.0626 1944 [ 9A41F03AA6B58A12EBB379785219C37A ] \Device\Harddisk0\DR0\Partition1
16:25:40.0642 1944 \Device\Harddisk0\DR0\Partition1 - ok
16:25:40.0658 1944 [ 50DAAD8F7B8CEA706BBFDFA2B6097FBB ] \Device\Harddisk0\DR0\Partition2
16:25:40.0658 1944 \Device\Harddisk0\DR0\Partition2 - ok
16:25:40.0658 1944 ============================================================
16:25:40.0658 1944 Scan finished
16:25:40.0658 1944 ============================================================
16:25:40.0658 1220 Detected object count: 4
16:25:40.0658 1220 Actual detected object count: 4
16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 jswpsapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:42.0327 1220 WDCS_WNDA3200 ( UnsignedFile.Multi.Generic ) - User select action: Skip


Ich hoffe es passt alles so.

Alt 12.02.2013, 11:43   #7
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2013, 16:28   #8
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-12.01 - Daniel 12.02.2013  16:19:01.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4094.2941 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-12 bis 2013-02-12  ))))))))))))))))))))))))))))))
.
.
2013-02-12 15:22 . 2013-02-12 15:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-09 12:37 . 2013-02-09 12:37	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-02-09 12:37 . 2013-02-09 12:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-09 12:37 . 2013-02-09 12:37	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-09 12:37 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-09 12:37 . 2013-02-09 12:37	--------	d-----w-	c:\users\Daniel\AppData\Local\Programs
2013-02-09 12:31 . 2013-02-09 12:32	--------	d-----w-	c:\windows\system32\appmgmt
2013-02-08 19:25 . 2013-02-08 19:25	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-02-08 19:25 . 2013-02-08 19:25	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-02-08 19:25 . 2013-02-08 19:25	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Babylon
2013-02-08 19:25 . 2013-02-08 19:25	--------	d-----w-	c:\programdata\Babylon
2013-02-08 19:24 . 2013-02-08 19:24	--------	d-----w-	c:\program files (x86)\Movie2KDownloader.com
2013-02-08 19:24 . 2013-02-08 19:24	--------	d-----w-	c:\program files (x86)\hdvidcodec.com
2013-01-28 18:39 . 2013-01-28 18:39	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-01-28 18:39 . 2013-01-28 18:39	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-09 13:07 . 2012-09-10 15:11	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-09 13:07 . 2012-08-28 12:17	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 23:09	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 23:09	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:09	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:09	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 23:01	441856	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 23:01	2746368	----a-w-	c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 23:01	308736	----a-w-	c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 23:01	2576384	----a-w-	c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 23:01	30720	----a-w-	c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 23:01	43520	----a-w-	c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 23:01	23552	----a-w-	c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 23:01	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 23:01	44544	----a-w-	c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 23:01	20480	----a-w-	c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 23:01	20480	----a-w-	c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 23:01	20480	----a-w-	c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 23:01	46592	----a-w-	c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 23:01	40960	----a-w-	c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 23:01	21504	----a-w-	c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 23:01	15360	----a-w-	c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 23:01	55296	----a-w-	c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 23:01	51712	----a-w-	c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 23:01	43520	----a-w-	c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 23:01	30720	----a-w-	c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 23:01	45568	----a-w-	c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 23:01	44544	----a-w-	c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 23:01	23552	----a-w-	c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 23:01	20480	----a-w-	c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 23:01	20480	----a-w-	c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 23:01	46592	----a-w-	c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 23:01	20480	----a-w-	c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 23:01	21504	----a-w-	c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 23:01	40960	----a-w-	c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 23:01	15360	----a-w-	c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 23:01	55296	----a-w-	c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 23:01	51712	----a-w-	c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 23:01	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 23:01	243200	----a-w-	c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 23:01	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-11-30 05:45 . 2013-01-09 23:01	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 05:43 . 2013-01-09 23:01	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 23:01	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 23:01	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 23:01	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:54 . 2013-01-09 23:01	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-11-30 04:53 . 2013-01-09 23:01	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 23:01	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 23:01	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-07-08 35840]
R3 csr_a2dp;Bluetooth-AV-Profil;c:\windows\system32\drivers\bthav.sys [2009-12-21 78848]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2009-11-05 954368]
R3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-07-19 738152]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-07 1255736]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2009-02-09 333864]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2010-06-23 167936]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 12:39]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1413935850-3561404073-4138151363-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-09 12:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-12  16:24:31
ComboFix-quarantined-files.txt  2013-02-12 15:24
.
Vor Suchlauf: 11 Verzeichnis(se), 23.494.766.592 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.121.864.192 Bytes frei
.
- - End Of File - - DCDFCF1FB56DF6D044FEA6D8F0A99494
         
