Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Feed.Helperbar Redirect Suchmaschine

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.02.2013, 11:51   #1
luckyluked
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Guten Tag,

vor kurzem ist mir aufgefallen, das mein Browser mich auf eine Yahoosuchseite umleitet, habe leider die konkrete URL nicht mehr da ich das redirecting schon behoben habe. Trotzdem bin ich mir ziemlich sicher das mein System noch nicht ganz sauber ist. Habe bereits mit Malwarebytes und etlichen anderen Antiviren/Rootkit/ - Scannern mein System checken lassen und es wurde soweit nicht mehr gefunden. Ich würde trotzdem gerne die Logfiles posten um zu gucken ob letzen endes doch noch etwas übrig geblieben ist und ob ich eventuell einfach formatieren sollte oder obs so noch zu retten ist. In den Logfiles habe ich bereits Einträge zur Feed.Helper Bar gefunden.

//Der Code der Gmer.txt hat leider nicht mehr gepasst und befindet sich im Anhang.

mit freundlichen Grüßen
OTL:


Code:
ATTFilter
OTL logfile created on: 14.02.2013 11:54:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,76% Memory free
8,00 Gb Paging File | 5,24 Gb Available in Paging File | 65,49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 213,16 Gb Free Space | 71,53% Space Free | Partition Type: NTFS
 
Computer Name: Mustermann| User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.14 11:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
PRC - [2013.02.11 14:35:12 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 20:49:08 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.19 11:29:46 | 000,076,128 | ---- | M] (TuneUp Software) -- C:\Users\Mustermann\AppData\Local\Temp\TUUUninstallHelper.exe
PRC - [2011.04.13 10:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
PRC - [2011.03.21 20:01:46 | 000,233,984 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
PRC - [2011.03.10 12:04:08 | 000,231,936 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
PRC - [2011.03.10 10:25:06 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Abyssus\razerofa.exe
PRC - [2011.03.10 10:24:32 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe
PRC - [2011.03.01 13:34:30 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\vdDaemon.exe
PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.11.27 11:04:44 | 000,278,528 | ---- | M] () -- C:\ProgrammeLuki\WNA\WifiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.12 20:20:34 | 012,638,576 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013.02.11 14:35:24 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL.dll
MOD - [2013.02.11 14:35:09 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.02.11 14:35:02 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013.02.11 14:35:02 | 000,969,640 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.02.11 14:35:02 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013.02.11 14:35:02 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.04.13 10:46:28 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Lycosa\razertra.exe
MOD - [2011.03.10 12:04:08 | 000,231,936 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razerhid.exe
MOD - [2011.03.10 10:24:32 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\razertra.exe
MOD - [2011.03.01 13:34:30 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\Razer\Abyssus\vdDaemon.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.11 14:35:12 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.01 20:34:38 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.10.01 20:34:38 | 000,178,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.11.02 22:45:58 | 001,030,600 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.27 11:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\ProgrammeLuki\WNA\WifiSvc.exe -- (WSWNA1100)
SRV - [2009.11.05 15:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\ProgrammeLuki\WNA\jswpsapi.exe -- (jswpsapi)
SRV - [2009.09.08 10:51:24 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.10.14 11:56:43 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2012.08.30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.06 19:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011.07.20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.30 23:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.09.08 10:01:28 | 000,028,928 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.10 14:50:18 | 000,014,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2009.11.10 02:04:00 | 001,827,328 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009.10.30 09:53:50 | 000,010,880 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Abyssus.sys -- (Abyssus)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.11 03:15:22 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008.05.15 01:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007.01.19 17:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.09.27 13:20:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C6 65 89 16 16 D3 CD 01  [binary data]
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=ds&fr=linkury-tb&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2011.10.07 20:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions
[2011.06.27 09:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.07 20:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2013.02.11 20:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\mctkyjev.default\extensions
[2013.02.11 14:22:12 | 000,002,428 | ---- | M] () -- C:\Users\Mustermann\AppData\Roaming\mozilla\firefox\profiles\mctkyjev.default\searchplugins\Web Search.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=hp&fr=linkury-tb
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=bf88908e-d923-4176-ba45-94a88a3486d6&searchtype=hp&fr=linkury-tb
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mustermann\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Adblock Plus = C:\Users\MustermannAppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: AdBlock = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: avast! WebRep = C:\Users\Mustermann\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
 
O1 HOSTS File: ([2013.02.11 21:08:48 | 000,000,734 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - No CLSID value found.
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Abyssus] C:\Program Files (x86)\Razer\Abyssus\razerhid.exe ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Lycosa] C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42F03EE1-F9F6-4D87-BA10-7DC50F7083FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.10.14 11:44:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{85652147-5110-11e2-a566-00241d5c206d}\Shell - "" = AutoRun
O33 - MountPoints2\{85652147-5110-11e2-a566-00241d5c206d}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.14 11:51:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2013.02.13 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.02.13 15:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.13 15:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.02.13 15:42:39 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.02.13 15:42:39 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.02.13 15:42:38 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.02.13 15:42:37 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.02.13 15:42:36 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.02.13 15:42:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.02.13 15:42:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.02.13 15:41:57 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.02.13 15:41:56 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013.02.13 15:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.02.13 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.02.13 12:32:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 12:32:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 12:32:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 12:32:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 12:32:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 12:32:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 12:32:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.13 12:32:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.13 12:32:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.13 12:32:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.13 12:32:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.13 12:32:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 12:32:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.13 12:32:44 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.13 12:32:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:33:32 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Adobe
[2013.02.13 10:32:54 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 10:32:51 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 10:32:50 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 10:32:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 10:32:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 10:32:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 10:32:37 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 10:32:37 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 10:32:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 10:32:31 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.11 21:35:57 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Macromedia
[2013.02.11 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\ATI
[2013.02.11 21:28:16 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\VirtualStore
[2013.02.11 21:19:43 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\Malwarebytes
[2013.02.11 21:18:19 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Local\Programs
[2013.02.11 21:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2013.02.11 20:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.02.11 20:53:49 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.02.11 15:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.11 14:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.11 14:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.11 14:37:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.11 14:30:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.11 14:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.11 14:30:27 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.02.11 14:30:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.11 14:30:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.11 14:30:26 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.11 14:30:26 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.11 14:30:23 | 002,743,440 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.02.11 14:30:23 | 001,561,744 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.02.11 14:30:23 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.02.11 14:30:22 | 003,671,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.02.11 14:30:22 | 000,881,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.02.11 14:30:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.02.11 14:30:22 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.02.11 14:30:21 | 001,269,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.02.11 14:30:21 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.11 14:30:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.11 14:30:21 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.11 14:30:21 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.11 14:30:21 | 000,116,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.02.11 14:30:21 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.11 14:30:21 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.11 14:30:16 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013.02.11 14:30:16 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013.02.11 14:30:16 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013.02.11 14:30:16 | 000,065,112 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBppld64.dll
[2013.02.11 14:30:16 | 000,060,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBPPCn64.dll
[2013.02.11 14:30:15 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.02.11 14:30:15 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.11 14:30:14 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.11 14:30:12 | 002,703,456 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.11 14:30:11 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.02.11 14:30:10 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.02.11 14:30:10 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.02.11 14:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.02.11 14:30:08 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.02.11 14:23:46 | 000,000,000 | ---D | C] -- C:\Intel
[2013.02.11 14:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2013.02.11 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\Mustermann\AppData\Roaming\OpenCandy
[2013.02.11 14:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.14 11:52:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.14 11:51:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mustermann\Desktop\OTL.exe
[2013.02.14 11:50:50 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 11:50:50 | 000,026,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.14 11:44:29 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.14 11:42:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.14 11:42:45 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 01:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1276361010-833485166-2124046245-1000UA.job
[2013.02.13 15:42:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.02.13 13:30:43 | 000,542,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 12:06:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1276361010-833485166-2124046245-1000Core.job
[2013.02.11 21:26:02 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2013.02.11 21:08:48 | 000,000,734 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.11 20:53:57 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.11 20:53:57 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.11 20:53:57 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.11 14:19:20 | 000,002,361 | ---- | M] () -- C:\Users\Mustermann\Desktop\Google Chrome.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.13 15:42:48 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.13 15:42:47 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.13 15:42:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.02.12 11:47:29 | 000,542,872 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.11 21:26:02 | 000,000,264 | ---- | C] () -- C:\Windows\tasks\elbyExecuteWithUAC.job
[2013.02.11 20:53:57 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.02.11 20:53:57 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.02.11 20:53:57 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.02.11 20:53:53 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.02.11 14:30:21 | 000,369,117 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.12.12 20:36:55 | 000,006,148 | -H-- | C] () -- C:\Users\Mustermann\.DS_Store
[2012.09.13 22:25:16 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.07.03 12:19:56 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2012.03.09 05:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 05:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.20 17:37:46 | 000,170,062 | ---- | C] () -- C:\Windows\hpwins26.dat
[2011.10.20 17:37:46 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.07 11:01:01 | 001,621,364 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.27 06:53:23 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp
[2011.06.26 12:50:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\Mustermann\.DS_Store:AFP_AfpInfo

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 14.02.2013 11:54:21 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\
Mustermann\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,76% Memory free
8,00 Gb Paging File | 5,24 Gb Available in Paging File | 65,49% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 213,16 Gb Free Space | 71,53% Space Free | Partition Type: NTFS
 
Computer Name: Mustermann | User Name: Mustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0734D9B2-7323-40BE-A238-58B9FAAC9A93}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{087DCDCE-B7F2-409E-AEEF-6F9E7E9DCBB4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{104FB648-0968-40D4-95EE-BBC01A2B6230}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{135C2016-8C61-4694-8A5A-82C2F1A54C65}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{1365A46A-5567-4DBC-A73C-7EF81F2AB77D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{29C558F7-F383-4DF6-AE1F-7FAC0DF46E78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2E208AB2-A9A3-4F7B-856E-A5508234B5A4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3558A83E-FF55-426B-892C-DCD177BAACAE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{379D902F-EDC2-4168-B62E-C59ACEF3DC5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4461ECF3-7431-4FA7-81B3-A3A9EBA377AC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51D821D3-C334-4B6F-9421-8EDB7887FA34}" = rport=137 | protocol=17 | dir=out | app=system | 
"{56A0CB9B-CDD1-46DE-9DE9-00D8DED35A69}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61D594B3-E244-4CA5-848C-A88C71A844FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{645F8232-004B-4EC5-9F4E-0AB392205BB6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{65886C65-E235-4B2D-BC42-AE85185DC3BB}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{6D183D23-F38D-4ED7-B7D8-B7F2113FA435}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{736EC6F9-214C-49A4-AA86-89AD5C86576A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{75BB7A55-4030-4FFF-AB06-6C6FB6E0002A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A95DDBC-1A8D-4AC3-B4BD-9573CC3253EF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{7D980BD3-396B-4E57-A220-4DDC2702D19E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{83D10DA0-4848-4624-85E8-46BD6BF2A3A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8504B06B-7F21-4D82-9FA2-277B20A632B1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8B0212E9-06E0-4008-8E1E-9FFD1CC8FC8E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{90773948-B10E-4C0D-9B72-F5ADCA1AF967}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96819F59-C7DF-4512-8F17-030D107CC2E5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3E86048-2F48-4D5E-88C9-57AC871CFF3A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A6FCF866-32AA-4D8D-9287-5A7B7B3F82EE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B8D21E90-D308-4F5C-BEC8-CEF9B92ABC60}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CA2CCEB6-2861-4EB1-BA21-EBF882E6262E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D0911305-C3FF-4602-9542-28B44AC7D5C4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D6C7E75C-6611-48F4-894C-B3AFD6EBEDC2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{D918EFEE-56B4-4313-9181-FA4AF5632BAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DF90FF5F-D5D6-437F-82F0-30CDAC0E0D74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EA11E8B3-F664-4773-BAD0-A0443DD8BB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1DD19B7-3DF2-411B-8718-9D20D06D6AE9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB04ECF8-56DC-458E-8A8F-8173EED56C2F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FF8ECA5A-B60A-43DD-97C9-1072CB87D1E1}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059F1C07-61B7-46F5-9EB8-49FB32919926}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0639D448-8CB8-4C0D-9FC0-B4ED5D17B690}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{06A2E27E-0769-4136-A3FE-4734C11BFDB4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{0AB99351-0644-4222-91E8-DEE6486FA388}" = dir=in | app=c:\hppackard\oj4500vg510g-m_basic_13\setup\hpznui40.exe | 
"{0E45083B-9D53-40F9-9C86-38D64D542322}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{10A99C01-47C4-4E27-AB5E-19AB02F0114D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{117D3869-8EF6-4F72-9B10-D177055BB194}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{1A61C7A3-36F6-471F-A1AF-12A2C42037F5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1F06A9F7-610C-4DE3-9E25-8A464DCA948A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{210B7E5D-5387-4377-8C03-2DB122F6B288}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{26C12997-C131-4BA9-9859-F92EA53338C6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2BA53A37-8EC5-4801-9A25-716F1E269EBE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C1D0511-DB0B-4722-BCC3-363890C5E0CB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3B06EAA4-7536-4F1F-B8BC-2E6CCC795921}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3B6729B0-7CDE-4141-877C-FCD672E24451}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F1BC2DE-5E87-481D-943B-C53BFE4C3D0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{420AE9D9-A600-48C5-94BD-3E8C79B7237A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{445E1B8E-CCA2-4772-A5D0-9ABAF18D185D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{464B3D83-2A53-4EE6-9518-B4FEA172BEB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{471F9DCB-1CFB-4685-97BE-A912F468A1B2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{4798FAF5-5E8B-406B-AB08-90B29206E1B6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{49BC2032-2F07-4158-A74E-F879D739A505}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{4DAB88CA-5298-4483-8C0F-AFC77A21B284}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5176ED89-398F-436F-81D2-5DA688039F10}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{53826E8F-C7DE-4B1A-9298-F6FAB81B6244}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{54D16401-CB44-4439-80D8-2C270A3F19B3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{62F5B9FC-3D33-4908-8D82-4449BB1F6392}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{648B0AE7-96D0-426C-A8D5-3228C229A892}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67A6D058-ED9B-48DD-962B-592124BF7E9E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{6995868D-8F18-4BCE-8606-F288316B82D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{72F132BF-BE37-4F8C-B511-1F48296E7C16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{74C92EDA-2C1F-4665-A9B6-CFEB0F373E97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{765035D7-A149-46B8-8208-3300013EF9EE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7755759A-CE9A-4C81-809F-3ACADC3377BB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{79124B9F-8204-48BC-B2D1-E92FBC7D20BF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7992414B-75A9-4561-9FAC-BE96F8C8CF82}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{7D358173-9F5A-4A8F-BDF8-1507E889BC65}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{7E89F77F-FD5D-4AE5-A9D1-2A1BF924EEB8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7FC484E1-AE0D-4E34-A015-8E24740A11D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{80AF26E8-50F2-4AAF-A5E1-6A5F1753E01B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{818D5140-CFC3-4EC3-8556-0F282743A6D2}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{83C71CD5-EB37-4115-B4E7-CB5FBCC3C3C7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{86AB4A12-D0C6-411D-B075-EC9D08264B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{882F1DA6-7B1A-4A0B-9D58-827E2A2E1BE1}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8ED3DC9C-D938-476F-8C19-74A57AFA8287}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{904B373C-964E-4B17-BA38-F1F6E29D11D3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{91C05AE1-C1DE-4C0B-BD6F-FEC2F0FD18B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{949F10A4-619F-4AEC-BE01-33C094FC7AE3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{9C12CBFA-9EC2-41CF-98B0-4D4D7B431F65}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A39A9733-49DB-4E04-8435-3A53262410A3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{AA809119-6D8C-4D38-BD8D-B96D61AB4003}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AB5CE35C-D891-4807-91D8-951C0EE430D4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AB8EEB5D-EFD8-4390-97D6-DC3F718DF2B1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{AE5DBB32-742A-4DDE-AB49-2BEE0F6295E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{AE69C922-3082-46E6-B37E-8975940561C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AFD75F14-4861-4CD6-8615-8A2269665FE6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{B0CE2196-10A4-4786-AC68-01728C3457DA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C6D4DB42-B13F-4721-9FB9-A4BCC3B995C4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D13DB6D8-2BA7-464B-958B-BCAED013AE27}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D1B841F6-39CF-4A1D-A070-789A0105F00A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D73BA8A4-3166-4F10-B2AE-22AD8A7D9882}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE672E4A-F22E-4014-AA21-3E99D25103C8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{DE7BC6C4-F26D-4123-BB5C-06185655C69D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E1964228-10C6-42AC-B2FD-5127EC763DA4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2C4C8BF-B18B-4AC2-B905-EE984A1DB86E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E2EE78BE-7E55-4B9C-AE50-C29441777193}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E50CB41F-DF8D-41EE-84F3-73E1E641DD6B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{E64842E6-E4D0-499E-A9CB-60E237EDAD81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E66137FC-2292-4400-9160-6FC24EED982A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{EA810807-17CB-4533-913B-2AA1372302B8}" = protocol=6 | dir=out | app=system | 
"{ED9F2D27-0C57-4E84-9D15-E6443ED3BECE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F13EEEA7-ABD7-469B-AA44-9145D4567EA9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{F255906B-469B-41E5-9B51-510C2E7277D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F8B88BE4-B80E-4F68-9BCE-FF0430A2A4E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{2927052A-2DE1-4714-8F5A-62E93AE7B137}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
"TCP Query User{AFE714A1-D4E6-4D0D-B2FB-1DCA6E67081C}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe | 
"UDP Query User{24239850-EA67-4F20-96DB-635A608DAFB6}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe | 
"UDP Query User{88890581-B45F-43E3-9456-97CB632F1B90}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5783F2D7-8001-0407-0102-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{B38968E0-778F-47C3-8781-BAD4E497801C}" = HP Officejet 4500 G510g-m
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D77162FE-B7B2-8E1E-D80D-89DE6217DF13}" = AMD Drag and Drop Transcoding
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{28379381-B56A-43e1-B505-3098D82B1C30}" = 4500G510gm_Software_Min
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{38676C9C-270F-43D1-926A-E45DE8820A6B}" = BlackBerry Device Software Updater
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7E7A5A7D-1045-4075-9808-60C0DE69D38A}" = 4500G510gm_web
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD6B23A-B54F-476A-9527-C262F469CACF}" = Razer Abyssus
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}" = 4500_G510gm_Help_Web
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"foobar2000" = foobar2000 v1.1.18
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"PokerStars" = PokerStars
"Steam App 570" = Dota 2
"TuneUp Utilities 2013" = TuneUp Utilities 2013
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1276361010-833485166-2124046245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 10:41:45 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description = 
 