--- --- ---

Alt 13.02.2013, 13:00   #9
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Hi
poste bitte alle Malwarebytes logs mit Funden:
http://www.trojaner-board.de/125889-...en-posten.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.02.2013, 20:49   #10
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Hey,

hier der eine mit Fund:

Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.09.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [Administrator]

09.02.2013 13:37:47
mbam-log-2013-02-09 (13-37-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222811
Laufzeit: 5 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-1413935850-3561404073-4138151363-1000\$R5RUWQT.exe (PUP.Offerware) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Danke

Alt 13.02.2013, 20:51   #11
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 03:13   #12
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [Administrator]

16.02.2013 20:23:49
mbam-log-2013-02-16 (20-23-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 633232
Laufzeit: 2 Stunde(n), 6 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Wie gesagt, er findet keine. Den einen wo er was gefunden hatte, habe ich gepostet.

Alt 17.02.2013, 16:16   #13
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 17:11   #14
Doderan
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.02.2013 6,00MB 11.5.502.149 NOTWENDIG
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 23.12.2012 6,00MB 11.5.502.135 NOTWENDIG
Avira Free Antivirus Avira 14.11.2012 111MB 12.1.9.1236 NOTWENDIG
CCleaner Piriform 23.01.2013 3.27 NOTWENDIG
Counter-Strike 1.6 05.01.2013 1.00.0000 NOTWENDIG
Dropbox Dropbox, Inc. 28.01.2013 1.6.16 NOTWENDIG
Dungeon Siege 04.01.2013 UNNÖTIG
Google Chrome Google Inc. 09.02.2013 24.0.1312.57 NOTWENDIG
GUILD WARS 25.09.2012 NOTWENDIG
HDVidCodec hdvidcodec.com 08.02.2013 2.1 Build 26473 UNNÖTIG
Java 7 Update 7 (64-bit) Oracle 21.10.2012 127MB 7.0.70 NOTWENDIG
Java 7 Update 9 Oracle 03.09.2012 128MB 7.0.90 NOTWENDIG
Java SE Development Kit 7 Update 7 (64-bit) Oracle 21.10.2012 188MB 1.7.0.70 NOTWENDIG
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.02.2013 18,4MB 1.70.0.1100 NOTWENDIG
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 29.08.2012 38,8MB 4.0.30319 UNBEKANNT
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 29.08.2012 2,93MB 4.0.30319 UNBEKANNT
Microsoft Office Enterprise 2007 Microsoft Corporation 26.10.2012 12.0.6612.1000 NOTWENDIG
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.08.2012 300KB 8.0.56336 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 13.12.2012 788KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.12.2012 788KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 28.08.2012 2,06MB 9.0.21022 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.01.2013 232KB 9.0.30729 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 29.08.2012 600KB 9.0.30729.6161 UNBEKANNT
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.08.2012 12,2MB 10.0.40219 UNBEKANNT
Mozilla Maintenance Service Mozilla 11.01.2013 330KB 17.0.2 UNBEKANNT
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 11.01.2013 41,9MB 17.0.2 NOTWENDIG
NETGEAR WNDA3200 wireless adapter Setup NETGEAR 07.09.2012 1.0.0.9 NOTWENDIG
PDF-Viewer Tracker Software Products Ltd 28.08.2012 40,2MB 2.5.205.0 NOTWENDIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 28.08.2012 6.0.1.6662 NOTWENDIG
Sid Meier's Civilization V 2K Games, Inc. 06.01.2013 NOTWENDIG
Skype™ 6.1 Skype Technologies S.A. 28.01.2013 21,1MB 6.1.129 NOTWENDIG
Steam Valve Corporation 28.08.2012 35,4MB 1.0.0.0 NOTWENDIG
TeamSpeak 3 Client TeamSpeak Systems GmbH 13.12.2012 3.0.6 UNNÖTIG
Tunngle beta Tunngle.net GmbH 01.09.2012 8,90MB UNNÖTIG
WebCam WebCam 09.09.2012 6.32.0.06a NOTWENDIG
Windows Media Encoder 9 Series 01.09.2012 UNBEKANNT
Zipeg Zipeg - free app to open ZIP and RAR for Mac and Windows 24.09.2012 2.9.3.1316 NOTWENDIG