Error - 13.02.2013 10:41:45 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description = 
 
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = VSS | ID = 13
Description = 
 
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description = 
 
Error - 13.02.2013 12:09:21 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description = 
 
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = VSS | ID = 13
Description = 
 
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description = 
 
Error - 13.02.2013 16:59:16 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description = 
 
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = VSS | ID = 13
Description = 
 
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = VSS | ID = 8193
Description = 
 
Error - 13.02.2013 20:11:15 | Computer Name = Mustermann | Source = System Restore | ID = 8193
Description = 
 
[ System Events ]
Error - 13.02.2013 16:50:32 | Computer Name = Mustermann | Source = DCOM | ID = 10010
Description = 
 
Error - 13.02.2013 20:11:25 | Computer Name = Mustermann | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008
 Service Pack 1 Redistributable Package (KB2538243)
 
Error - 13.02.2013 20:11:46 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 13.02.2013 20:11:46 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 14.02.2013 06:43:16 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 14.02.2013 06:43:34 | Computer Name = Mustermann | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 14.02.2013 06:43:41 | Computer Name = Mustermann | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 14.02.2013 06:43:48 | Computer Name = Mustermann| Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 14.02.2013 06:43:52 | Computer Name = Mustermann| Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
Error - 14.02.2013 06:45:07 | Computer Name = Mustermann | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Danke für Ihre Mühen.

Alt 14.02.2013, 12:43   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

"{5783F2D7-8001-0407-0102-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Warum AutoCAD Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 14.02.2013, 12:56   #3
luckyluked
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Hi Cosinus,
Studiere Bauing und konstruiere viel in CAD, Student Version wird ja angeboten warum also nicht? bzw. wurd uns sogar geraten von unserem Prof.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.14.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mustermann :: MUSTERMANN [Administrator]

14.02.2013 13:48:16
mbam-log-2013-02-14 (13-48-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 230924
Laufzeit: 5 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
//edit hatte den Teil mit neuen überlesen, jedoch war beim ersten Malwarescan auch keine funde vorhanden
__________________

Geändert von luckyluked (14.02.2013 um 13:04 Uhr)

Alt 14.02.2013, 12:58   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Zitat:
Student Version wird ja angeboten warum also nicht?
Es geht darum, dass ich klären muss ob es ein gewerblicher Rechner ist oder privat. Denn gewerbliche Rechner bereinigen wir hier i.A. nicht, dass muss der verantwortliche Sysadmin machen.

aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.02.2013, 13:13   #5
luckyluked
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Hi Cosinus,

ja das macht Sinn .
ADW:

Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 14/02/2013 um 13:00:11 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mustermann - MUSTERMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSTIOH2\adwcleaner0.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Users\Mustermann\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mustermann\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gefunden : HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-1276361010-833485166-2124046245-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [2489 octets] - [14/02/2013 13:00:11]

########## EOF - C:\AdwCleaner[R1].txt - [2549 octets] ##########
         
Code:
ATTFilter
# AdwCleaner v2.112 - Datei am 14/02/2013 um 13:00:32 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Mustermann - MUSTERMANN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mustermann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSTIOH2\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Mustermann\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mustermann\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [2610 octets] - [14/02/2013 13:00:11]
AdwCleaner[S1].txt - [2229 octets] - [14/02/2013 13:00:32]

########## EOF - C:\AdwCleaner[S1].txt - [2289 octets] ##########
         
Kaspersky:

Code:
ATTFilter
14:09:39.0817 8280  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:09:40.0011 8280  ============================================================
14:09:40.0011 8280  Current date / time: 2013/02/14 14:09:40.0011
14:09:40.0011 8280  SystemInfo:
14:09:40.0011 8280  
14:09:40.0011 8280  OS Version: 6.1.7601 ServicePack: 1.0
14:09:40.0011 8280  Product type: Workstation
14:09:40.0011 8280  ComputerName: MUSTERMANN
14:09:40.0011 8280  UserName: Mustermann
14:09:40.0011 8280  Windows directory: C:\Windows
14:09:40.0011 8280  System windows directory: C:\Windows
14:09:40.0012 8280  Running under WOW64
14:09:40.0012 8280  Processor architecture: Intel x64
14:09:40.0012 8280  Number of processors: 2
14:09:40.0012 8280  Page size: 0x1000
14:09:40.0012 8280  Boot type: Normal boot
14:09:40.0012 8280  ============================================================
14:09:41.0306 8280  Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:09:41.0316 8280  ============================================================
14:09:41.0316 8280  \Device\Harddisk0\DR0:
14:09:41.0316 8280  MBR partitions:
14:09:41.0316 8280  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:09:41.0316 8280  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB000
14:09:41.0316 8280  ============================================================
14:09:41.0339 8280  C: <-> \Device\Harddisk0\DR0\Partition2
14:09:41.0339 8280  ============================================================
14:09:41.0339 8280  Initialize success
14:09:41.0339 8280  ============================================================
14:09:42.0383 8372  ============================================================
14:09:42.0383 8372  Scan started
14:09:42.0383 8372  Mode: Manual; 
14:09:42.0383 8372  ============================================================
14:09:43.0334 8372  ================ Scan system memory ========================
14:09:43.0334 8372  System memory - ok
14:09:43.0335 8372  ================ Scan services =============================
14:09:43.0552 8372  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:09:43.0630 8372  1394ohci - ok
14:09:43.0666 8372  [ CDF91E688D456B9702B2EA72C85F840C ] Abyssus         C:\Windows\system32\drivers\Abyssus.sys
14:09:43.0667 8372  Abyssus - ok
14:09:43.0697 8372  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:09:43.0700 8372  ACPI - ok
14:09:43.0712 8372  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:09:43.0713 8372  AcpiPmi - ok
14:09:43.0800 8372  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:09:43.0802 8372  AdobeARMservice - ok
14:09:43.0833 8372  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:09:43.0839 8372  adp94xx - ok
14:09:43.0853 8372  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:09:43.0858 8372  adpahci - ok
14:09:43.0874 8372  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:09:43.0876 8372  adpu320 - ok
14:09:43.0892 8372  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:09:43.0893 8372  AeLookupSvc - ok
14:09:43.0929 8372  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
14:09:43.0938 8372  AFD - ok
14:09:43.0959 8372  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:09:43.0961 8372  agp440 - ok
14:09:43.0970 8372  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
14:09:43.0971 8372  ALG - ok
14:09:43.0981 8372  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:09:43.0982 8372  aliide - ok
14:09:44.0017 8372  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:09:44.0020 8372  AMD External Events Utility - ok
14:09:44.0038 8372  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:09:44.0039 8372  amdide - ok
14:09:44.0059 8372  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:09:44.0061 8372  AmdK8 - ok
14:09:44.0741 8372  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:44.0905 8372  amdkmdag - ok
14:09:44.0925 8372  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:09:44.0928 8372  amdkmdap - ok
14:09:44.0949 8372  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:09:44.0951 8372  AmdPPM - ok
14:09:44.0980 8372  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:09:44.0982 8372  amdsata - ok
14:09:45.0034 8372  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:09:45.0036 8372  amdsbs - ok
14:09:45.0049 8372  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:09:45.0051 8372  amdxata - ok
14:09:45.0081 8372  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
14:09:45.0082 8372  AppID - ok
14:09:45.0098 8372  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:09:45.0100 8372  AppIDSvc - ok
14:09:45.0116 8372  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
14:09:45.0118 8372  Appinfo - ok
14:09:45.0164 8372  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:09:45.0190 8372  AppMgmt - ok
14:09:45.0244 8372  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:09:45.0265 8372  arc - ok
14:09:45.0269 8372  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:09:45.0271 8372  arcsas - ok
14:09:45.0374 8372  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:09:45.0375 8372  aspnet_state - ok
14:09:45.0412 8372  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
14:09:45.0413 8372  aswFsBlk - ok
14:09:45.0490 8372  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
14:09:45.0492 8372  aswMonFlt - ok
14:09:45.0517 8372  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
14:09:45.0518 8372  aswRdr - ok
14:09:45.0572 8372  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
14:09:45.0587 8372  aswSnx - ok
14:09:45.0616 8372  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
14:09:45.0620 8372  aswSP - ok
14:09:45.0641 8372  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
14:09:45.0643 8372  aswTdi - ok
14:09:45.0687 8372  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:09:45.0688 8372  AsyncMac - ok
14:09:45.0705 8372  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
14:09:45.0705 8372  atapi - ok
14:09:45.0778 8372  [ C579174DAF19E9330C31C95DF1471380 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
14:09:45.0794 8372  athur - ok
14:09:46.0026 8372  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:09:46.0074 8372  atikmdag - ok
14:09:46.0132 8372  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:09:46.0139 8372  AudioEndpointBuilder - ok
14:09:46.0147 8372  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:09:46.0150 8372  AudioSrv - ok
14:09:46.0277 8372  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:09:46.0278 8372  avast! Antivirus - ok
14:09:46.0329 8372  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:09:46.0331 8372  AxInstSV - ok
14:09:46.0367 8372  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
14:09:46.0377 8372  b06bdrv - ok
14:09:46.0406 8372  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:09:46.0410 8372  b57nd60a - ok
14:09:46.0484 8372  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:09:46.0486 8372  BDESVC - ok
14:09:46.0499 8372  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:09:46.0500 8372  Beep - ok
14:09:46.0557 8372  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
14:09:46.0565 8372  BFE - ok
14:09:46.0618 8372  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
14:09:46.0638 8372  BITS - ok
14:09:46.0651 8372  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:09:46.0652 8372  blbdrive - ok
14:09:46.0697 8372  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:09:46.0702 8372  Bonjour Service - ok
14:09:46.0726 8372  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:09:46.0728 8372  bowser - ok
14:09:46.0754 8372  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:09:46.0756 8372  BrFiltLo - ok
14:09:46.0791 8372  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:09:46.0792 8372  BrFiltUp - ok
14:09:46.0817 8372  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:09:46.0819 8372  BridgeMP - ok
14:09:46.0838 8372  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
14:09:46.0840 8372  Browser - ok
14:09:46.0851 8372  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:09:46.0855 8372  Brserid - ok
14:09:46.0877 8372  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:09:46.0879 8372  BrSerWdm - ok
14:09:46.0887 8372  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:09:46.0888 8372  BrUsbMdm - ok
14:09:46.0905 8372  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:09:46.0907 8372  BrUsbSer - ok
14:09:46.0931 8372  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:09:46.0933 8372  BTHMODEM - ok
14:09:46.0966 8372  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
14:09:46.0968 8372  bthserv - ok
14:09:46.0984 8372  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:09:46.0986 8372  cdfs - ok
14:09:47.0038 8372  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:09:47.0041 8372  cdrom - ok
14:09:47.0081 8372  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
14:09:47.0082 8372  CertPropSvc - ok
14:09:47.0096 8372  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:09:47.0098 8372  circlass - ok
14:09:47.0125 8372  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
14:09:47.0129 8372  CLFS - ok
14:09:47.0199 8372  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:09:47.0201 8372  clr_optimization_v2.0.50727_32 - ok
14:09:47.0243 8372  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:09:47.0246 8372  clr_optimization_v2.0.50727_64 - ok
14:09:47.0330 8372  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:09:47.0332 8372  clr_optimization_v4.0.30319_32 - ok
14:09:47.0346 8372  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:09:47.0376 8372  clr_optimization_v4.0.30319_64 - ok
14:09:47.0400 8372  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:09:47.0401 8372  CmBatt - ok
14:09:47.0419 8372  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:09:47.0420 8372  cmdide - ok
14:09:47.0467 8372  [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser      C:\Windows\system32\DRIVERS\cmnsusbser.sys
14:09:47.0469 8372  cmnsusbser - ok
14:09:47.0502 8372  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
14:09:47.0508 8372  CNG - ok
14:09:47.0522 8372  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:09:47.0524 8372  Compbatt - ok
14:09:47.0568 8372  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:09:47.0569 8372  CompositeBus - ok
14:09:47.0587 8372  COMSysApp - ok
14:09:47.0613 8372  [ 44622785D2D2DD8B13E6DC969B6E34A4 ] copperhd        C:\Windows\system32\drivers\copperhd.sys
14:09:47.0622 8372  copperhd - ok
14:09:47.0630 8372  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:09:47.0632 8372  crcdisk - ok
14:09:47.0676 8372  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:09:47.0679 8372  CryptSvc - ok
14:09:47.0747 8372  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
14:09:47.0752 8372  CSC - ok
14:09:47.0769 8372  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
14:09:47.0776 8372  CscService - ok
14:09:47.0792 8372  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
14:09:47.0793 8372  CVirtA - ok
14:09:47.0850 8372  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:09:47.0857 8372  DcomLaunch - ok
14:09:47.0876 8372  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
14:09:47.0880 8372  defragsvc - ok
14:09:47.0893 8372  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:09:47.0895 8372  DfsC - ok
14:09:47.0994 8372  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:09:47.0998 8372  Dhcp - ok
14:09:48.0003 8372  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
14:09:48.0005 8372  discache - ok
14:09:48.0021 8372  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:09:48.0023 8372  Disk - ok
14:09:48.0062 8372  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
14:09:48.0064 8372  DNE - ok
14:09:48.0114 8372  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:09:48.0117 8372  Dnscache - ok
14:09:48.0148 8372  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:09:48.0152 8372  dot3svc - ok
14:09:48.0185 8372  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
14:09:48.0187 8372  Dot4 - ok
14:09:48.0222 8372  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
14:09:48.0223 8372  Dot4Print - ok
14:09:48.0239 8372  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
14:09:48.0241 8372  dot4usb - ok
14:09:48.0264 8372  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
14:09:48.0266 8372  DPS - ok
14:09:48.0317 8372  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:09:48.0318 8372  drmkaud - ok
14:09:48.0361 8372  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:09:48.0371 8372  DXGKrnl - ok
14:09:48.0399 8372  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
14:09:48.0402 8372  EapHost - ok
14:09:48.0535 8372  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
14:09:48.0566 8372  ebdrv - ok