Danke nochmal

Alt 17.02.2013, 17:34   #15
markusg
/// Malware-holic
 
Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Standard

Browser hat immer script akamaihd.net, Google Suche wird umgeleitet



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
deinstaliere:
Dungeon
HDVidCodec
Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
TeamSpeak
Tunngle

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Browser hat immer script akamaihd.net, Google Suche wird umgeleitet
angebliche, browser, dumme, einfach, fehler, gefunde, gelöscht, gestern, google, installier, installiert, laufen, malewarebytes, melde, nicht mehr, problem, schonmal, script, suche, system, tagen, troja, trojaner-board, umgeleitet, würde, würdet



Ähnliche Themen: Browser hat immer script akamaihd.net, Google Suche wird umgeleitet


  1. Google Suche in Chrome wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 22.10.2014 (23)
  2. Windows 7: Leerlauf Scan im BitDefender wird immer wieder ausgeschaltet und Browser Startseite "google" wird geändert
    Log-Analyse und Auswertung - 20.05.2014 (13)
  3. http://rvzr-a.akamaihd.net/ erscheint immer in Google Chrome
    Log-Analyse und Auswertung - 20.11.2013 (11)
  4. 2x Windows 7: Webseiten werden nach Google Suche auf kommerzielle Seiten umgeleitet
    Mülltonne - 17.08.2013 (1)
  5. Google-Suche wird umgeleitet
    Log-Analyse und Auswertung - 11.08.2013 (15)
  6. Werde ständig umgeleitet zu dubiosen Seiten bei Google-Suche
    Log-Analyse und Auswertung - 19.02.2013 (45)
  7. Google-Suche wird umgeleitet auf rocketnews
    Plagegeister aller Art und deren Bekämpfung - 23.06.2012 (16)
  8. Google wird umgeleitet, Browser extrem langsam, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 27.05.2012 (7)
  9. Win 7, IE, Google Suche wird umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (19)
  10. Google-Suche wird auf "Hooot.com" umgeleitet
    Log-Analyse und Auswertung - 23.01.2012 (23)
  11. google suche wird Umgeleitet
    Log-Analyse und Auswertung - 30.04.2011 (1)
  12. Google Suche - Seiten werden umgeleitet Security Tool
    Log-Analyse und Auswertung - 29.11.2010 (17)
  13. Rootkit eingefangen, Google-Suche wird umgeleitet!
    Plagegeister aller Art und deren Bekämpfung - 18.01.2010 (3)
  14. Google suche: Links werden auf Werbeseiten umgeleitet
    Log-Analyse und Auswertung - 03.12.2009 (4)
  15. Opera Hijacked|Google Suche wird umgeleitet
    Log-Analyse und Auswertung - 12.02.2009 (0)
  16. Ich werde immer von google umgeleitet auf abcjump oder go.google usw.
    Mülltonne - 27.11.2008 (0)
  17. Explorer/Google wird immer umgeleitet,brauche Rat
    Plagegeister aller Art und deren Bekämpfung - 06.12.2006 (3)

Zum Thema Browser hat immer script akamaihd.net, Google Suche wird umgeleitet - Hallo Liebes Trojaner-Board Team, ich habe leider seit einigen Tagen akamaihd.net in meinem Browser (Chrome) und das mittlerweile durch NotScript geblockt. Gestern habe ich den dummen Fehler gemacht ein angebliche - Browser hat immer script akamaihd.net, Google Suche wird umgeleitet...
Archiv
Du betrachtest: Browser hat immer script akamaihd.net, Google Suche wird umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.