14:09:48.0604 8372  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
14:09:48.0606 8372  EFS - ok
14:09:48.0651 8372  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:09:48.0659 8372  ehRecvr - ok
14:09:48.0676 8372  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
14:09:48.0678 8372  ehSched - ok
14:09:48.0798 8372  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:09:48.0804 8372  elxstor - ok
14:09:48.0870 8372  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:09:48.0872 8372  ErrDev - ok
14:09:48.0901 8372  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
14:09:48.0906 8372  EventSystem - ok
14:09:48.0923 8372  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
14:09:48.0926 8372  exfat - ok
14:09:48.0949 8372  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:09:48.0951 8372  fastfat - ok
14:09:48.0994 8372  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
14:09:49.0002 8372  Fax - ok
14:09:49.0012 8372  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:09:49.0014 8372  fdc - ok
14:09:49.0036 8372  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
14:09:49.0037 8372  fdPHost - ok
14:09:49.0049 8372  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:09:49.0051 8372  FDResPub - ok
14:09:49.0060 8372  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:09:49.0061 8372  FileInfo - ok
14:09:49.0080 8372  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:09:49.0081 8372  Filetrace - ok
14:09:49.0150 8372  [ 259DC094E2D3F08654C8FB73D8ECC0F5 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:09:49.0160 8372  FLEXnet Licensing Service 64 - ok
14:09:49.0172 8372  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:09:49.0173 8372  flpydisk - ok
14:09:49.0183 8372  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:09:49.0189 8372  FltMgr - ok
14:09:49.0292 8372  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
14:09:49.0303 8372  FontCache - ok
14:09:49.0342 8372  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:09:49.0343 8372  FontCache3.0.0.0 - ok
14:09:49.0353 8372  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:09:49.0355 8372  FsDepends - ok
14:09:49.0376 8372  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:09:49.0378 8372  Fs_Rec - ok
14:09:49.0398 8372  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:09:49.0401 8372  fvevol - ok
14:09:49.0409 8372  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:09:49.0411 8372  gagp30kx - ok
14:09:49.0457 8372  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
14:09:49.0458 8372  gdrv - ok
14:09:49.0496 8372  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
14:09:49.0504 8372  gpsvc - ok
14:09:49.0572 8372  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:49.0574 8372  gupdate - ok
14:09:49.0582 8372  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:09:49.0582 8372  gupdatem - ok
14:09:49.0598 8372  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:09:49.0600 8372  hcw85cir - ok
14:09:49.0633 8372  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:09:49.0647 8372  HdAudAddService - ok
14:09:49.0695 8372  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:09:49.0696 8372  HDAudBus - ok
14:09:49.0713 8372  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:09:49.0715 8372  HidBatt - ok
14:09:49.0728 8372  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:09:49.0730 8372  HidBth - ok
14:09:49.0740 8372  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:09:49.0742 8372  HidIr - ok
14:09:49.0759 8372  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
14:09:49.0761 8372  hidserv - ok
14:09:49.0786 8372  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:09:49.0787 8372  HidUsb - ok
14:09:49.0841 8372  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:09:49.0844 8372  hkmsvc - ok
14:09:49.0922 8372  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:09:49.0926 8372  HomeGroupListener - ok
14:09:49.0950 8372  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:09:49.0954 8372  HomeGroupProvider - ok
14:09:49.0966 8372  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:09:49.0968 8372  HpSAMD - ok
14:09:50.0090 8372  [ 4F6C514B6149E380B8C1EDEAC3D7AEC5 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:09:50.0101 8372  HPSLPSVC - ok
14:09:50.0130 8372  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:09:50.0139 8372  HTTP - ok
14:09:50.0149 8372  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:09:50.0151 8372  hwpolicy - ok
14:09:50.0174 8372  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:09:50.0176 8372  i8042prt - ok
14:09:50.0210 8372  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:09:50.0215 8372  iaStorV - ok
14:09:50.0254 8372  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:09:50.0263 8372  idsvc - ok
14:09:50.0717 8372  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:09:50.0773 8372  igfx - ok
14:09:50.0815 8372  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:09:50.0817 8372  iirsp - ok
14:09:50.0851 8372  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:09:50.0860 8372  IKEEXT - ok
14:09:50.0976 8372  [ 7A93DBF7DD86A28C0B941F4D39B85A0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:09:51.0033 8372  IntcAzAudAddService - ok
14:09:51.0054 8372  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
14:09:51.0055 8372  intelide - ok
14:09:51.0114 8372  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:09:51.0115 8372  intelppm - ok
14:09:51.0146 8372  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:09:51.0149 8372  IPBusEnum - ok
14:09:51.0168 8372  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:09:51.0170 8372  IpFilterDriver - ok
14:09:51.0198 8372  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:09:51.0204 8372  iphlpsvc - ok
14:09:51.0286 8372  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:09:51.0288 8372  IPMIDRV - ok
14:09:51.0302 8372  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:09:51.0304 8372  IPNAT - ok
14:09:51.0319 8372  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:09:51.0320 8372  IRENUM - ok
14:09:51.0329 8372  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:09:51.0330 8372  isapnp - ok
14:09:51.0361 8372  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:09:51.0365 8372  iScsiPrt - ok
14:09:51.0464 8372  [ 81534359F525F7C02B2B56B2653BD779 ] jswpsapi        C:\ProgrammeLuki\WNA\jswpsapi.exe
14:09:51.0476 8372  jswpsapi - ok
14:09:51.0494 8372  [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF        C:\Windows\system32\DRIVERS\jswpslwfx.sys
14:09:51.0495 8372  JSWPSLWF - ok
14:09:51.0514 8372  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:09:51.0516 8372  kbdclass - ok
14:09:51.0527 8372  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:09:51.0529 8372  kbdhid - ok
14:09:51.0539 8372  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
14:09:51.0541 8372  KeyIso - ok
14:09:51.0566 8372  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:09:51.0568 8372  KSecDD - ok
14:09:51.0604 8372  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:09:51.0607 8372  KSecPkg - ok
14:09:51.0625 8372  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:09:51.0627 8372  ksthunk - ok
14:09:51.0705 8372  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:09:51.0711 8372  KtmRm - ok
14:09:51.0763 8372  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:09:51.0768 8372  LanmanServer - ok
14:09:51.0799 8372  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:09:51.0804 8372  LanmanWorkstation - ok
14:09:51.0873 8372  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:09:51.0874 8372  lltdio - ok
14:09:51.0889 8372  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:09:51.0894 8372  lltdsvc - ok
14:09:51.0909 8372  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:09:51.0911 8372  lmhosts - ok
14:09:51.0933 8372  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:09:51.0935 8372  LSI_FC - ok
14:09:51.0947 8372  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:09:51.0949 8372  LSI_SAS - ok
14:09:51.0964 8372  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:09:51.0965 8372  LSI_SAS2 - ok
14:09:51.0982 8372  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:09:51.0984 8372  LSI_SCSI - ok
14:09:51.0997 8372  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
14:09:51.0998 8372  luafv - ok
14:09:52.0027 8372  [ BEB897CE49F7C991845D3AEA0D298E53 ] Lycosa          C:\Windows\system32\drivers\Lycosa.sys
14:09:52.0029 8372  Lycosa - ok
14:09:52.0051 8372  massfilter - ok
14:09:52.0055 8372  massfilter_hs - ok
14:09:52.0097 8372  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:09:52.0099 8372  Mcx2Svc - ok
14:09:52.0111 8372  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:09:52.0112 8372  megasas - ok
14:09:52.0128 8372  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:09:52.0132 8372  MegaSR - ok
14:09:52.0145 8372  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
14:09:52.0148 8372  MMCSS - ok
14:09:52.0156 8372  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
14:09:52.0157 8372  Modem - ok
14:09:52.0184 8372  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:09:52.0185 8372  monitor - ok
14:09:52.0328 8372  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:09:52.0340 8372  mouclass - ok
14:09:52.0398 8372  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:09:52.0426 8372  mouhid - ok
14:09:52.0592 8372  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:09:52.0610 8372  mountmgr - ok
14:09:52.0876 8372  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:09:52.0880 8372  MpFilter - ok
14:09:52.0942 8372  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:09:52.0945 8372  mpio - ok
14:09:52.0998 8372  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:09:53.0006 8372  mpsdrv - ok
14:09:53.0210 8372  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:09:53.0226 8372  MpsSvc - ok
14:09:53.0290 8372  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:09:53.0308 8372  MRxDAV - ok
14:09:53.0352 8372  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:09:53.0355 8372  mrxsmb - ok
14:09:53.0433 8372  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:09:53.0447 8372  mrxsmb10 - ok
14:09:53.0467 8372  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:09:53.0469 8372  mrxsmb20 - ok
14:09:53.0494 8372  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:09:53.0495 8372  msahci - ok
14:09:53.0513 8372  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:09:53.0515 8372  msdsm - ok
14:09:53.0536 8372  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
14:09:53.0540 8372  MSDTC - ok
14:09:53.0554 8372  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:09:53.0555 8372  Msfs - ok
14:09:53.0571 8372  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:09:53.0572 8372  mshidkmdf - ok
14:09:53.0576 8372  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:09:53.0577 8372  msisadrv - ok
14:09:53.0628 8372  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:09:53.0650 8372  MSiSCSI - ok
14:09:53.0653 8372  msiserver - ok
14:09:53.0701 8372  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:09:53.0721 8372  MSKSSRV - ok
14:09:53.0959 8372  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:09:53.0960 8372  MsMpSvc - ok
14:09:53.0997 8372  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:09:53.0998 8372  MSPCLOCK - ok
14:09:54.0001 8372  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:09:54.0003 8372  MSPQM - ok
14:09:54.0027 8372  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:09:54.0032 8372  MsRPC - ok
14:09:54.0093 8372  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:09:54.0093 8372  mssmbios - ok
14:09:54.0117 8372  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:09:54.0129 8372  MSTEE - ok
14:09:54.0152 8372  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:09:54.0163 8372  MTConfig - ok
14:09:54.0219 8372  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:09:54.0222 8372  Mup - ok
14:09:54.0363 8372  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
14:09:54.0397 8372  napagent - ok
14:09:54.0663 8372  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:09:54.0702 8372  NativeWifiP - ok
14:09:55.0092 8372  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:09:55.0101 8372  NDIS - ok
14:09:55.0130 8372  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:09:55.0131 8372  NdisCap - ok
14:09:55.0151 8372  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:09:55.0153 8372  NdisTapi - ok
14:09:55.0176 8372  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:09:55.0178 8372  Ndisuio - ok
14:09:55.0192 8372  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:09:55.0195 8372  NdisWan - ok
14:09:55.0210 8372  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:09:55.0211 8372  NDProxy - ok
14:09:55.0247 8372  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:09:55.0274 8372  Net Driver HPZ12 - ok
14:09:55.0278 8372  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:09:55.0280 8372  NetBIOS - ok
14:09:55.0300 8372  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:09:55.0304 8372  NetBT - ok
14:09:55.0314 8372  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
14:09:55.0316 8372  Netlogon - ok
14:09:55.0374 8372  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
14:09:55.0380 8372  Netman - ok
14:09:55.0454 8372  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0466 8372  NetMsmqActivator - ok
14:09:55.0470 8372  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0472 8372  NetPipeActivator - ok
14:09:55.0494 8372  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
14:09:55.0500 8372  netprofm - ok
14:09:55.0505 8372  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0506 8372  NetTcpActivator - ok
14:09:55.0510 8372  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:09:55.0511 8372  NetTcpPortSharing - ok
14:09:55.0528 8372  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:09:55.0530 8372  nfrd960 - ok
14:09:55.0602 8372  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:09:55.0604 8372  NisDrv - ok
14:09:55.0641 8372  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:09:55.0644 8372  NisSrv - ok
14:09:55.0712 8372  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:09:55.0744 8372  NlaSvc - ok
14:09:55.0753 8372  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:09:55.0773 8372  Npfs - ok
14:09:55.0819 8372  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
14:09:55.0831 8372  nsi - ok
14:09:55.0917 8372  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:09:55.0938 8372  nsiproxy - ok
14:09:56.0010 8372  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:09:56.0026 8372  Ntfs - ok
14:09:56.0037 8372  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
14:09:56.0038 8372  Null - ok
14:09:56.0060 8372  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:09:56.0063 8372  nvraid - ok
14:09:56.0090 8372  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:09:56.0093 8372  nvstor - ok
14:09:56.0140 8372  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:09:56.0142 8372  nv_agp - ok
14:09:56.0152 8372  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:09:56.0154 8372  ohci1394 - ok
14:09:56.0219 8372  [ B9C125314A025127FE562C116D614AA3 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:09:56.0222 8372  ose64 - ok
14:09:56.0378 8372  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:09:56.0423 8372  osppsvc - ok
14:09:56.0445 8372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:09:56.0450 8372  p2pimsvc - ok
14:09:56.0466 8372  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:09:56.0473 8372  p2psvc - ok
14:09:56.0581 8372  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:09:56.0583 8372  Parport - ok
14:09:56.0604 8372  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:09:56.0606 8372  partmgr - ok
14:09:56.0618 8372  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:09:56.0623 8372  PcaSvc - ok
14:09:56.0638 8372  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
14:09:56.0641 8372  pci - ok
14:09:56.0660 8372  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
14:09:56.0662 8372  pciide - ok
14:09:56.0690 8372  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:09:56.0693 8372  pcmcia - ok
14:09:56.0697 8372  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:09:56.0699 8372  pcw - ok
14:09:56.0747 8372  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:09:56.0753 8372  PEAUTH - ok
14:09:56.0782 8372  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:09:56.0796 8372  PeerDistSvc - ok
14:09:56.0870 8372  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:09:56.0872 8372  PerfHost - ok
14:09:56.0914 8372  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
14:09:56.0931 8372  pla - ok
14:09:57.0106 8372  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:09:57.0133 8372  PlugPlay - ok
14:09:57.0227 8372  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:09:57.0235 8372  Pml Driver HPZ12 - ok
14:09:57.0248 8372  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:09:57.0255 8372  PNRPAutoReg - ok
14:09:57.0290 8372  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:09:57.0294 8372  PNRPsvc - ok
14:09:57.0364 8372  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:09:57.0372 8372  PolicyAgent - ok
14:09:57.0394 8372  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
14:09:57.0400 8372  Power - ok
14:09:57.0468 8372  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:09:57.0470 8372  PptpMiniport - ok
14:09:57.0527 8372  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:09:57.0529 8372  Processor - ok
14:09:57.0655 8372  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:09:57.0661 8372  ProfSvc - ok
14:09:57.0677 8372  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:09:57.0680 8372  ProtectedStorage - ok
14:09:57.0706 8372  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:09:57.0708 8372  Psched - ok
14:09:57.0745 8372  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:09:57.0759 8372  ql2300 - ok
14:09:57.0773 8372  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:09:57.0776 8372  ql40xx - ok
14:09:57.0797 8372  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
14:09:57.0802 8372  QWAVE - ok
14:09:57.0809 8372  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:09:57.0810 8372  QWAVEdrv - ok
14:09:57.0867 8372  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
14:09:57.0870 8372  RapiMgr - ok
14:09:57.0886 8372  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:09:57.0888 8372  RasAcd - ok
14:09:57.0952 8372  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:09:57.0954 8372  RasAgileVpn - ok
14:09:57.0970 8372  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
14:09:57.0974 8372  RasAuto - ok
14:09:57.0990 8372  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:09:57.0993 8372  Rasl2tp - ok
14:09:58.0017 8372  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
14:09:58.0024 8372  RasMan - ok
14:09:58.0030 8372  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:09:58.0032 8372  RasPppoe - ok
14:09:58.0057 8372  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:09:58.0060 8372  RasSstp - ok
14:09:58.0081 8372  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:09:58.0085 8372  rdbss - ok
14:09:58.0090 8372  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:09:58.0092 8372  rdpbus - ok
14:09:58.0103 8372  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:09:58.0105 8372  RDPCDD - ok
14:09:58.0132 8372  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:09:58.0135 8372  RDPDR - ok
14:09:58.0152 8372  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:09:58.0153 8372  RDPENCDD - ok
14:09:58.0160 8372  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:09:58.0162 8372  RDPREFMP - ok
14:09:58.0185 8372  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:09:58.0189 8372  RDPWD - ok
14:09:58.0208 8372  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:09:58.0212 8372  rdyboost - ok
14:09:58.0244 8372  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:09:58.0248 8372  RemoteAccess - ok
14:09:58.0275 8372  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:09:58.0280 8372  RemoteRegistry - ok
14:09:58.0316 8372  [ AD42432D22940B4215177BE113E4919C ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:09:58.0318 8372  RimUsb - ok
14:09:58.0356 8372  [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:09:58.0359 8372  RimVSerPort - ok
14:09:58.0373 8372  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
14:09:58.0375 8372  ROOTMODEM - ok
14:09:58.0398 8372  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:09:58.0402 8372  RpcEptMapper - ok
14:09:58.0409 8372  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
14:09:58.0412 8372  RpcLocator - ok
14:09:58.0441 8372  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
14:09:58.0448 8372  RpcSs - ok
14:09:58.0505 8372  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:09:58.0508 8372  rspndr - ok
14:09:58.0519 8372  RTHDMIAzAudService - ok
14:09:58.0604 8372  [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:09:58.0646 8372  RTL8167 - ok
14:09:58.0726 8372  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:09:58.0742 8372  s3cap - ok
14:09:58.0765 8372  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
14:09:58.0767 8372  SamSs - ok
14:09:58.0815 8372  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:09:58.0832 8372  sbp2port - ok
14:09:58.0903 8372  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:09:58.0926 8372  SCardSvr - ok
14:09:58.0979 8372  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:09:58.0986 8372  scfilter - ok
14:09:59.0040 8372  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
14:09:59.0053 8372  Schedule - ok
14:09:59.0087 8372  [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP        C:\Windows\system32\DRIVERS\scmndisp.sys
14:09:59.0095 8372  SCMNdisP - ok
14:09:59.0114 8372  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:09:59.0116 8372  SCPolicySvc - ok
14:09:59.0125 8372  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:09:59.0129 8372  SDRSVC - ok
14:09:59.0348 8372  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
14:09:59.0361 8372  SDScannerService - ok
14:09:59.0425 8372  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:09:59.0440 8372  SDUpdateService - ok
14:09:59.0465 8372  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:09:59.0468 8372  SDWSCService - ok
14:09:59.0500 8372  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:09:59.0502 8372  secdrv - ok
14:09:59.0530 8372  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
14:09:59.0538 8372  seclogon - ok
14:09:59.0562 8372  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
14:09:59.0567 8372  SENS - ok
14:09:59.0580 8372  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:09:59.0588 8372  SensrSvc - ok
14:09:59.0618 8372  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:09:59.0620 8372  Serenum - ok
14:09:59.0631 8372  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:09:59.0633 8372  Serial - ok
14:09:59.0666 8372  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:09:59.0668 8372  sermouse - ok
14:09:59.0704 8372  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:09:59.0708 8372  SessionEnv - ok
14:09:59.0752 8372  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:09:59.0753 8372  sffdisk - ok
14:09:59.0764 8372  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:09:59.0766 8372  sffp_mmc - ok
14:09:59.0770 8372  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:09:59.0772 8372  sffp_sd - ok
14:09:59.0780 8372  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:09:59.0782 8372  sfloppy - ok
14:09:59.0804 8372  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:09:59.0809 8372  SharedAccess - ok
14:09:59.0837 8372  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:09:59.0843 8372  ShellHWDetection - ok
14:09:59.0853 8372  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:09:59.0854 8372  SiSRaid2 - ok
14:09:59.0862 8372  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:09:59.0864 8372  SiSRaid4 - ok
14:09:59.0920 8372  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:09:59.0923 8372  SkypeUpdate - ok
14:09:59.0951 8372  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:09:59.0959 8372  Smb - ok
14:10:00.0054 8372  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:10:00.0057 8372  SNMPTRAP - ok
14:10:00.0082 8372  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:10:00.0196 8372  spldr - ok
14:10:00.0341 8372  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
14:10:00.0376 8372  Spooler - ok
14:10:00.0571 8372  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
14:10:00.0639 8372  sppsvc - ok
14:10:00.0755 8372  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:10:00.0823 8372  sppuinotify - ok
14:10:01.0033 8372  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:10:01.0076 8372  srv - ok
14:10:01.0130 8372  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:10:01.0150 8372  srv2 - ok
14:10:01.0160 8372  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:10:01.0166 8372  srvnet - ok
14:10:01.0338 8372  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:10:01.0394 8372  SSDPSRV - ok
14:10:01.0569 8372  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
14:10:01.0601 8372  SSPORT - ok
14:10:01.0622 8372  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:10:01.0632 8372  SstpSvc - ok
14:10:01.0677 8372  Steam Client Service - ok
14:10:01.0728 8372  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:10:01.0730 8372  stexstor - ok
14:10:01.0766 8372  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
14:10:01.0767 8372  StillCam - ok
14:10:01.0805 8372  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
14:10:01.0816 8372  stisvc - ok
14:10:01.0833 8372  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:10:01.0835 8372  storflt - ok
14:10:01.0853 8372  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
14:10:01.0858 8372  StorSvc - ok
14:10:01.0882 8372  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:10:01.0884 8372  storvsc - ok
14:10:01.0898 8372  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:10:01.0900 8372  swenum - ok
14:10:01.0918 8372  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
14:10:01.0928 8372  swprv - ok
14:10:02.0027 8372  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
14:10:02.0049 8372  SysMain - ok
14:10:02.0157 8372  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:10:02.0190 8372  TabletInputService - ok
14:10:02.0323 8372  [ B70DF208E97536CA9F29289E609F5B16 ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
14:10:02.0384 8372  taphss - ok
14:10:02.0565 8372  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:10:02.0587 8372  TapiSrv - ok
14:10:02.0617 8372  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
14:10:02.0624 8372  TBS - ok
14:10:02.0686 8372  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:10:02.0705 8372  Tcpip - ok
14:10:02.0727 8372  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:10:02.0736 8372  TCPIP6 - ok
14:10:02.0768 8372  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:10:02.0770 8372  tcpipreg - ok
14:10:02.0828 8372  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:10:02.0830 8372  TDPIPE - ok
14:10:02.0858 8372  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:10:02.0860 8372  TDTCP - ok
14:10:02.0898 8372  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:10:02.0900 8372  tdx - ok
14:10:02.0960 8372  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:10:02.0962 8372  TermDD - ok
14:10:03.0077 8372  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
14:10:03.0086 8372  TermService - ok
14:10:03.0101 8372  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
14:10:03.0105 8372  Themes - ok
14:10:03.0126 8372  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
14:10:03.0128 8372  THREADORDER - ok
14:10:03.0162 8372  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
14:10:03.0166 8372  TrkWks - ok
14:10:03.0212 8372  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:10:03.0214 8372  TrustedInstaller - ok
14:10:03.0284 8372  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:10:03.0286 8372  tssecsrv - ok
14:10:03.0314 8372  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:10:03.0316 8372  TsUsbFlt - ok
14:10:03.0402 8372  [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
14:10:03.0428 8372  TuneUp.UtilitiesSvc - ok
14:10:03.0452 8372  [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
14:10:03.0453 8372  TuneUpUtilitiesDrv - ok
14:10:03.0487 8372  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:10:03.0489 8372  tunnel - ok
14:10:03.0571 8372  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:10:03.0573 8372  uagp35 - ok
14:10:03.0644 8372  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:10:03.0655 8372  udfs - ok
14:10:03.0677 8372  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:10:03.0684 8372  UI0Detect - ok
14:10:03.0716 8372  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:10:03.0718 8372  uliagpkx - ok
14:10:03.0775 8372  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:10:03.0777 8372  umbus - ok
14:10:03.0791 8372  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:10:03.0793 8372  UmPass - ok
14:10:03.0834 8372  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
14:10:03.0845 8372  UmRdpService - ok
14:10:03.0861 8372  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
14:10:03.0869 8372  upnphost - ok
14:10:03.0896 8372  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:10:03.0899 8372  USBAAPL64 - ok
14:10:03.0920 8372  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:10:03.0932 8372  usbccgp - ok
14:10:03.0947 8372  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:10:03.0950 8372  usbcir - ok
14:10:03.0963 8372  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:10:03.0965 8372  usbehci - ok
14:10:03.0998 8372  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:10:04.0003 8372  usbhub - ok
14:10:04.0015 8372  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:10:04.0017 8372  usbohci - ok
14:10:04.0033 8372  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:10:04.0035 8372  usbprint - ok
14:10:04.0052 8372  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:10:04.0054 8372  usbscan - ok
14:10:04.0084 8372  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:10:04.0086 8372  USBSTOR - ok
14:10:04.0118 8372  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:10:04.0119 8372  usbuhci - ok
14:10:04.0144 8372  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\drivers\usb8023x.sys
14:10:04.0146 8372  usb_rndisx - ok
14:10:04.0180 8372  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
14:10:04.0185 8372  UxSms - ok
14:10:04.0195 8372  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
14:10:04.0198 8372  VaultSvc - ok
14:10:04.0230 8372  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
14:10:04.0232 8372  VClone - ok
14:10:04.0258 8372  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:10:04.0260 8372  vdrvroot - ok
14:10:04.0294 8372  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
14:10:04.0305 8372  vds - ok
14:10:04.0317 8372  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:10:04.0320 8372  vga - ok
14:10:04.0330 8372  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:10:04.0332 8372  VgaSave - ok
14:10:04.0350 8372  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:10:04.0378 8372  vhdmp - ok
14:10:04.0414 8372  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:10:04.0435 8372  viaide - ok
14:10:04.0459 8372  [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4 ] VKbms           C:\Windows\system32\DRIVERS\VKbms.sys
14:10:04.0461 8372  VKbms - ok
14:10:04.0467 8372  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:10:04.0471 8372  vmbus - ok
14:10:04.0484 8372  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:10:04.0486 8372  VMBusHID - ok
14:10:04.0492 8372  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:10:04.0494 8372  volmgr - ok
14:10:04.0521 8372  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:10:04.0525 8372  volmgrx - ok
14:10:04.0532 8372  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:10:04.0536 8372  volsnap - ok
14:10:04.0559 8372  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:10:04.0561 8372  vsmraid - ok
14:10:04.0616 8372  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
14:10:04.0637 8372  VSS - ok
14:10:04.0652 8372  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
14:10:04.0654 8372  vwifibus - ok
14:10:04.0672 8372  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:10:04.0674 8372  vwififlt - ok
14:10:04.0686 8372  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:10:04.0688 8372  vwifimp - ok
14:10:04.0750 8372  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
14:10:04.0756 8372  W32Time - ok
14:10:04.0770 8372  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:10:04.0772 8372  WacomPen - ok
14:10:04.0788 8372  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:10:04.0790 8372  WANARP - ok
14:10:04.0793 8372  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:10:04.0795 8372  Wanarpv6 - ok
14:10:04.0846 8372  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
14:10:04.0863 8372  wbengine - ok
14:10:04.0881 8372  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:10:04.0886 8372  WbioSrvc - ok
14:10:04.0923 8372  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
14:10:04.0928 8372  WcesComm - ok
14:10:04.0977 8372  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:10:04.0985 8372  wcncsvc - ok
14:10:05.0003 8372  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:10:05.0009 8372  WcsPlugInService - ok
14:10:05.0057 8372  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:10:05.0059 8372  Wd - ok
14:10:05.0088 8372  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:10:05.0097 8372  Wdf01000 - ok
14:10:05.0114 8372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:10:05.0119 8372  WdiServiceHost - ok
14:10:05.0124 8372  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:10:05.0129 8372  WdiSystemHost - ok
14:10:05.0155 8372  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
14:10:05.0163 8372  WebClient - ok
14:10:05.0178 8372  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:10:05.0186 8372  Wecsvc - ok
14:10:05.0204 8372  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:10:05.0210 8372  wercplsupport - ok
14:10:05.0235 8372  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:10:05.0241 8372  WerSvc - ok
14:10:05.0293 8372  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:10:05.0294 8372  WfpLwf - ok
14:10:05.0315 8372  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:10:05.0316 8372  WIMMount - ok
14:10:05.0330 8372  WinDefend - ok
14:10:05.0338 8372  WinHttpAutoProxySvc - ok
14:10:05.0375 8372  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:10:05.0378 8372  Winmgmt - ok
14:10:05.0427 8372  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
14:10:05.0455 8372  WinRM - ok
14:10:05.0495 8372  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.SYS
14:10:05.0496 8372  WinUsb - ok
14:10:05.0548 8372  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:10:05.0561 8372  Wlansvc - ok
14:10:05.0587 8372  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:10:05.0589 8372  WmiAcpi - ok
14:10:05.0640 8372  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:10:05.0643 8372  wmiApSrv - ok
14:10:05.0669 8372  WMPNetworkSvc - ok
14:10:05.0711 8372  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:10:05.0719 8372  WPCSvc - ok
14:10:05.0742 8372  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:10:05.0751 8372  WPDBusEnum - ok
14:10:05.0767 8372  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:10:05.0768 8372  ws2ifsl - ok
14:10:05.0790 8372  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
14:10:05.0794 8372  wscsvc - ok
14:10:05.0860 8372  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:10:05.0862 8372  WSDPrintDevice - ok
14:10:05.0866 8372  WSearch - ok
14:10:05.0933 8372  [ 3E366F57CBB540C965BAB1F2BE6D7998 ] WSWNA1100       C:\ProgrammeLuki\WNA\WifiSvc.exe
14:10:05.0936 8372  WSWNA1100 - ok
14:10:05.0999 8372  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:10:06.0030 8372  wuauserv - ok
14:10:06.0064 8372  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:10:06.0067 8372  WudfPf - ok
14:10:06.0113 8372  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:10:06.0117 8372  WUDFRd - ok
14:10:06.0138 8372  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:10:06.0144 8372  wudfsvc - ok
14:10:06.0183 8372  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:10:06.0191 8372  WwanSvc - ok
14:10:06.0206 8372  ZTEusbmdm6k - ok
14:10:06.0225 8372  ZTEusbnmea - ok
14:10:06.0231 8372  ZTEusbser6k - ok
14:10:06.0255 8372  ================ Scan global ===============================
14:10:06.0271 8372  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:10:06.0293 8372  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0325 8372  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:10:06.0355 8372  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:10:06.0370 8372  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:10:06.0375 8372  [Global] - ok
14:10:06.0376 8372  ================ Scan MBR ==================================
14:10:06.0384 8372  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:10:06.0556 8372  \Device\Harddisk0\DR0 - ok
14:10:06.0557 8372  ================ Scan VBR ==================================
14:10:06.0559 8372  [ E76E11EDAACA7A4E87A32E29DB39DBAA ] \Device\Harddisk0\DR0\Partition1
14:10:06.0561 8372  \Device\Harddisk0\DR0\Partition1 - ok
14:10:06.0573 8372  [ BA7F3D314F97567F524D556EB1B08484 ] \Device\Harddisk0\DR0\Partition2
14:10:06.0575 8372  \Device\Harddisk0\DR0\Partition2 - ok
14:10:06.0575 8372  ============================================================
14:10:06.0575 8372  Scan finished
14:10:06.0575 8372  ============================================================
14:10:06.0586 8364  Detected object count: 0
14:10:06.0586 8364  Actual detected object count: 0
14:11:07.0906 8276  Deinitialize success
         
gruß


Alt 14.02.2013, 13:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Wieso denn adwCleaner, den hatte ich doch garnicht angewiesen
__________________
--> Feed.Helperbar Redirect Suchmaschine

Alt 14.02.2013, 17:46   #7
luckyluked
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 18:43:18
-----------------------------
18:43:18.081    OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:18.081    Number of processors: 2 586 0x170A
18:43:18.081    ComputerName: MUSTERMANN  UserName: Mustermann
18:43:19.141    Initialize success
18:43:24.711    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:43:24.711    Disk 0 Vendor: SAMSUNG_HD322HJ 1AC01113 Size: 305244MB BusType: 3
18:43:24.711    Disk 0 MBR read successfully
18:43:24.726    Disk 0 MBR scan
18:43:24.726    Disk 0 Windows 7 default MBR code
18:43:24.726    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:43:24.726    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305142 MB offset 206848
18:43:24.757    Disk 0 scanning C:\Windows\system32\drivers
18:43:30.935    Service scanning
18:43:43.212    Modules scanning
18:43:43.212    Disk 0 trace - called modules:
18:43:43.228    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys 
18:43:43.228    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048c6060]
18:43:43.228    3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8003958d20]
18:43:43.243    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80039e0060]
18:43:43.243    Scan finished successfully
18:44:01.417    Disk 0 MBR has been saved successfully to "C:\Users\lsdsm\Desktop\MBR.dat"
18:44:01.417    The log file has been saved successfully to "C:\Users\lsdsm\Desktop\aswMBR.txt"
         
Entschuldigung, ich hab schon soviele Logfiles.. war das falsche.

Alt 15.02.2013, 09:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Feed.Helperbar Redirect Suchmaschine - Standard

Feed.Helperbar Redirect Suchmaschine



Ok, anscheinend nichts tieferes drin, ein letzter Check

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Feed.Helperbar Redirect Suchmaschine
7-zip, adblock, antivirus, battle.net, bho, bonjour, browser, error, excel, firefox, flash player, google, install.exe, netgear, object, officejet, realtek, refresh, registry, rundll, safer networking, scan, security, server, software, suchmaschine, svchost.exe, system, teamspeak, trojan, updates, windows



Ähnliche Themen: Feed.Helperbar Redirect Suchmaschine


  1. feed.safefinder.com entfernen und System auf Viren überprüfen
    Log-Analyse und Auswertung - 20.09.2014 (12)
  2. sm.de Suchmaschine
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (16)
  3. Windows 8 - Web Browser wird umgeleitet auf http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&
    Log-Analyse und Auswertung - 09.05.2014 (7)
  4. WIN 8 feed.helperbar.com wird ständig aufgerufen
    Log-Analyse und Auswertung - 03.05.2014 (9)
  5. www.feed.plusnetwork.com ändert die websiten startseite immer um -.-*
    Plagegeister aller Art und deren Bekämpfung - 02.04.2014 (24)
  6. Hijacker SuchMaschine
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (3)
  7. http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2baf921b-53df-f097-697f-d2eed28fec4b&searchtype=hp&fr=linkury-tb&inst
    Log-Analyse und Auswertung - 14.02.2014 (13)
  8. Microsoft Security Essentials meldet Fund: C:\Users\Eric\AppData\Local\lollipop\ und Browser zeigt: feed.helperbar.com
    Log-Analyse und Auswertung - 09.02.2014 (7)
  9. Trojaner yelp helperbar
    Log-Analyse und Auswertung - 24.01.2014 (9)
  10. QV06 Suchmaschine
    Log-Analyse und Auswertung - 04.10.2013 (5)
  11. wisersearch - Suchmaschine
    Log-Analyse und Auswertung - 21.09.2013 (9)
  12. redirecting auf yahoo Seite, wie bekomme ich die feed.helperbar los?
    Log-Analyse und Auswertung - 28.07.2013 (11)
  13. vlc.de nun mit SuchMaschine.de-Startseite
    Plagegeister aller Art und deren Bekämpfung - 13.05.2013 (5)
  14. the feed yard.com i brauch eure HILFE
    Plagegeister aller Art und deren Bekämpfung - 18.10.2009 (4)
  15. RSS-Feed erstellen
    Alles rund um Windows - 21.09.2009 (1)

Zum Thema Feed.Helperbar Redirect Suchmaschine - Guten Tag, vor kurzem ist mir aufgefallen, das mein Browser mich auf eine Yahoosuchseite umleitet, habe leider die konkrete URL nicht mehr da ich das redirecting schon behoben habe. Trotzdem - Feed.Helperbar Redirect Suchmaschine...
Archiv
Du betrachtest: Feed.Helperbar Redirect Suchmaschine auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.